Privacy Policy

Last updated: 21 May 2026

Summary: TachoCard is a brand operated by Info Data SRL, a company incorporated in Romania, EU. We collect only the data needed to provide our tachograph compliance service. Your data is stored in the EU, encrypted, and never sold. You have full rights under GDPR to access, correct, or delete your data at any time.

1. Data Controller

The data controller for all personal data processed through the TachoCard platform (website at tacho-card.com and web application at app.tacho-card.com) is:

Info Data SRL (trading as TachoCard)
Str. Branduselor nr. 80, Brasov, 500397, Romania, European Union
Company Registration No. (CUI): RO16189357
Email: privacy@tacho-card.com

2. What Data We Collect

2.1 Account Registration

When you create an account, we collect:

  • Full name (first and last name)
  • Email address
  • Country of residence
  • Company name (for company accounts)
  • Hashed password (we never store your password in plain text)

2.2 Tachograph File Data

When you upload tachograph data files (.ddd format), we process:

  • Driver card identification numbers
  • Driving activity records (times, distances, activity types)
  • Vehicle registration data
  • Infringement records as recorded by the tachograph unit

This data is used exclusively to generate compliance reports and alerts for the account holder.

2.3 Usage Data

We automatically collect technical information needed to operate the service:

  • IP address (used for security and fraud prevention; not linked to your identity for analytics purposes)
  • Browser type and version
  • Pages visited and navigation patterns within the application
  • Timestamps of actions (uploads, report generation, exports)

2.4 Payment Data

Subscription payments are processed by Stripe, Inc. We do not store your full credit card number, CVV, or bank details on our servers. Stripe returns a secure token that identifies your payment method. Stripe's privacy policy is available at stripe.com/privacy.

2.5 Contact Form

When you submit a contact form, we collect your name, email address, and message content. This data is used only to respond to your inquiry.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery: Processing uploaded tachograph files, generating reports, sending compliance alerts
  • Account management: Authentication, subscription billing, plan management
  • Security: Fraud detection, abuse prevention, CAPTCHA verification via Cloudflare Turnstile and Google reCAPTCHA v3 (registration forms)
  • Communication: Transactional emails (email verification, password reset, subscription receipts, alert notifications)
  • Legal compliance: Fulfilling our obligations under applicable EU law

We do not use your data for advertising, sell it to third parties, or use it to build marketing profiles.

4. Legal Basis for Processing

Under the GDPR (Regulation EU 2016/679), we process your data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to deliver the TachoCard service you have subscribed to
  • Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement analytics
  • Legal obligation (Art. 6(1)(c)): Compliance with EU tax, accounting, and data retention laws
  • Consent (Art. 6(1)(a)): Optional analytics cookies — only upon your explicit consent via our cookie banner

5. Data Storage and Retention

All data is stored on servers located within the European Union. We use industry-standard encryption (AES-256 at rest, TLS 1.3 in transit).

Retention periods:

  • Account data: Retained for the duration of your account plus 30 days after deletion request
  • Tachograph file data: Free plan — 90 days; Pro/Company plans — 12 months rolling window
  • Billing records: 7 years (Romanian tax law requirement)
  • Contact messages: 12 months after last interaction
  • Security logs: 90 days

6. Third-Party Services

We work with the following third-party processors who may handle your data on our behalf:

ServicePurposeData Location
Stripe, Inc.Payment processingEU / USA (SCCs)
Cloudflare TurnstileCAPTCHA / bot preventionEU edge nodes
Google reCAPTCHA v3Invisible bot-detection on registration forms — analyses behavioural signals sent to Google (USA) under Standard Contractual Clauses. Legal basis: Art. 6(1)(f) GDPR (legitimate interest — security).EU / USA (SCCs)
SMTP providerTransactional email deliveryEU

No data is transferred outside the EU/EEA without appropriate safeguards (Standard Contractual Clauses or adequacy decision).

7. Cookies

We use the following types of cookies:

  • Strictly necessary cookies: Session management, authentication tokens. These cannot be disabled as the service cannot function without them.
  • Analytics cookies: Used to understand how visitors use our website (page views, navigation paths). These are only set with your consent via our cookie consent banner.

You can withdraw cookie consent at any time by clearing your browser's localStorage (key: tachocard_cookie_consent).

8. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): Correct inaccurate data in your account settings at any time
  • Right to erasure (Art. 17): Request deletion of your account and all associated data
  • Right to restriction (Art. 18): Request we limit processing of your data in certain circumstances
  • Right to data portability (Art. 20): Receive your data in a machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent: For consent-based processing (analytics cookies), withdraw at any time

To exercise any of these rights, contact us at privacy@tacho-card.com. We will respond within 30 days as required by GDPR Art. 12. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, or with the supervisory authority of your EU member state of residence.

9. Data Security

We implement technical and organisational measures to protect your personal data, including:

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • Role-based access controls limiting who can access data internally
  • Regular security assessments
  • Encrypted backups stored in geographically redundant EU locations

In the unlikely event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33–34.

10. Children's Privacy

TachoCard is a professional B2B service intended for adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided data to us, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify registered users by email for any material changes. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact

For any privacy-related questions or to exercise your GDPR rights:
Company: Info Data SRL (trading as TachoCard)
Address: Str. Branduselor nr. 80, Brasov, 500397, Romania, EU
Email:privacy@tacho-card.com
Subject line: "Privacy Request — [Your Name]"