Privacy Policy

Controller

Data We Collect

• Account data: name, email address, password hash when password login is used, language, home currency, account identifiers, authentication provider, and verification status.
• Social sign-in data: Google or Apple identity token data needed to create or access your account, such as provider user ID, email, and name when provided by the provider.
• Vehicle and app data: cars, license plates, model, year, mileage, refuels, charging sessions, maintenance plans, expenses, categories, notes, reminder settings, reports, trip logs/Fahrtenbuch entries, start and destination locations, purpose, client/contact, odometer values, parking/toll costs, and related timestamps.
• Optional location data: when you use current-location features for Trip Log, the app may process precise device coordinates to suggest a start or destination address/place. If you select or save a location, we may store the chosen label, coordinates, place ID, provider, and source with the trip log entry.
• Receipt scan data: receipt images or image text submitted by you, extracted receipt fields such as date, amount, currency, merchant, fuel type, quantity, and scan limits.
• Subscription and billing data: plan, provider, status, transaction IDs, subscription IDs, invoice/payment metadata, entitlement status, and store verification payloads. We do not store full payment card numbers.
• Notification data: push tokens, device platform, notification environment, and reminder data needed to send maintenance, mileage, or expense notifications.
• Technical and security data: IP address, browser or app version, device and operating system information, request logs, error logs, security events, cookies, local storage tokens, and reCAPTCHA results.
• Analytics and conversion data: website and campaign events processed through Google Analytics and Google Ads conversion tags, including page and click events, approximate device/browser data, and identifiers set by Google where applicable.

How We Use Data

• To create accounts, authenticate users, verify emails, and keep sessions secure.
• To provide vehicle tracking, expense tracking, trip logs, reports, reminders, receipt recognition, optional location/address suggestions, subscription features, and customer support.
• To process purchases, verify app store or web subscriptions, prevent abuse, and maintain entitlement status.
• To send service emails and push notifications that you request or enable.
• To protect the service, detect fraud, troubleshoot errors, measure performance, and improve product reliability.
• To measure website traffic and app store campaign conversions, where analytics or advertising tags are enabled.
• To comply with accounting, tax, consumer protection, platform, and legal obligations.

Legal Bases under GDPR

• Contract: processing needed to provide the account, app features, subscriptions, support, and security of the service.
• Consent: optional receipt scans, optional current-location/geocoding features, push notifications, optional marketing/analytics choices where legally required, and social sign-in initiated by you.
• Legitimate interests: fraud prevention, service security, diagnostics, product improvement, and non-sensitive usage measurement, unless your rights override those interests.
• Legal obligation: tax, accounting, consumer law, dispute handling, and mandatory compliance requests.

Sharing and Service Providers

• Hosting, database, infrastructure, and email providers that process data for us under appropriate agreements.
• Google services, including Google sign-in, reCAPTCHA, Google Analytics, Google Ads conversion tracking, Firebase Cloud Messaging, Google Maps/Places/Geocoding for optional location suggestions, and Google Play billing verification where these features are used.
• Apple services, including Sign in with Apple, Apple Push Notification service, App Store billing, and subscription verification where these features are used.
• Stripe for web subscriptions, billing portal access, payment status, invoices, refunds, and related billing metadata.
• AI/OCR receipt-processing providers only when you submit receipt images or text for recognition.
• Professional advisers, authorities, courts, or other parties where required to enforce rights, protect users, or comply with law.

Mobile Permissions and Sensitive Data

The mobile app may request camera or photo library access only when you choose to scan or select a receipt. It may request notification permission only when reminders or push notifications are enabled. It may request location permission only when you use a current-location action in Trip Log to suggest a start or destination place. We do not continuously track location in the background. Location is used for the requested action and, if you save or select a location, related address/place metadata and coordinates may be stored with the trip log entry. We do not access contacts, SMS, call logs, microphone audio, health data, or the inventory of other apps.

Data Security

We use technical and organizational measures designed to protect personal data, including encrypted transport, access controls, credential hashing, role-based access where applicable, backups, and deletion flows for account data. No system can be guaranteed to be completely secure, but we work to reduce risk and respond to security issues.

Retention and Deletion

We keep personal data only as long as needed for the purposes described in this Policy. Account, vehicle, refuel, charging, expense, trip log, location, maintenance, receipt, entitlement, and push token data are deleted or anonymized when you delete your account, except where legal retention or dispute handling requires a longer period. You can request account deletion at myauto.today/delete-me.

Your GDPR Rights

• Access your personal data and receive a copy.
• Correct inaccurate or incomplete data.
• Delete your data, subject to legal retention obligations.
• Restrict or object to processing where GDPR allows it.
• Receive data portability for data you provided.
• Withdraw consent at any time where processing is based on consent.
• Contact us at support@timsoftsolutions.de or lodge a complaint with a supervisory authority.

International Transfers

Some providers may process data outside the European Economic Area. Where required, we rely on adequacy decisions, Standard Contractual Clauses, data processing agreements, or comparable safeguards.

Changes and Contact

We may update this Policy when the service, providers, laws, or platform requirements change. The current version is published on this page. Privacy requests can be sent to support@timsoftsolutions.de.