Privacy Policy
DealerHub collects the minimum data necessary to provide the service. We do not sell your data. You have the right of access, correction and deletion. We follow applicable data protection laws, including the Macedonian Personal Data Protection Act and the EU GDPR where applicable.
1. Who we are
DealerHub is a SaaS platform for car dealers, developed and operated by DealerHub Studio, a natural person resident in Skopje, Republic of North Macedonia.
For data collected via dealerhub.design — such as contact forms, demo requests, account information and support communication — the controller is DealerHub Studio.
For data that our customers enter or process through the platform in connection with their own buyers, leads and inquiries, the customer is the controller and DealerHub acts as a processor under the DPA.
We do not process or store payment card data. Online payments are made via Lemon Squeezy as Merchant of Record. We may receive limited order data such as name, email, plan, subscription status and transaction ID, required for activation, invoice records and support. Lemon Squeezy's privacy policy is available at lemonsqueezy.com/privacy.
Privacy contact:
privacy@dealerhub.design
Response: within 30 days
2. What data we collect
2.1 Data you provide directly
- When you request a demo: name, email, phone number, company name, messages.
- When you register as a customer: company name, contact persons, address (for invoicing if necessary).
- Support: content of email / chat communication, screenshots you send.
- Order / subscription data: name, email, plan, subscription status and transaction ID — received from Lemon Squeezy for activation and support. Card data is entered directly into Lemon Squeezy and does not pass through our infrastructure.
2.2 Data collected automatically
- Technical: IP address, browser type, operating system, referring URL.
- Usage: pages visited, time spent, clicks. See the Cookie Policy.
2.3 Data we process on behalf of our customers
When you use DealerHub as a dealer, we process the data of your buyers (inquiries, leads, vehicles) on your behalf. You are the controller; we are the processor. See the Data Processing Addendum.
3. Legal basis
| Purpose | Legal basis |
|---|---|
| Providing the service (hosting, posting) | Performance of contract |
| Responding to your questions / inquiries | Legitimate interest |
| Invoicing and accounting | Legal obligation |
| Analytics for improving the platform | Legitimate interest (aggregated) |
| Marketing email (if you consent) | Consent |
| Payment processing (Lemon Squeezy) | Performance of contract + legal obligation (tax) |
4. How we use the data
- To give you access to the platform and its features
- To process payments and issue invoices
- To respond to support inquiries
- To notify you of material changes to the service
- To detect and prevent fraud or abuse
- To meet legal obligations (accounting, tax)
5. With whom we share data
We do not sell your data. We share it only with the following categories:
- Lemon Squeezy (independent controller for payment and checkout data) — online payments are processed directly at checkout. Lemon Squeezy may engage their own processors and anti-fraud services in accordance with their privacy policy at lemonsqueezy.com/privacy. From them we receive only limited order / subscription data (name, email, plan, status, transaction ID).
- Sub-processors: Hetzner (hosting, EU), Cloudflare (CDN), Cloudinary (images), Resend or Postmark (email). The full list is in the DPA.
- Meta / Facebook: when you publish content via us, that content is sent to FB / IG using your System User token. We do not share your contacts or analytics with Meta.
- Legal obligations: if compelled by a court, regulator or government authority.
All sub-processors have signed data processing agreements and GDPR-compliance commitments.
6. International transfers
Operational data (your account, leads, vehicles, images) is stored in a data center in the EU (Hetzner, Nuremberg, Germany). There are no transfers outside the EEA without appropriate safeguards.
Payment data is processed by Lemon Squeezy (headquartered in the USA) under Standard Contractual Clauses and their certification under the EU–US Data Privacy Framework. They retain the data in accordance with their privacy policy.
7. How long we keep the data
| Type of data | Retention period |
|---|---|
| Inquiries from the site | 12 months from first contact |
| Active customer account | For as long as you are an active customer |
| Data after termination of the relationship | 90 days for export, then deletion |
| Invoices and tax documents | 10 years (legal obligation) |
| Security logs | 90 days |
| Backup archives | 30 days rotation |
8. Your rights
Under GDPR and Macedonian law you have the right to:
- Access — request a copy of the data we hold about you
- Correction — request rectification of inaccurate data
- Deletion ("right to be forgotten") — request erasure, except where we have a legal obligation to retain
- Restriction — request that processing be paused
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Lodge a complaint with the Personal Data Protection Agency of North Macedonia (AZLP)
Send your request to privacy@dealerhub.design — we respond within 30 days.
9. Security
- All sensitive personal data of customers (tokens, passwords) is encrypted in the database (AES-256-GCM)
- HTTPS/TLS 1.2+ for all communications
- Access-controlled infrastructure with SSH key-based authentication
- Daily encrypted offsite backups
- Regular security updates and monitoring
- Incident notification within 72 hours (GDPR Art. 33)
10. Changes to this policy
We may update this policy with new practices or legal changes. Any material update will be communicated to you by email or via a prominent notice on the site at least 30 days before the changes take effect.
Privacy contact
Email: privacy@dealerhub.design
Controller: DealerHub Studio, Skopje, North Macedonia
Payment controller: Lemon Squeezy (privacy@lemonsqueezy.com)
We respond within 30 business days of receipt.