top of page
FTC Safeguards Rule Compliance Statement

SECURITY

FTC Safeguards Rule Compliance Statement

Vision Dealer Solutions’ Compliance Summary for FTC GLBA Safeguards Rule


The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule Update requires the implementation of safeguards to ensure the security and confidentiality of nonpublic personal information (NPI).

Dealers must comply with the Safeguards Rule and should oversee their service providers to ensure the safety of customer data. As a service provider and to support compliance with the Rule, Vision Dealer Solutions DBA (VisionMenu, Inc.) has implemented administrative, technical, and physical safeguards as a part of our comprehensive Information Technology (IT) Security Program.

Multi-Factor Authentication (MFA) – MFA is enabled for all Dealer accounts.

Below are the safeguards and controls pertaining to customer information.


Customer Information

GLBA Safeguards Rule Definition of “Customer Information” (16 C.F.R. § 314.2)“Customer Information” is defined as any nonpublic personal information collected by a Dealer about its customers.


Safeguards and Controls

As per our Software License Agreement (SLA), Vision Dealer Solutions has written contractual statements addressing compliance with all Safeguards rules pertaining to NPI. The following excerpt is from Section 9 of our SLA:

Non-Public Personal Information. Licensee acknowledges that the sharing of non-public personal information, as defined by the Gramm-Leach-Bliley Act, 16 CFR § 314 (the “Act”), poses certain notice requirements to consumers. If Licensee is subject to the Act, it must provide notice to Licensor and identify any non-public personal information that may be delivered to Licensor.Licensor acknowledges that it may aggregate and store data from Licensee’s customers. Licensor warrants that it does not disclose non-public personal information to third parties.Licensor maintains and periodically tests security programs and measures designed to protect against disclosure of non-public personal information of consumers.If Licensee shares nonpublic personal information with Licensor, Licensor agrees to:(i) keep all such information confidential in accordance with the Act and Regulation P;(ii) establish and maintain procedural safeguards to comply with the Act and Regulation P;(iii) notify Licensee in the event of any unauthorized use or disclosure;(iv) return or destroy any such information upon request; and(v) maintain and periodically test all security programs and measures to help ensure that non-public personal information remains confidential in accordance with the Act.”

Retention and Deletion of Customer Information

  • Vision Dealer Solutions will maintain Customer Information only as long as necessary to provide services to active dealers.

  • Vision Dealer Solutions will delete all Customer Information related to a dealer on the 1st day after the 1st full month following termination of services.

  • Vision Dealer Solutions maintains compliance with all local, state, and federal legal requirements regarding administrative, technical, and physical safeguards, and adheres to all applicable industry standards for privacy and data protection.

  • Vision Dealer Solutions will continue to protect and secure any Customer Information it maintains, processes, or accesses, in accordance with all relevant privacy and security laws and regulations.


Risk Assessments

As part of its Safeguards Program, Vision Dealer Solutions conducts annual risk assessments to identify reasonably foreseeable internal and external risks that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of customer information.

Each assessment evaluates the sufficiency of existing safeguards and the effectiveness of controls in place to mitigate those risks.

Other Resources

SOC 2 Type 2 Compliance

Read more
SOC 2 Type 2 Compliance

FTC Safeguards Rule Compliance Statement

Read more
FTC Safeguards Rule Compliance Statement

Security & Compliance Report

Read more
Security & Compliance Report

Legal Opinion

Read more
Legal Opinion

SECURITY

Other Security Resources

SOC 2 Type 2 Compliance

SOC 2 Type 2 Compliance

Vision Dealer Solutions has received a clean SOC 2 Type 2 attestation report for 2025, reaffirming its ongoing commitment to top-tier data security, confidentiality, and availability standards. The audit, conducted by Sensiba LLP, validates the company’s strong internal security controls and continuous compliance since 2023.

Read more
Security & Compliance Report

Security & Compliance Report

Vision Dealer Solutions partners with Drata to ensure continuous monitoring of our security, compliance, and data protection practices—providing customers with transparency and confidence in how their information is safeguarded.

Read more
Legal Opinion

Legal Opinion

Hudson Cook, LLP issued a formal legal opinion confirming that Vision Dealer Solutions’ vSignature System meets the requirements of ESIGN, UETA, and UCC Article 9—ensuring that contracts executed through vSignature are legally valid and enforceable electronic records.

Read more
bottom of page