← Back to OBDify Car Diagnostic

Privacy Policy – OBDify Car Diagnostic

Last updated: 20 November 2025

1. Introduction

OBDify Sp. z o.o. ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

OBDify Sp. z o.o. is registered in Poland, with its principal office at Leśna 1, 81-876 Sopot, Poland.

1.1 Legal Basis for Processing

We process personal data only where we have a valid legal basis under the GDPR:

  • Contractual necessity (Art. 6(1)(b) GDPR): To provide our app and services, including account creation, subscription management, and processing payments.
  • Legal obligation (Art. 6(1)(c) GDPR): To comply with applicable laws, such as tax or accounting requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR): To ensure security, prevent abuse, improve app stability and performance, and collect telemetry and diagnostic data to enhance compatibility with OBD adapters. This data is anonymous, does not include personal information or vehicle diagnostic data, and you can opt-out at any time in Settings, provided these interests are not overridden by your rights.

2. Information We Collect

We collect the following categories of information:

2.1. Account Information

  • Email address and password (hashed) when you create an account.
  • Subscription status and purchase history.

2.2. Vehicle Data

  • VIN (Vehicle Identification Number) linked to your account when you purchase lifetime access for a specific vehicle.
  • Diagnostic trouble codes (DTC) and related vehicle sensor data are processed locally on your device only when you actively run a scan. We do not transmit OBD payloads (including DTC codes and sensor values) to our servers. These data are not included in telemetry. You may choose to share a one-time diagnostic export with Support, but only if you explicitly initiate it.

2.3. Diagnostic Logs & Metrics

  • Critical logs: error logs free of any personally identifiable information (PII), always collected and sent for the purpose of ensuring proper app operation.
  • Along with error logs, we may also collect basic device information such as device manufacturer, model, operating system version, and app version. These details are required to understand the context of errors and are not linked to any personal identification. A temporary session identifier may also be included; it expires once the app is closed and cannot be used to track users across sessions.
  • Telemetry data (enabled by default, opt-out available): When you first launch the app, you will see a notification informing you that anonymous telemetry data is being collected to improve app stability and compatibility with OBD adapters. You can disable this at any time in Settings → Diagnostics & Crash Reports. Telemetry includes: connection events with OBD adapters, performance metrics (latency, success/failure rates), executed actions within the app, and adapter information (adapter name, manufacturer, technical capabilities). No OBD responses or diagnostic codes are sent in this mode.

2.4. Technical Information (required for diagnostics)

  • Operating system type (Android or iOS).
  • App version and build number.
  • Anonymised installation ID (appId).

Purpose. Collected to ensure app stability, compatibility, and security (e.g., reproducing crashes on a given OS type, preventing abuse). This data does not include persistent device identifiers (e.g., IMEI, MAC address, Android ID, IDFA/GAID) or the device's user-defined name and is not used for advertising or cross-app tracking.

Retention. Stored only in critical diagnostics logs for up to 30 days, then deleted or aggregated. These fields may appear in critical logs even if you disable optional telemetry, because they are necessary to operate and troubleshoot the service.

3. How We Use Your Information

We use collected information to:

  • Provide and improve the app's functionality.
  • Diagnose connection issues with OBD adapters.
  • Improve compatibility with different adapter models.
  • Process purchases and subscriptions.
  • Ensure security and prevent abuse.
  • Generate anonymous statistics (only if telemetry is enabled). We do not use OBD payloads (DTC/sensor values) for analytics or telemetry.

3.1 Crash Reporting

We use Firebase Crashlytics (provided by Google) to collect anonymous crash reports and technical diagnostics that help us identify and fix stability issues. Crash reports can include a stack trace, approximate timestamp, app version, device model, and operating system version. They do not contain personally identifiable information such as your email address, account details, or precise location. Crash reporting is used solely to improve app functionality and reliability and is not used for advertising or cross-app tracking. Telemetry and analytics are enabled by default but can be disabled in Settings → Diagnostics & Crash Reports. Essential crash reporting remains always enabled to maintain app reliability and to fix unexpected errors.

4. Data Sharing

We do not sell your data. We may share it only with:

  • Service providers (e.g., Firebase, Google Cloud) for app hosting, analytics, and diagnostics.
  • Email delivery provider (SMTP2GO), used exclusively for sending transactional emails such as password resets, account confirmations, and purchase receipts. We have a Data Processing Agreement (DPA) in place and use the EU region to ensure GDPR compliance.
  • RevenueCat, used to process subscriptions and in-app purchases on the Apple App Store and Google Play. RevenueCat acts as a data processor under GDPR. Data may be transferred outside the EU (e.g., to the United States) under Standard Contractual Clauses (SCCs). We have a Data Processing Agreement (DPA) in place with RevenueCat.
  • Law enforcement if required by law.

5. Data Retention

  • Account data is retained while your account is active and for up to 12 months after closure (for fraud prevention and legal compliance), unless a longer period is required by law.
  • Vehicle and diagnostic data are retained as long as necessary for your subscription or lifetime access. You may request deletion at any time (see “Your Rights”).
  • Critical logs are retained for troubleshooting and support purposes for up to 30 days and then deleted or irreversibly aggregated.
  • Telemetry data (enabled by default, opt-out available) may be retained in aggregate, anonymised form for statistical purposes. Raw telemetry linked to an installation identifier is kept for up to 90 days.

6. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data.
  • Object to telemetry data collection and disable it at any time in Settings → Diagnostics & Crash Reports.
  • Request a copy of your data (data portability).
  • Object to or request restriction of processing where we rely on legitimate interests.
  • Lodge a complaint with a supervisory authority. In the EU, you can contact your local authority; in Poland this is the President of the Personal Data Protection Office (UODO).

How to exercise your rights. To delete your account, you can do so directly from the app settings. For other rights or data requests, send a request to contact@obdify.net. We will respond within 30 days. If your request concerns purchases/subscriptions, we will also apply actions to data stored with our processor RevenueCat.

7. Data Security

We implement industry-standard security measures, including encryption and secure storage, to protect your information.

8. International Data Transfers

All logs and telemetry data are stored in the European Union region on Google Cloud infrastructure. Additionally, user data — such as backups, registered VINs, receipts, and app settings — is also stored and processed within the EU on secure Google Cloud services. The EU has some of the world's highest standards for data protection under the GDPR. Data stored in the EU remains accessible worldwide as needed to operate the service, but is always subject to EU privacy protections. We comply with GDPR and other applicable laws for data transfers.

For subscription processing, we use RevenueCat (USA). Data may therefore be transferred outside the EU. Such transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

9. Children’s Privacy

Our app and services are not directed to children under the age of 13 (or 16 in the EU, where applicable). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe that a child has provided us with personal data, please contact us at contact@obdify.net.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and update the “Last updated” date at the top. For material changes, we will provide additional notice within the app.

11. Contact

If you have any questions, contact us at:
Email: contact@obdify.net

© 2025 OBDify Sp. z o.o.