SOC 2 Type II compliance and what it means for your dealership

Written by
Chris
Published on
February 2026
Watch us Build
Sign up to receive Toma's latest blogs, product updates and more.
Thanks for submitting the form.

As more dealership groups and automotive enterprises evaluate AI vendors, the same questions come up in nearly every conversation. Dealer group leaders and their technology teams want to know: how do we actually know AI is safe to put inside our operations with access to our customer data?

It's the right question. And it's a good reminder that we haven't been loud enough about something that matters: Toma is SOC 2 Type II compliant, with zero exceptions noted on our most recent independent audit.

If your team is in the middle of an AI vendor evaluation right now, here's what you should know.

What SOC 2 Type II compliance actually means for dealership AI

When you put an AI Coworker on the front lines of your dealership's customer communications, your customer data goes with it. Names, phone numbers, service histories, vehicle details, the kind of information your customers trusted you with, now flowing through a third-party system. That's a real responsibility, one regulators scrutinize closely, so automotive leaders are right to take it seriously.

Toma has always deployed AI to protect a dealership's data and customer experience, but now these efforts are validated by an ongoing third-party audit.

We want to remind automotive leaders what SOC 2 compliance means and why it matters.

SOC 2 is an independent audit framework by the American Institute of CPAs that verifies whether a company's security controls are in place and working as claimed.

Type I audits assess controls at a point in time. Type II audits test those controls over an extended period, verifying they've been maintained and operating correctly throughout the year.

Toma achieved Type II compliance with zero exceptions. No findings, no caveats. A clean report.

What this means for dealership and automotive enterprises

Every dealership, group, and automotive vendor handles sensitive customer data: contact information, vehicle history, appointment schedules, warranty records, financial details and more. Under frameworks like the Gramm-Leach-Bliley Act (GLBA), dealerships are on the hook for how that data is handled by the third-party vendors you work with.

Toma's SOC 2 Type II compliance gives your compliance team a documented, independent verification that the controls protecting that data are operating correctly and consistently.

A single-point dealership and a dealer group face different exposure. When a group operates across 10, 20, or 50 rooftops under a centralized vendor relationship, every customer interaction handled by that vendor happens at scale across every location, every DMS instance, every franchise brand.

We realize that for a CTO or VP of IT at a dealer group, vendor security is a real risk management obligation across the entire portfolio. Enterprise procurement processes typically require vendors to demonstrate SOC 2 compliance before contracts are signed and in many cases, before a pilot is approved. Toma's compliance report is available to your security team as part of that process. We're not asking you to take our word for it. An independent auditor has already verified the controls.

For groups backed by private equity or operating under additional governance requirements, this report also gives your stakeholders an auditable record of vendor due diligence. Not every AI vendor in automotive has one.

How this layers with Toma's Safeguards

Toma was built on the premise that AI in a customer-facing role carries real risk to CSI scores, to customer trust, and to your reputation with the OEM. That's why we built Safeguards: Transfer Triggers that detect frustration and route to the right human, Follow-up Alerts that notify your team when something needs attention, and Transfer Clawback that ensures no customer hits a dead end.

Safeguards protect the customer experience. SOC 2 Type II compliance protects the data behind it.

They're designed to work together. An AI Coworker that handles both inbound and outbound communications needs to earn trust on two fronts: the quality and safety of the interactions it manages, and the security of the customer information it handles in the process. We've built for both.

What this means if you're evaluating AI for dealerships

If your team has vendor security requirements, Toma's SOC 2 Type II compliance report is available to review during your evaluation. For existing customers, nothing changes operationally, this report verifies what was already in place throughout your time with Toma. SOC 2 Type II compliance requires ongoing audits to maintain, and we're committed to continuing that standard as Toma grows and being transparent about our security posture at every stage.

Dealer groups betting on AI for their customer communications and operations deserve a vendor that takes that responsibility seriously. We do.

Questions about Toma's security posture? Visit trust.toma.com to learn more or request our SOC 2 report.

Chris
Founding Marketing Lead

Other posts

A New Chapter for Toma After Automating 1 Million Dealership Calls with AI Agents
Toma logo wordmark
2025
News
We’re excited to introduce the new Toma! New branding, new safeguards, new Inbox product and the next chapter in how dealerships use AI to serve customers.
Why Build AI Agents for Dealership Fixed Ops?
Toma logo wordmark
2025
Articles
See how dealership AI drives ROI through revenue from automated scheduling and time savings that free staff for higher-value work.
What's The ROI of Dealership AI?
Toma logo wordmark
2025
Articles
See how dealership AI drives ROI through revenue from automated scheduling and time savings that free staff for higher-value work.
Hand-drawn pencil sketch of a confident man with glasses wearing a collared shirt.
“My time with Toma has been a perfect 10. It saves us so much time across the board.”
Black and white pencil sketch portrait of a bald man wearing a dark shirt, with a neutral expression.
"Toma has been a game changer."
“Phones blow up during recall events or vacation seasons. With Toma, we don’t even feel it anymore.”
Black and white pencil sketch of a smiling woman with shoulder-length hair wearing a blazer.
"Toma keeps my service advisors off the phone and focused on customers in-store."
Black and white pencil sketch of a smiling man with a beard and slicked-back hair wearing a collared shirt.
"The team at Toma has made adopting AI at my dealership easy."
"After turning Toma on and listening to the first few recordings, it felt like we have another member of the team on the phone."

See Toma in action

Experience how Toma can scale your dealership’s operations with a thoughtful AI deployment.
Book a demo