Menu DMS Bridge Privacy Policy
This policy describes the intended production behavior for the Menu DMS Bridge Chrome extension and bridge service. It should be reviewed by counsel before use with real dealer or customer data.
What the extension does
The extension helps an authorized dealer employee capture deal information from the currently open DMS deal page and prepare a Menu-ready review handoff. The extension runs after the user clicks it and requires user review before handoff.
Information processed
Depending on the DMS page and dealer configuration, the extension may process dealer/account identifiers, business manager/user information, buyer/co-buyer contact information, vehicle/collateral information, lender and finance terms, fees/taxes, trade/payoff details, insurance/lienholder information, product selections or declines, forms status, and audit/idempotency metadata.
How information is used
- Prepare a Menu-ready session/review payload.
- Validate required fields and identify missing or inconsistent deal data.
- Route the handoff to the correct dealer/account context.
- Maintain limited audit/support metadata where required by production configuration.
Data sharing
Data is used to support the dealer-authorized Menu handoff. The bridge does not sell customer data. Production integrations should share data only with approved dealer/Menu systems needed for the transaction.
Retention
The intended production design is minimal retention. Transaction data should be temporary unless a dealer-approved audit/support requirement requires limited retention with appropriate TTL, access control, and deletion procedures.
Outreach and CRM actions
The demo may show outreach drafts or CRM tasks. No real email or text message is sent by the demo. Production outreach requires dealer approval, customer consent/opt-in handling, approved templates, audit logging, and CRM/email permissions.
Security
The production system should use encrypted transport, least-privilege extension permissions, backend-mediated API credentials, no secrets embedded in the extension, and restricted support logs that avoid unnecessary customer NPI.
Contact
Support/contact details should be replaced with the final production support address before public Chrome Web Store submission.