Privacy

Last Updated: 6 Oct 2025
 Effective Date: 6 Oct 2025

1. INTRODUCTION

Good2Know OÜ (Reg. 17058788, VAT EE102803545), Herilase tn 4, 12917 Tallinn, Estonia (“Good2Know,” “we,” “our,” “us”), is the controller responsible for processing your personal data when you use our app and website (the “Service”). We collect and handle your data in line with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national laws.

2. INFORMATION WE COLLECT

We collect only what’s necessary to provide and improve our Service.

Information you provide:

– Email address (for account creation, communication, or demo access)
 – Vehicle registration numbers and VINs
 – Vehicle photographs (for plate or VIN recognition)
 – User feedback, messages, and interaction data
 – Payment information processed through secure third-party services
 – Optional profile data (e.g., name, company, country)

Information collected automatically:

– Device type, browser, OS version, and screen resolution
 – IP address and general location (non-precise)
 – App usage logs, performance metrics, and timestamps
 – Token-based session identifiers

3. PURPOSES AND LEGAL BASIS

We process your data under the following legal bases (Article 6 GDPR):
 – To provide and operate the Service and perform scans — contractual necessity (Art. 6(1)(b))
 – To communicate with users and ensure reliability — legitimate interest (Art. 6(1)(f))
 – To improve and secure the Service — legitimate interest (Art. 6(1)(f))
 – To process payments and comply with tax rules — legal obligation (Art. 6(1)(c))
 – To send updates or product information when you opt in — consent (Art. 6(1)(a))

4. DATA RETENTION

Data is retained only for as long as necessary for its purpose:
 – VIN and license plate data: 14 days (to prevent duplicate scans)
 – Vehicle analysis results: stored until deletion request or account closure
 – User account data: retained while the account is active
 – Payment and billing records: up to 7 years to comply with accounting law
 – Logs and technical analytics: 90 days maximum
 After expiry, data is securely erased or anonymized.

5. DATA STORAGE AND SECURITY

All data is stored on servers within the European Union. Transmission uses TLS encryption; storage is protected by AES-256 encryption, access control, and continuous monitoring. Access is restricted to authorized staff only. Regular security reviews and penetration tests are performed to maintain data integrity and resilience.

6. THIRD-PARTY PROCESSORS

We use vetted third-party processors solely to support our Service:
Cloud hosting and infrastructure (EU-based providers)
Payment processors (Stripe or equivalent)
Vehicle data APIs for decoding or history retrieval — these receive only anonymized VIN or registration data, never personal identifiers
 All third-party processors operate under GDPR-compliant Data Processing Agreements (DPAs). No marketing or advertising data sharing occurs.

7. INTERNATIONAL TRANSFERS

Your data does not leave the GDPR area, and no personal data is imported from outside it. If cross-border transfers become necessary, they will follow GDPR Chapter V with Standard Contractual Clauses (SCCs).

8. CAMERA AND PHOTO USE

When you use camera features:
 – Permission is requested explicitly before capture
 – Images are used only to identify vehicles (license plate or VIN)
 – Photos are processed instantly and deleted after analysis
 – No photos are shared with third parties

9. COOKIES AND TRACKING

We currently do not use cookies for advertising or behavioral tracking. Essential cookies or local storage may be used to keep sessions active or remember preferences. You can control these through your browser settings.

10. YOUR RIGHTS

Under GDPR, you have the right to:
 – Access your data
 – Request correction of inaccurate data
 – Request deletion (“right to be forgotten”)
 – Restrict or object to processing
 – Receive your data in a portable format
 – Withdraw consent at any time
 To exercise these rights, email [email protected]. We may request minimal verification to confirm your identity.

11. CHILDREN’S DATA

The Service is not directed to children under 16 years old. We do not knowingly collect personal data from minors. If you believe we hold such data, contact us for immediate deletion.

12. SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local EU authority if you believe your data has been mishandled.

13. POLICY UPDATES

We may update this Privacy Policy from time to time. The “Last Updated” date will always indicate the latest version. Material changes will be communicated directly to registered users.

14. CONTACT

Data Controller: Good2Know OÜ
 Herilase tn 4, 12917 Tallinn, Estonia
 Reg. 17058788 VAT EE102803545
 Email: [email protected]
 Data Protection Lead: Jarmo Paabo