Dealer-Centric VCDPA Compliance Software


An affordable and simple compliance software for the Virginia Consumer Data Protection Act (VCDPA) that caters to the unique needs of dealerships.

The all-in-one privacy compliance solution for Virginia dealers.

Peace of Mind + Compliance Guarantee

Peace of mind for an annual cost that is less than the penalty for just one single VCDPA violation. How’s that for a value proposition? Plus, under our Compliance Guarantee, we'll pay any fines or penalties assessed against your dealership by the State.

Exactly what you need and nothing more.

Achieve Total VCDPA Compliance in Days

Contains everything you need to ensure you're fully compliant with the VCDPA. No unnecessary features, complex workflows or headaches. Just the necessary components to get you compliant in no time.


If your dealership has shopped the VCDPA software marketplace, you've probably been quoted with some outlandishly high prices and setup fees. We offer a transparent, one-price model that makes our software affordable for dealers of all sizes.


You shouldn't have to hire a full-time employee to administer your VCDPA software. Our system allows you to achieve total compliance in a matter of days, and with automated consumer request fulfillment, it makes it incredibly easy to keep it that way.


Unfortunately, the majority of software products are missing critical VCDPA compliance components. Our system was built by experts who specialize in dealership law and compliance, and who know the VCDPA statutes inside and out.

Why Choose Us?

Compliant Cookie Banner

Most out-of-the-box cookie banners provided by website providers are non-compliant and cause more harm than good. Our banner actually blocks third-party advertising cookies, records consent, and respects global privacy controls (GPCs) in accordance with the VCDPA.
Why Choose Us?

Intelligent Data Mapping

A proper data inventory can take months, but we've done all the hard work for you. Our data inventory tool uses dealership-specific templates to add the most common vendor types and associated categories of personal information, and then automatically maps that information so consumer requests can be fulfilled automatically with minimal human intervention.
Why Choose Us?

Automated Consumer Requests

Our systems lets you deploy a VCDPA consumer request portal in minutes. Whether it's an access, correction, data portability, deletion, or opt-out request, we help automate the entire fulfillment process so you can keep the focus on selling cars.
Why Choose Us?

Verification & Encryption

Not only does our system verify the identity of the consumers making VCDPA requests, but it also offers a secure and encrypted method of providing consumers with their data. Our system helps ensure that you don't inadvertently expose your dealer to data breach liability by allowing sensitive customer information to fall into the wrong hands.
Why Choose Us?

Vendor Management

ComplyAuto automates the complex process of determining whether a vendor is a “processor” or “third party” under the VCDPA and enables the dealer to print and send required VCDPA agreements. Finally, the dealer can track which vendors have signed required VCDPA contracts in an easy-to-use dashboard.
Why Choose Us?

Easily Build Required Notices

Don't know where to start with drafting your VCDPA privacy policy? Never want to worry about updating your online privacy policy again? No problem! Our system allows you to build the required notices and policies in minutes. Even better, it's synced in real time with our software and always gets updated with the latest regulations.
Why Choose Us?

Employee Training

Our system allows you to enroll your employees in a short but effective training course that is tailored to dealership operations, and everything is tracked so you can easily demonstrate compliance to regulators.

Frequently Asked Questions

We've compiled a list of answers to common questions.

Probably not. Website providers aren’t legal or compliance experts and normally don’t provide the technology necessary to automate complex legal notices, 3rd-party cookie blocking, responding to global privacy controls (GPCs), or required identity verification. Your website provider is also unlikely to provide you with any sort of vendor management or employee training tool. Finally, most out-of-the box privacy policy templates are either non-compliant or too generic to be accurate for your dealership’s unique collection practices.

Probably not. While some privacy laws like the CPA and VDCPA have exemptions for “financial institutions” under the Gramm-Leach-Bliley Act (GLBA), dealers act outside the scope of a financial institution under the GLBA by conducting cash transactions, servicing vehicles, operating collision centers, renting vehicles, and online advertising. Relying on a GLBA exemption is risky at best and certainly not a best practice.

No. We are an automation and technology software that offers a full suite of advanced tools to help you comply with the technical aspects of your state’s privacy laws. We don’t just simply audit your policies or provide compliance consulting (though we do that too!)

Yes. We have our tools successfully installed on every major dealership website provider, including, DealerFire, DealerInspire, DealerOn, FoxDealer, Jazel, Sincro, and many more. 

Around 2 weeks. In the first week, we schedule one or two implementation calls where we talk you through setting up the software. The next week is spent working with your website provider to install our tools. Then you’re live!

Don’t worry, privacy compliance won’t turn into your full-time job. Even large dealership groups usually spend less than 30 minutes per week in our software, and most of that time is spent processing consumer privacy requests. Further, our software is so foolproof and easy to use that you can get away with assigning the responsibility to pretty much any employee in the dealership. 

Don't wait for trouble. Get compliant now.

Mock OSHA Assessment


  • On-demand eight-hour assessment that imitates a real OSHA audit.
  • Conducted by an EHS Pro with OSHA-10 or OSHA-30 certification and 5+ years of experience. 
  • Simulated employee interviews
  • Issue tracking and task management
  • Detailed assessment reports after the assessment with images, videos, and recommended steps for remediation.

    Privacy & Cyber Compliance Suite


    • Custom legal policies with real-time updates, including the Information Security Program (ISP)
    • Customized Incident Response Plan (IRP)
    • Internal risk assessment tools and hands-on guidance
    • Biannual penetration testing (2) 
    • Biannual vulnerability scans (2)
    • Employee security awareness training and completion tracking
    • Extensive vendor management library – hundreds of vendor-completed GLBA contracts & risk assessments
    • Device & systems inventory automation and mapping tools
    • Unlimited industry-specific internal phishing simulations to train staff
    • Complete 50-state privacy compliance required by your state (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, VA)
    • Website cookie consent banners and unique consumer privacy request portals
    • Annual report to the Board of Directors generated every year
    • Compliance Guarantee

      CPR/AED Certification


      • Instruction provided by Certified American Red Cross Instructors.
      • Practical, hands-on training sessions to practice CPR and AED techniques
      • Proper automated external defibrillator (AEDs) instruction and operation
      • American Red Cross exam and certification
      • Access to study materials, manuals, and resources for continued education and reference.
      • Available for organizations and groups, allowing for tailored training sessions.

      HR Fundamentals


      • Customized policy builder with real-time updates
      • E-sign functionality for required employee policies 
      • Online HR training with employee completion tracking
      • State-specific policies and training
      • Employee management tool
      • Training and policies include Workplace Violence, Active Shooter, IT and Electronic Device Use, Biometric Data Privacy, Sexual Harassment, and more 
      • HR Fundamentals access is included with any other ComplyAuto product

        Encrypted Messaging


        • Encrypt SMS text and email messaging among staff, clients, and customers when sending and receiving files
        • Track usage and detect violations in real-time
        • Advanced security features include auto-deletion of files, Multi-Factor Authentication protection, IP safelisting, and domain blocklisting
        • Supports compliance with various state and federal regulations and recognized industry standards: GLBA, HIPAA, SOC 2, ISO 27001, NIST, CIS Controls, SEC

          Safety Compliance Suite


          • Concierge on-site onboarding 
          • On-demand safety walkthroughs conducted by experienced EHS Pros at various intervals – once, twice, or four times per year
          • Comprehensive Online Training Library and employee progress tracking
          • Automated 50-State Legal Injury & Illness Reporting
          • Policy Builders with Automatic Updates
          • Simplified SDS Creation and Management
          • Guided risk mitigation
          • Signage builder & tracking
          • Efficient equipment inspections with QR Codes
          • Tier 1 Spill Prevention Control and Countermeasure Plan 
          • Automated Tier 2 environmental reporting for all 50 states 
          • Unlimited one-on-one support from our dedicated team
          • Workplace Violence and Active Shooter Policy and Training
          • Unlimited one-on-one support from our dedicated team
          • Automated Tier II environmental reporting for all 50 states.

            EduTech Course 3

            Program to Fulfill AG Disciplinary Order - $299/student

            The California AG routinely penalizes facilities that violate these laws and requires them to perform specific remedies while on probation. One of these remedies requires the ARD to take a course that outlines the laws and regulations of the Automotive Repair Act. This program fulfills the requirement.


            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            EduTech Course 2

            Program to Fulfill BAR Remedial Training - $299/student

            As part of their authority to levy fines and corrective actions against repair facilities, the Bureau of Automotive Repair may direct them to take a remedial training program. This program is intended for facilities who have already been identified by the BAR as needing corrective action and have committed to taking a remedial training course in lieu of specific penalties.The California Attorney General (AG) has required violating automotive repair dealers to take a course that instructs students on the laws and regulations of the Automotive Repair Act as part of the disciplinary order.


            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            • Automated notification to the Bureau of Automotive Repair


            EduTech Course 1

            Automotive Repair Act Certification Training - $49/month per rooftop

            Provide advisors and technicians with the knowledge and tools necessary to comply with California laws and regulations and be viewed favorably by the Bureau of Automotive Repair.


            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            F&I Compliance Suite

              • Precise Deal Jacket Audits to identify and address real-world F&I compliance issues accurately.
              • Focused Compliance on specific F&I compliance concerns such as Fair Lending Compliance Solutions, California Litigation, Vehicle Safety Recalls, Used Vehicle History, FTC Buyers Guide & Federal Warranty Disclosures, 
              • Automated EZ Cash Reporting & Anti-Money Laundering with IRS Reporting 
              • Spot Delivery & Unwind Management
              • Real-Time Issue Identification Quickly detect compliance gaps and issues, enabling swift corrective action and risk mitigation.
              • Online F&I Compliance Training 
              • Compliance Guarantee

                Device & Email Security


                The combined features create a dynamic defense system that adapts to evolving cybersecurity threats and secures the organization's digital ecosystem.

                • Continuous threat detection and response powered by Coro:
                  • EDR (Endpoint Detection and Response) 
                  • MDR (Managed Detection and Response) 
                  • 24/7 Security Operations Center team
                  • Swift response and alert to potential security breaches
                • Enhanced authentication and access control via Multi-factor Authentication (MFA) powered by Duo Security™
                • Advanced email security to shield e-threats such as phishing, malware, spam, and scams – integrates with Google Workspace & Microsoft Office 365.
                • Data governance and Data Loss Prevention (DLP)  detect and manage employee data-sharing practices. 
                • Device-level encryption for Windows and macOS
                • Public & unencrypted wifi blocking
                • Next-gen antivirus
                • Automated password policy and session locking enforcement