App Privacy Policy

Controller

Data We Collect

• Account data: name, email address, authentication identifiers, and password hash (if password login is used).
• App data: vehicle details, mileage, refuels/charges, expenses, maintenance plans, trip logs/Fahrtenbuch entries, start and destination locations, odometer values, parking/toll costs, reminders, categories, notes, reports, and related timestamps.
• Optional location data: when you use current-location actions in Trip Log, the app may process precise device coordinates to suggest a start or destination place. If you select or save a location, related address/place metadata and coordinates may be stored with the trip log entry.
• Receipt scan data (optional): images you capture or select for receipt recognition, local OCR validation output, extracted receipt fields, and receipt scan usage counts/limits. The backend stores scan usage records for limits; it does not store the full receipt image after processing unless a future feature clearly says otherwise.
• Device and technical data: device type, OS version, app version, IP address, and diagnostics/log data needed to operate the app.
• Notification data: push token, opt-in status, and delivery metadata.
• Subscription data: plan status, store/provider, transaction identifiers, and verification payloads (we do not store full payment card details in the app backend).
• Website privacy-policy and support-page analytics may be processed through Google Analytics and Google Ads tags when you visit our web pages.

How We Use Data

• Provide the app features and maintain your account.
• Store vehicle history, trip logs, and generate statistics/reports.
• Provide optional current-location, address, and place suggestions for Trip Log entries.
• Send reminders and notifications you configure.
• Run optional AI receipt recognition when you request this feature.
• Secure the service, prevent abuse, and troubleshoot issues.
• Manage subscriptions, restores, and entitlement status.
• Measure website traffic and app-store campaign conversions on our web pages, where analytics or advertising tags are enabled.

Legal Bases (GDPR)

• Contract: to provide the app and subscription services.
• Consent: for optional receipt scans, current-location/geocoding features, notifications, and social sign-in where you choose to use them.
• Legitimate interests: security, fraud prevention, service reliability, diagnostics, and product improvement.
• Legal obligation: tax and accounting requirements.

Service Providers and Sharing

We share data only with service providers needed to operate the service, under contractual and legal safeguards, including:

• Hosting and infrastructure providers.
• Email delivery providers.
• Push notification platforms: Firebase Cloud Messaging (Android) and Apple Push Notification service (iOS).
• Sign-in providers, if used by you (for example Google or Apple sign-in).
• Google Maps, Places, or Geocoding services for optional Trip Log location suggestions when those features are used.
• Subscription/payment providers (Apple App Store, Google Play, Stripe for web).
• AI provider for receipt parsing, only for images you explicitly submit for scanning. Receipt images are sent to Google Gemini for extraction of structured receipt fields.
• We do not sell your personal or sensitive user data. We share it only for the purposes disclosed in this Policy or where required by law.

App Permissions

• Camera (optional): to capture fuel receipts for scan/parsing.
• Photos/Media library (optional): to select receipt images and save captured receipt photos.
• Notifications (optional): to send reminder notifications you enable.
• Location (optional): only when you use a current-location action in Trip Log to suggest a start or destination place. We do not continuously track location in the background. If you save or select a location, related address/place metadata and coordinates may be stored with the trip log entry.
• The app does not request access to contacts, SMS, call logs, microphone audio, health data, or the list of apps installed on your device.

Security

We use technical and organizational safeguards designed to protect personal data, including encrypted transport, access controls, password hashing, limited administrative access, backups, and account deletion workflows. No internet service can guarantee absolute security, but we work to reduce risk and respond to security issues.

Retention

We retain personal data as long as needed to provide the service, maintain subscription/account records, and comply with legal obligations (for example, accounting/tax retention where required). Account, vehicle, refuel, charging, expense, trip log, location, maintenance, receipt scan usage, entitlement, and push token data are deleted or anonymized when you delete your account, except where legal retention or dispute handling requires a longer period. You can request deletion of your account at any time.

Your Rights

• Access, rectify, or delete your personal data.
• Restrict or object to processing.
• Data portability.
• Withdraw consent where processing is based on consent.
• Complain to a supervisory authority.
• To exercise these rights, contact support@timsoftsolutions.de.

International Transfers

Some providers may process data outside the EEA. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (or equivalent lawful transfer mechanisms).

Children

The app is not intended for children under 16, and we do not knowingly collect personal data from children.

Changes to This Policy

We may update this Policy from time to time. The latest version is published on this page with the “Last updated” date.

Contact

For privacy requests, contact us at support@timsoftsolutions.de.

Account Deletion

You can request deletion of your account and associated data at myauto.today/delete-me or from the app profile screen where available. Password accounts may confirm deletion with email and password. Google or Apple accounts may require re-authentication with the same provider before deletion.