Editor's Note: This article originally appeared in NAEDA's Summer 2025 Edition of Equipment Dealer and is being published with their permission.
Every dealer needs a good Dealer Management System (DMS) to help run an efficient and profitable business.
By necessity, dealers trust DMS providers with some of their most sensitive data. But are dealers paying attention to what DMS providers can do with their data? In reviewing several sets of terms and conditions with DMS providers, we learned that some DMS providers adopt a fairly traditional software provider approach of agreeing to implement reasonable data security measures along with confidentiality commitments to only use your data for other purposes if that data is anonymized and aggregated. Other DMS providers appear to provide very little information about data security and have very few terms relating to use of a dealer’s information for other purposes.
This analysis included a review of multiple DMS providers owned by Constellation Software and revealed that Constellation Software terms and conditions have included significantly different (and concerning) terms relating to their authorized use of a dealer’s information. Constellation Software is a publicly-traded company that has acquired many DMS providers offering products and services to equipment dealers. These providers include the following brands: c-Systems, Catalyst, Charter, DIS, Ibcos, Ideal, IDS and Paulson Computer Systems. The privacy policies and terms and conditions for the brands reviewed are generally similar and most of the key terms are set forth in a document referred to as their General Terms and Conditions or “GTCs” with brand specific versions. While these terms and conditions state that data may be anonymized by removing references to “individual natural persons”, the GTCs specifically indicated that:
- Constellation claims ownership over all DeIdentified Data, which is misleadingly defined to include information that is still IDENTIFIABLE to any specific business or entity.
- Constellation can use and disclose such information for any business purpose, even if it is still identifiable to a specific business or entity.
Taken at its most literal reading, dealers using a Constellation brand of DMS have agreed to allow Constellation to claim ownership over a very significant amount of their financial data as well as customer-specific transaction data for customers that are not individuals.
After our review, NAEDA reached out to Constellation Software for comment. A representative of Constellation authorized to speak on behalf of the c-systems, Charter and Ideal DMS brands indicated that those business units currently do not share “confidential information” but did not clarify whether information that remains identifiable to a dealer’s business would be confidential or may be shared with others as permitted under their terms and conditions.
Following that discussion, multiple dealers contacted NAEDA indicating that c-systems has proposed updates to their GTCs. This appears to be at least partly in reaction to NAEDA’s inquiry because a significant amount of the changes in the version NAEDA reviewed focused on the definition of “De-Identified Data” and other data use provisions, including expanded sharing with OEMs. The most direct change made by c-systems related to the issues raised in this article is a change in the definition of De-Identified Data so that it no longer specifically states that identifiable business or entity data is included in “De-Identified Data”. However, the new definition still gives c-systems the right to claim that identiWhile there are certainly benefits to information-sharing and appropriate circumstances in which that should occur, it is critical that dealers are active participants in this process. fiable business or entity data is “De-Identified Data” and therefore gives it the right to claim that c-systems owns that data.
Simply put, Constellation’s latest changes to the c-systems terms do not address the issues raised on our initial review.
Should Dealers Be Concerned?
YES. Even though the aggregation of information in an industry can provide valuable insights and help dealers operate their businesses, the Constellation terms and conditions reflect a very aggressive approach that removes dealer control over their own information and is not typical for software vendors. This creates the following specific risks:
- Constellation can analyze your work orders, including labor rates, technician notes, and parts profitability.
- Constellation can analyze information on specific models of equipment, including pricing and sales, at individual dealers and on a location-by-location basis.
- Constellation can sell this information, which could be aggregated or perhaps even targeted to your own business, to third parties, including other dealers, potential buyers of your dealership, and investors or other parties looking for insights into the industry without notice or consent from you.
Constellation does not hide its widespread usage of this data. They specifically identify that they obtain reports from over 1,500 dealers on a nightly basis1 and provide that data to manufacturers, dealers, and other interested parties. They publicly indicate their reports can include SKU level sales information as well as pricing and promotions across competitors as well as work order analysis information2. Beyond these public items, there is very little insight in to how or where Constellation may share or use this data for other purposes that support its business or those of its partners or customers.
Although this has not been confirmed in Constellation’s public filings, multiple sources have reported that either Constellation or one or more investors with a significant stake in Constellation are involved with an organization called Spark Power Equipment. Very little information is available about Spark Power Equipment, but it has been reported that Spark Power Equipment has purchased several outdoor power equipment dealerships and intends to own over 100 retail locations within the next five years. The lack of transparency relating to Spark Power Equipment is fueling speculation about its purposes and the information that it may be able to access relating to the equipment industry, but the reality is that the terms and conditions Constellation uses with its dealers would allow it to sell or transfer a significant amount of sensitive dealer data to Spark Power Equipment or any other entity seeking to acquire dealerships and/or compete with other dealerships. Constellation was given an opportunity to address its connection with Spark Power Equipment but its representative only stated that the specific entities that own c-systems, Charter and Ideal do not own or control Spark Power Equipment. The representative did not make the same statement about Constellation or the “hundreds of independently managed subsidiaries” that it owns besides the three specific subsidiaries mentioned.
Is Constellation Violating the Law?
Under applicable laws in the United States and Canada, Constellation is likely meeting its minimum burdens of disassociating data from individual consumers that have received new rights in recent years in many states across the country to allow individuals to control, review, restrict, and delete their data from companies that maintain it. However, Constellation’s terms and actions may violate parameters of laws that restrict use of a dealer’s business system. An example of this can be found in Montana’s dealer law.
What Should Dealers Do?
Even though the terms and conditions used by Constellation’s brands of DMS providers represent a very specific concern, it highlights the need for all dealers to evaluate their relationships with their DMS providers and OEMs and related terms involving ownership, access, use and disclosure of your data. While there are certainly benefits to information-sharing and appropriate circumstances in which that should occur, it is critical that dealers are active participants in this process. With that in mind, we make the following recommendations:
- Dealers using a Constellation product should carefully evaluate any proposed revisions to their Agreements and consider initiating negotiations with Constellation to narrow the scope of their data that Constellation owns. If the scope of rights given to Constellation is narrowed, dealers also need to address how those changes apply to data disclosed to Constellation before the change.
- Dealers should evaluate the terms and conditions in contracts with DMS providers and OEMs to understand your rights and obligations relating to your data and the rights that you grant third parties to access and use this data.
- Initiate discussions with DMS providers and OEMs to ensure that appropriate safeguards are in place with respect to your data, including commitments to implement reasonable data security protocols and safeguards and to not sell or use your information without appropriate commitments relating to aggregation and anonymization.
- Recognize that your information is an asset and consider appropriate compensation for giving access to this information and/or risks in allowing the use of your information by third parties.
- If a DMS provider is not willing to address concerns relating to data security and restrictions on use, dealers should consider moving to another DMS provider.
NAEDA’s Role
NAEDA is actively engaged in the development of best practices and policies relating to a dealer’s data, including dialogue with multiple OEMs about the topic of data-sharing. As part of this effort, NAEDA will also be evaluating legislative initiatives and developing model language that may be proposed to DMS providers to address dealer concerns.
