We collect and receive personal information primarily through our customers and their authorized partners. Please review our privacy notice to learn more about what personal information we collect and how it is used.

Tekion does not sell or share personal information to third parties. As a service provider to our dealer partners and OEMs, we use personal information to provide our products and services to our customers (e.g., providing our dealer management system). Our commitment to not share or sell personal information from our customers is reflected in our Data Processing Addendum, which is part of our customer agreements.

Yes, we use sub-processors to provide our service. You can find the current list of our sub-processors, including their location and type of service they provide to us, here. You can also subscribe to receive email notifications of any changes to our sub-processor list on the same page.

Yes, please see our privacy notice to learn more about what privacy rights are available to individuals based on their location. You can also contact privacy@tekion.com to exercise your privacy rights.

Our customers may use our built-in functionality to exercise their customers' privacy rights. Please reach out to your Tekion solutions specialist if you need more information about how to use these features.

Tekion customers retain full control of their uploaded data and may delete it at any time during their subscription term by writing to Tekion Customer Support. The default setting in our platform is to hold data indefinitely; however, customers may configure our platform to set retention periods based on business needs.

If you decide to cancel our services, you have 30 days from the last date of service to request your data. After that period, your data will be securely overwritten or deleted from production within 90 days and from backups within 180 days of the last date of service.

Tekion hosts data on Amazon Web Services (AWS) and Microsoft Azure:

• US and Canadian customers: Data is stored on US-based servers by default

• European and UK customers: Data is stored on Irish and/or UK servers by default

For transfers between regions, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure compliance with GDPR and other applicable data protection laws. Our Data Processing Addendum includes these transfer mechanisms.

Our Legal and Privacy teams continually monitor regulatory changes and work with our product teams to proactively update our products and practices to help you comply with evolving privacy laws.

Tekion's platform is designed to support your dealership's compliance with the FTC Safeguards Rule. Key features include:

• Access Controls: Role-based permissions ensure employees access only the customer data necessary for their job functions

• Encryption: Customer data is encrypted at rest and in transit using industry-standard encryption

• Audit Logging: Comprehensive logs track access to customer financial information

• Incident Response: Our formal incident response plan includes timely notification to affected customers

While Tekion provides these technical safeguards, your dealership remains responsible for implementing a comprehensive information security program as required by the Safeguards Rule. Our tools are designed to support—not replace—your compliance obligations.

Tekion may use aggregated, anonymized data to improve our products and develop new features, including AI-powered capabilities. However:

• We do not use your identifiable customer data to train AI/ML models without your explicit consent

• Any AI features within our platform operate on your data solely to provide you with the service (e.g., predictive analytics for your dealership)

• You retain full ownership and control of your data

If you have questions about specific AI features, please contact your Tekion solutions specialist.