This Privacy Policy explains how TimSoft Solutions ("we", "us") processes personal data when you visit or use the myauto.today platform, including our web and mobile applications, dashboards and related services (collectively, the "Service"). We act as the data controller pursuant to Article 4(7) GDPR and can be contacted at Am Schierbrunnen 21, 21337 Lueneburg, Germany or via support@timsoft.eu.

1. Categories of Data We Process

Depending on your interactions with the Service, we process the following categories of data:

• Account data: name, email address, password hash and preferred language collected during registration.
• Subscription and billing data: plan selection, invoices, payment status and limited payment method metadata supplied by our payment provider (we do not store full card details).
• Vehicle and expense data: information you choose to log, such as vehicle identifiers, mileage, fuel purchases, maintenance reminders, documents and notes.
• Support data: content of enquiries and any attachments you send when contacting us.
• Usage and technical data: log files, device identifiers, IP address, browser type, time zone, feature usage and cookie identifiers.

2. Purposes and Legal Bases

We rely on the following legal bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)): to create and manage your Account, provide core Service features, process Subscription payments and deliver customer support.
• Legitimate interests (Art. 6(1)(f)): to secure and improve the Service, prevent fraud, analyse aggregated usage patterns and communicate product updates to existing users. We balance these interests against your rights and expectations.
• Legal obligations (Art. 6(1)(c)): to comply with tax, accounting and regulatory requirements, including retention rules and responding to lawful requests.
• Consent (Art. 6(1)(a)): for optional activities such as sending marketing emails or placing non-essential cookies. You may withdraw consent at any time with future effect.

3. Cookies and Similar Technologies

We use essential cookies that are required for authentication and security. With your consent, we may also deploy analytics or preference cookies to understand how the Service is used and to tailor content. You can manage cookie preferences through our cookie banner or by adjusting your browser settings. Detailed information is available in our Cookie Policy.

4. How We Share Data

We do not sell personal data. We share data only with trusted processors who provide services on our behalf, such as hosting providers, email delivery platforms, analytics vendors and payment processors (currently Stripe Payments Europe, Limited). These processors act under written agreements pursuant to Article 28 GDPR and may use the data solely to provide contracted services.

We may disclose data to public authorities when required by applicable law or to protect our rights, users or the public. In connection with a corporate transaction, data may be transferred to prospective buyers subject to appropriate safeguards.

5. International Transfers

Whenever we transfer personal data to processors located outside the European Economic Area, we implement suitable safeguards, such as the European Commission's Standard Contractual Clauses combined with supplementary technical and organisational measures. Copies of relevant safeguards can be requested via the contact details below.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described above or to comply with legal obligations. Account and vehicle data are stored for the duration of your Account and deleted or anonymised within 90 days after closure, unless we must retain them to resolve disputes or meet statutory retention periods (e.g. six or ten years for accounting records under German law). Support tickets and log files are typically retained for up to 24 months unless longer retention is required for security or legal reasons.

7. Security

We implement appropriate technical and organisational measures to protect personal data, including encrypted transport (TLS), role-based access controls, regular backups and monitoring for suspicious activity. Despite these measures, no system is completely secure; please use a strong password, enable multi-factor authentication if available and notify us immediately of any suspected unauthorised access.

8. Your Rights

Under the GDPR you have the right to request access to, rectification or erasure of your personal data, to restrict or object to processing, to data portability and to withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

9. Exercising Your Rights

To exercise your rights or to obtain clarification on our data practices, please email support@timsoft.eu. We may request additional information to verify your identity before responding. We aim to reply within one month, subject to extensions permitted by Article 12 GDPR for complex requests.

10. Supervisory Authority

You may lodge complaints with the Landesbeauftragte fuer den Datenschutz Niedersachsen, Prinzenstrasse 5, 30159 Hannover, Germany (lfd.niedersachsen.de).

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or in our Service. Material changes will be announced by email or in-app notification where feasible. The revision date at the top of this document indicates when it was last updated.