Sales Agent Website Transaction Engine
Dealership Dealer group OEM with dealer network New entrant OEM Marketplace / Shopping site Distributor
API OEM Dealer Shopper Integrations Case studies Blog
Triumph Cleveland — Case study Evinmotors — Case study Massimo Motor Sports — Case study How buying works Voices of Ekho Case studies
Careers 4 Pricing
Partner login Book a demo
SECURITY

Security at Ekho

Vehicle commerce involves sensitive financial data, personal information, and regulated transactions. We build security into every layer of the platform so dealers and buyers can transact with confidence.

SOC 2 Type II

Independently audited for security, availability, and confidentiality controls. Ekho undergoes annual SOC 2 Type II examinations by a licensed CPA firm.

PCI DSS Compliant

Payment card data is handled in full compliance with PCI Data Security Standards. We never store raw card numbers on our servers.

GLBA Compliant

We comply with the Gramm-Leach-Bliley Act and FTC Safeguards Rule, protecting nonpublic personal information collected through financing and transaction workflows.

CCPA

California buyers can access, delete, or opt out of the sale of their personal information. We honor all CCPA rights promptly and transparently.

256-bit Encryption

All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Sensitive fields like SSNs and financial data receive additional application-layer encryption.

HOW WE PROTECT YOUR DATA

Security practices

Access control

Role-based access control (RBAC) ensures employees and dealer staff only see what they need. Multi-factor authentication and SSO support are available for all accounts.

Infrastructure

Ekho runs on Google Cloud Platform with SOC 2 certified data centers, automated backups, and infrastructure-as-code deployments with full audit trails.

Monitoring & response

24/7 monitoring with automated alerting, anomaly detection, and a documented incident response plan. Security events are logged and retained for audit.

Fraud prevention

AI-powered fraud detection screens transactions in real time. Built-in KYC and AML checks help dealers verify buyer identities and prevent fraudulent purchases.

Vendor security

All third-party integrations — lenders, payment processors, identity verification providers — undergo security review. We require SOC 2 compliance or equivalent from partners who handle sensitive data.

Regulatory compliance

We maintain compliance with GLBA, PCI DSS, CCPA, and applicable state privacy laws governing vehicle transactions and financing.

YOUR DATA

Data protection

01

Minimal data collection

We only collect the personal information necessary to complete vehicle transactions, process financing applications, and fulfill regulatory requirements. No data is sold to third parties.

02

Secure storage & retention

Sensitive personal data — including SSNs, credit information, and payment details — is encrypted and stored with strict access controls. Data is retained only as long as required by regulation or business need, then securely purged.

03

Right to deletion

Buyers can request deletion of their personal data. We honor deletion requests promptly, removing data from active systems and backups within the timelines prescribed by applicable law.

04

Vendor & partner security

All third-party integrations — lenders, payment processors, identity verification providers — undergo security review. We require SOC 2 compliance or equivalent from partners who handle sensitive data.

SECURITY

Frequently Asked Questions

Ekho uses a four-pillar approach: real-time AI risk scoring that analyzes device, behavior, IP, and address signals; advanced identity verification including document validation and live selfie matching; secure payment validation through PCI-compliant processing; and expert human review for flagged transactions.

Ekho validates government-issued IDs against DMV records, runs live selfie verification to confirm the person matches the document, detects synthetic identities, and flags inconsistencies across submitted information.

Yes. All data is encrypted in transit and at rest. Ekho maintains PCI DSS compliance for payment processing and undergoes annual SOC 2 Type II audits. We never sell or share buyer data with third parties.

Yes — and we encourage it. Ekho provides all verification documents to the dealer before vehicle delivery. Dealers perform a final ID check at handoff as an additional layer of protection.

Flagged transactions enter a manual review workflow. Ekho's fraud team examines the signals, may request additional verification from the buyer, and provides a recommendation to the dealer. The dealer always has final approval authority.

Ekho's fraud prevention significantly reduces chargeback rates by catching fraudulent transactions before they complete. For the rare cases that occur, we provide full transaction documentation and evidence to support dispute resolution.

Questions about security?

If you have questions about our security practices or need to report a vulnerability, our team is here to help.

Contact Security Team