Imprint & Data Protection

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data-protection legislation is:

Email:

We process personal data only in accordance with the GDPR, the German Federal Data Protection Act (BDSG), and the German Telemedia Act (TMG/TTDSG). Data is collected when you use our website or services — for example, when you upload a video, create an account, or contact us.

We process personal data based on the following legal grounds:

• Performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR)
• Compliance with legal obligations (Art. 6(1)(c) GDPR)
• Legitimate interests pursued by us (Art. 6(1)(f) GDPR)
• Your consent, where given (Art. 6(1)(a) GDPR)

Depending on how you interact with our services, we may collect:

• Name, email address, phone number (upon registration/contact)
• Vehicle information and videos you upload for diagnostic evaluation
• Payment information (processed by third-party payment providers)
• Usage data (IP address, browser type, referral URLs, access times)
• Communication content (support emails, chat messages)

Your data is used for the following purposes:

• Providing, maintaining and improving our diagnostic services
• Processing payments and fulfilling contracts
• Communicating with you about your account or inquiries
• Complying with legal and regulatory obligations
• Protecting against fraud and ensuring security
• Analysing usage to improve user experience (with anonymised data)

Our services are directed at users in the United States and other countries. When personal data is transferred from the European Economic Area (EEA) to a country that does not provide an adequate level of data protection (e.g., the USA), we rely on the EU Standard Contractual Clauses (SCCs) or other appropriate safeguards in accordance with Art. 46 GDPR.

Where we use US-based sub-processors, we ensure compliance through Data Processing Agreements that include the current EU Standard Contractual Clauses adopted by the European Commission.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. In particular:

• Account data: retained for the duration of your account, then deleted within 30 days of account closure
• Uploaded videos: removed from our website and customer-facing systems within 90 days of report delivery (or earlier upon request). However, anonymised or pseudonymised derivatives of uploaded media (e.g., extracted audio, diagnostic features) may be retained indefinitely for the purpose of training and improving our machine-learning and AI systems. This further processing is based on our legitimate interest in product improvement (Art. 6(1)(f) GDPR). You may object to this processing at any time by contacting us.
• Invoice and tax-related data: retained for 10 years as required by German tax law (§ 147 AO)
• Server log files: automatically deleted after 7 days

Our website uses technically necessary cookies to enable core functionality (e.g., login sessions). We do not use tracking cookies or third-party advertising cookies. If we introduce optional analytics cookies in the future, consent will be obtained in accordance with the GDPR and TTDSG.

We may share your data with carefully selected third-party processors for the following purposes:

• Payment processing (e.g., Stripe, PayPal)
• Hosting and infrastructure (cloud servers)
• Email delivery services

All processors are bound by Data Processing Agreements (Art. 28 GDPR) and process data exclusively on our instructions.

As a data subject, you have the following rights under the GDPR:

• Right of Access (Art. 15 GDPR) – You may request information about the data we hold about you.
• Right to Rectification (Art. 16 GDPR) – You may request correction of inaccurate data.
• Right to Erasure (Art. 17 GDPR) – You may request deletion of your data ("right to be forgotten").
• Right to Restrict Processing (Art. 18 GDPR) – You may request that we limit how we use your data.
• Right to Data Portability (Art. 20 GDPR) – You may request your data in a machine-readable format.
• Right to Object (Art. 21 GDPR) – You may object to data processing based on legitimate interests.
• Right to Withdraw Consent (Art. 7(3) GDPR) – You may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at:

You have the right to lodge a complaint with a supervisory authority. The responsible authority for us is:

Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Germany

Website: www.datenschutz.saarland.de

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. All data transmissions between your browser and our servers are encrypted using TLS/SSL.

We reserve the right to update this privacy policy to reflect changes in legal requirements or our services. Any material changes will be communicated on this page. We encourage you to review this page periodically.

Last updated: March 2025