Solutions · By Use Case

Privacy-first by design.
Compliance-ready by default.

Orbee is built around the regulatory reality of modern automotive retail. SOC 2 Type II, CCPA, GDPR, and a growing patchwork of state-specific privacy laws — all supported at the infrastructure layer. Consent state travels with every record. Service providers are governed. Privacy litigation risk is minimized.

Request a demo Visit Trust Center
The regulatory reality automotive faces

The privacy landscape has shifted dramatically in the last 36 months

Most dealer marketing stacks were built before any of this existed and bolted compliance on as an afterthought. Orbee was built around it from the start.

CCPA + CPRA

Consumer rights to access, delete, opt out of sale, and limit use of sensitive personal information.

California

State-by-state expansion

Virginia, Colorado, Connecticut, Utah, Texas — and a dozen other states have passed their own frameworks.

Multi-state

GDPR-style obligations

For any operation touching EU residents, with the global precedent everyone else is following.

GDPR

Privacy litigation

Dealer-targeted litigation tied to wiretapping statutes, session replay, and pixel-driven tracking is now an active risk class.

Litigation
What's built in

Compliance handled at the infrastructure layer

Your team builds audiences. Orbee enforces consent. Your team launches campaigns. Orbee respects opt-outs.

Strict opt-in

Cookie + tag consent, per jurisdiction.

Configurable to require strict opt-in (vs. opt-out) on a per-jurisdiction basis. The Native tag manager respects consent at every event.

  • Per-state opt-in rules
  • Tag-firing gates
  • Consent-aware event collection
Consent per record

Flags travel with every customer.

CCPA opt-out, GDPR consent, do-not-call, do-not-email, do-not-SMS, sensitive PI restrictions — enforced at execution time.

  • Per-record consent state
  • Audience & journey enforcement
  • Cross-channel propagation
SOC 2 Type II

Independently audited annually.

Encryption everywhere, role-based access, multi-factor auth, configurable data residency. Subprocessors disclosed publicly.

  • SOC 2 Type II
  • Encryption in transit + at rest
  • Role-based access control
How privacy actually works in practice

Privacy is no longer a back-office concern

It's a marketing-stack concern, an engineering concern, a litigation-risk concern, and an OEM-program concern.

CCPA "do not sell"

Flagged + suppressed

Orbee flags the record, suppresses it from sale-eligible activations, and propagates the flag to downstream destinations.

Deletion request

Deleted across stack

Orbee deletes from native tables, removes from audiences, and confirms deletion across configured destinations within statutory timelines.

New state law

Centrally updated

Compliance configuration is updated centrally. Dealer accounts in the affected state inherit new rules — no per-rooftop reconfiguration.

Privacy-first by design. Audit-ready by default.

Compliance handled at the infrastructure layer.

Full compliance documentation, subprocessor list, and SOC 2 report available on request.

Visit the Trust Center

SOC 2 Type II · CCPA · GDPR · State-specific