← Back to OBDify Car Diagnostic

Privacy Policy – OBDify Car Diagnostic

Last updated: 30 August 2025

1. Introduction

OBDify Sp. z o.o. ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

OBDify Sp. z o.o. is registered in Poland, with its principal office at Leśna 1, 81-876 Sopot, Poland.

1.1 Legal Basis for Processing

We process personal data only where we have a valid legal basis under the GDPR:

  • Contractual necessity (Art. 6(1)(b) GDPR): To provide our app and services, including account creation, subscription management, and processing payments.
  • Legal obligation (Art. 6(1)(c) GDPR): To comply with applicable laws, such as tax or accounting requirements.
  • Consent (Art. 6(1)(a) GDPR): For optional telemetry data, which is collected only if you explicitly enable it in Settings.
  • Legitimate interests (Art. 6(1)(f) GDPR): To ensure security, prevent abuse, and improve app stability and performance, provided these interests are not overridden by your rights.

2. Information We Collect

We collect the following categories of information:

2.1. Account Information

  • Email address and password (hashed) when you create an account.
  • Subscription status and purchase history.

2.2. Vehicle Data

  • VIN (Vehicle Identification Number) linked to your account when you purchase lifetime access for a specific vehicle.
  • Diagnostic trouble codes (DTC) and related vehicle sensor data are processed locally on your device only when you actively run a scan. We do not transmit OBD payloads (including DTC codes and sensor values) to our servers. These data are not included in optional telemetry. You may choose to share a one-time diagnostic export with Support, but only if you explicitly initiate it.

2.3. Diagnostic Logs & Metrics

  • Critical logs: error logs free of any personally identifiable information (PII), always collected and sent for the purpose of ensuring proper app operation.
  • Along with error logs, we may also collect basic device information such as device manufacturer, model, operating system version, and app version. These details are required to understand the context of errors and are not linked to any personal identification. A temporary session identifier may also be included; it expires once the app is closed and cannot be used to track users across sessions.
  • Telemetry data (optional, with user consent): connection events with OBD adapters, performance metrics (latency, success/failure rates), executed actions within the app, and adapter information (adapter name, manufacturer, technical capabilities). No OBD responses or diagnostic codes are sent in this mode.

2.4. Technical Information (required for diagnostics)

  • Operating system type (Android or iOS).
  • App version and build number.
  • Anonymised installation ID (appId).

Purpose. Collected to ensure app stability, compatibility, and security (e.g., reproducing crashes on a given OS type, preventing abuse). This data does not include persistent device identifiers (e.g., IMEI, MAC address, Android ID, IDFA/GAID) or the device's user-defined name and is not used for advertising or cross-app tracking.

Retention. Stored only in critical diagnostics logs for up to 30 days, then deleted or aggregated. These fields may appear in critical logs even if you disable optional telemetry, because they are necessary to operate and troubleshoot the service.

3. How We Use Your Information

We use collected information to:

  • Provide and improve the app's functionality.
  • Diagnose connection issues with OBD adapters.
  • Improve compatibility with different adapter models.
  • Process purchases and subscriptions.
  • Ensure security and prevent abuse.
  • Generate anonymous statistics (only if telemetry is enabled). We do not use OBD payloads (DTC/sensor values) for analytics or telemetry.

4. Data Sharing

We do not sell your data. We may share it only with:

  • Service providers (e.g., Firebase, Google Cloud) for app hosting, analytics, and diagnostics.
  • Email delivery provider (SMTP2GO), used exclusively for sending transactional emails such as password resets, account confirmations, and purchase receipts. We have a Data Processing Agreement (DPA) in place and use the EU region to ensure GDPR compliance.
  • RevenueCat, used to process subscriptions and in-app purchases on the Apple App Store and Google Play. RevenueCat acts as a data processor under GDPR. Data may be transferred outside the EU (e.g., to the United States) under Standard Contractual Clauses (SCCs). We have a Data Processing Agreement (DPA) in place with RevenueCat.
  • Law enforcement if required by law.

5. Data Retention

  • Account data is retained while your account is active and for up to 12 months after closure (for fraud prevention and legal compliance), unless a longer period is required by law.
  • Vehicle and diagnostic data are retained as long as necessary for your subscription or lifetime access. You may request deletion at any time (see “Your Rights”).
  • Critical logs are retained for troubleshooting and support purposes for up to 30 days and then deleted or irreversibly aggregated.
  • Optional telemetry data (if enabled) may be retained in aggregate, anonymised form for statistical purposes. Raw telemetry linked to an installation identifier is kept for up to 90 days.

6. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data.
  • Withdraw consent for optional data collection at any time in Settings.
  • Request a copy of your data (data portability).
  • Object to or request restriction of processing where we rely on legitimate interests.
  • Lodge a complaint with a supervisory authority. In the EU, you can contact your local authority; in Poland this is the President of the Personal Data Protection Office (UODO).

How to exercise your rights. Send a request to contact@obdify.net. We will respond within 30 days. If your request concerns purchases/subscriptions, we will also apply actions to data stored with our processor RevenueCat.

7. Data Security

We implement industry-standard security measures, including encryption and secure storage, to protect your information.

8. International Data Transfers

All logs and telemetry data are stored in the European Union region on Google Cloud infrastructure. Additionally, user data — such as backups, registered VINs, receipts, and app settings — is also stored and processed within the EU on secure Google Cloud services. The EU has some of the world's highest standards for data protection under the GDPR. Data stored in the EU remains accessible worldwide as needed to operate the service, but is always subject to EU privacy protections. We comply with GDPR and other applicable laws for data transfers.

For subscription processing, we use RevenueCat (USA). Data may therefore be transferred outside the EU. Such transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

9. Children’s Privacy

Our app and services are not directed to children under the age of 13 (or 16 in the EU, where applicable). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe that a child has provided us with personal data, please contact us at contact@obdify.net.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and update the “Last updated” date at the top. For material changes, we will provide additional notice within the app.

11. Contact

If you have any questions, contact us at:
Email: contact@obdify.net

© 2025 OBDify Sp. z o.o.