Last updated: 21 May 2026
Summary: TachoCard is a brand operated by Info Data SRL, a company incorporated in Romania, EU. We collect only the data needed to provide our tachograph compliance service. Your data is stored in the EU, encrypted, and never sold. You have full rights under GDPR to access, correct, or delete your data at any time.
The data controller for all personal data processed through the TachoCard platform (website at tacho-card.com and web application at app.tacho-card.com) is:
Info Data SRL (trading as TachoCard)
Str. Branduselor nr. 80, Brasov, 500397, Romania, European Union
Company Registration No. (CUI): RO16189357
Email: privacy@tacho-card.com
When you create an account, we collect:
When you upload tachograph data files (.ddd format), we process:
This data is used exclusively to generate compliance reports and alerts for the account holder.
We automatically collect technical information needed to operate the service:
Subscription payments are processed by Stripe, Inc. We do not store your full credit card number, CVV, or bank details on our servers. Stripe returns a secure token that identifies your payment method. Stripe's privacy policy is available at stripe.com/privacy.
When you submit a contact form, we collect your name, email address, and message content. This data is used only to respond to your inquiry.
We use your personal data for the following purposes:
We do not use your data for advertising, sell it to third parties, or use it to build marketing profiles.
Under the GDPR (Regulation EU 2016/679), we process your data on the following legal bases:
All data is stored on servers located within the European Union. We use industry-standard encryption (AES-256 at rest, TLS 1.3 in transit).
Retention periods:
We work with the following third-party processors who may handle your data on our behalf:
| Service | Purpose | Data Location |
|---|---|---|
| Stripe, Inc. | Payment processing | EU / USA (SCCs) |
| Cloudflare Turnstile | CAPTCHA / bot prevention | EU edge nodes |
| Google reCAPTCHA v3 | Invisible bot-detection on registration forms — analyses behavioural signals sent to Google (USA) under Standard Contractual Clauses. Legal basis: Art. 6(1)(f) GDPR (legitimate interest — security). | EU / USA (SCCs) |
| SMTP provider | Transactional email delivery | EU |
No data is transferred outside the EU/EEA without appropriate safeguards (Standard Contractual Clauses or adequacy decision).
We use the following types of cookies:
You can withdraw cookie consent at any time by clearing your browser's localStorage (key: tachocard_cookie_consent).
As a data subject in the EU/EEA, you have the following rights:
To exercise any of these rights, contact us at privacy@tacho-card.com. We will respond within 30 days as required by GDPR Art. 12. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, or with the supervisory authority of your EU member state of residence.
We implement technical and organisational measures to protect your personal data, including:
In the unlikely event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33–34.
TachoCard is a professional B2B service intended for adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided data to us, please contact us immediately.
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify registered users by email for any material changes. The "Last updated" date at the top of this page will always reflect the most recent revision.
For any privacy-related questions or to exercise your GDPR rights:
Company: Info Data SRL (trading as TachoCard)
Address: Str. Branduselor nr. 80, Brasov, 500397, Romania, EU
Email:privacy@tacho-card.com
Subject line: "Privacy Request — [Your Name]"