Legal

Privacy Policy

Last updated: 23 June 2026

This is the privacy policy for the OBDify mobile app. For how the obdify.net website uses cookies and analytics, see our Cookie Policy.

1. Introduction

OBDify Sp. z o.o. ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

OBDify Sp. z o.o.
Leśna 1, 81-876 Sopot, Poland
Registered in the National Court Register (KRS) kept by the District Court Gdańsk-Północ in Gdańsk, 8th Commercial Division, under No. 0001029693
NIP (Tax ID): 5851500745 · REGON: 524988201
Share capital: PLN 5,000

1.1 Legal Basis for Processing

We process personal data only where we have a valid legal basis under the GDPR:

  • Contractual necessity (Art. 6(1)(b) GDPR): To provide our app and services, including account creation, subscription management, and processing payments.
  • Legal obligation (Art. 6(1)(c) GDPR): To comply with applicable laws, such as tax or accounting requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR): To ensure security, prevent abuse, improve app stability and performance, and collect telemetry and diagnostic data to enhance compatibility with OBD adapters. This data is anonymous, does not include personal information or vehicle diagnostic data, and you can opt-out at any time in Settings, provided these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a) GDPR): Where we specifically ask for it — for example, the iOS App Tracking Transparency (ATT) prompt. You can withdraw consent at any time, without affecting processing carried out before withdrawal.

2. Information We Collect

We collect the following categories of information:

2.1. Account Information

  • Email address and password (hashed) when you create an account.
  • Subscription status and purchase history.

2.2. Vehicle Data

  • VIN (Vehicle Identification Number) linked to your account when you purchase VIN access for a specific vehicle.
  • Diagnostic trouble codes (DTC) and related vehicle sensor data are processed locally on your device only when you actively run a scan. We do not transmit OBD payloads (including DTC codes and sensor values) to our servers. These data are not included in telemetry. You may choose to share a one-time diagnostic export with Support, but only if you explicitly initiate it.

2.3. Diagnostic Logs & Metrics

  • Critical logs: error logs free of any personally identifiable information (PII), always collected and sent for the purpose of ensuring proper app operation.
  • Along with error logs, we may also collect basic device information such as device manufacturer, model, operating system version, and app version. These details are required to understand the context of errors and are not linked to any personal identification. A temporary session identifier may also be included; it expires once the app is closed and cannot be used to track users across sessions.
  • Telemetry data (enabled by default, opt-out available): When you first launch the app, you will see a notification informing you that anonymous telemetry data is being collected to improve app stability and compatibility with OBD adapters. You can disable this at any time in Settings → Diagnostics & Crash Reports. Telemetry includes: connection events with OBD adapters, performance metrics (latency, success/failure rates), executed actions within the app, and adapter information (adapter name, manufacturer, technical capabilities). No OBD responses or diagnostic codes are sent in this mode.

2.4. Technical Information (required for diagnostics)

  • Operating system type (Android or iOS).
  • App version and build number.

Purpose. Collected to ensure app stability, compatibility, and security (e.g., reproducing crashes on a given OS type, preventing abuse). On iOS, we may collect your Identifier for Advertisers (IDFA) with your explicit consent via the App Tracking Transparency (ATT) prompt. If you decline, no IDFA is collected. This data does not include other persistent device identifiers (e.g., IMEI, MAC address, Android ID) or the device's user-defined name.

Retention. Stored only in critical diagnostics logs for up to 30 days, then deleted or aggregated. These fields may appear in critical logs even if you disable optional telemetry, because they are necessary to operate and troubleshoot the service.

3. How We Use Your Information

We use collected information to:

  • Provide and improve the app's functionality.
  • Diagnose connection issues with OBD adapters.
  • Improve compatibility with different adapter models.
  • Process purchases and subscriptions.
  • Ensure security and prevent abuse.
  • Generate anonymous statistics (only if telemetry is enabled). We do not use OBD payloads (DTC/sensor values) for analytics or telemetry.

3.1 Crash Reporting

We use Firebase Crashlytics (provided by Google) to collect anonymous crash reports and technical diagnostics that help us identify and fix stability issues. Crash reports can include a stack trace, approximate timestamp, app version, device model, and operating system version. They do not contain personally identifiable information such as your email address, account details, or precise location. Crash reporting is used solely to improve app functionality and reliability and is not used for advertising or cross-app tracking. Optional telemetry is enabled by default and can be disabled at any time in Settings → Diagnostics & Crash Reports. Essential crash reporting remains always enabled to maintain app reliability and to fix unexpected errors.

3.2 Analytics

We use Firebase Analytics (provided by Google) for anonymous, aggregate usage statistics — such as app opens, screen views and in-app events — to understand how the app is used. This analytics data is not linked to your account, ad personalization is disabled, and on Android the advertising identifier is not collected. On iOS, we ask for permission via Apple's App Tracking Transparency (ATT) framework. We do not currently use your Identifier for Advertisers (IDFA) for advertising, personalization, or cross-app tracking. We may, in a future version and only if you grant permission, use it to measure the performance of our own advertising (for example, whether you installed the app after seeing one of our ads). If you decline, your IDFA is never accessed. You can change your ATT preference at any time in your device's Settings → Privacy & Security → Tracking. Analytics data is processed by Google under their privacy policies and is not sold to third parties.

4. Data Sharing

We do not sell your data. We may share it only with:

  • Service providers (e.g., Firebase, Google Cloud) for app hosting, analytics, and diagnostics.
  • Email delivery provider (SMTP2GO), used exclusively for sending transactional emails such as password resets, account confirmations, and purchase receipts. We have a Data Processing Agreement (DPA) in place and use the EU region to ensure GDPR compliance.
  • RevenueCat, used to process subscriptions and in-app purchases on the Apple App Store and Google Play. RevenueCat acts as a data processor under GDPR. Data may be transferred outside the EU (e.g., to the United States) under Standard Contractual Clauses (SCCs). We have a Data Processing Agreement (DPA) in place with RevenueCat.
  • Law enforcement if required by law.

5. Data Retention

  • When you delete your account, your account and personal data are deleted. We keep only records we are legally required to retain — for example, purchase and transaction records for tax purposes — and short-lived diagnostic logs (see below).
  • Vehicle and diagnostic data are retained as long as necessary for your subscription or VIN access. You may request deletion at any time (see “Your Rights”).
  • Critical logs are retained for troubleshooting and support purposes for up to 30 days and then deleted or irreversibly aggregated.
  • Telemetry data (enabled by default, opt-out available) may be retained in aggregate, anonymised form for statistical purposes. Raw, anonymised telemetry is kept for up to 30 days.

6. Your Rights

If you are in the EU/EEA, the GDPR gives you the following rights over your personal data (some of these may also apply elsewhere under local law):

  • Access to your personal data.
  • Rectification of inaccurate or incomplete data.
  • Erasure of your data (“right to be forgotten”).
  • Restriction of processing.
  • Data portability — receive a copy of your data in a portable format.
  • Object to processing, including telemetry, which you can disable at any time in Settings → Diagnostics & Crash Reports.
  • Withdraw consent at any time (for example, iOS tracking), without affecting processing carried out before withdrawal.
  • Lodge a complaint with a supervisory authority. In the EU, you can contact your local authority; in Poland this is the President of the Personal Data Protection Office (UODO).

How to exercise your rights. To delete your account, you can do so directly from the app settings. For other rights or data requests, send a request to contact@obdify.net. We will respond within 30 days. If your request concerns purchases/subscriptions, we will also apply actions to data stored with our processor RevenueCat.

7. Data Security

We implement industry-standard security measures, including encryption and secure storage, to protect your information.

8. International Data Transfers

All logs and telemetry data are stored in the European Union region on Google Cloud infrastructure. Additionally, user data — such as backups, registered VINs, receipts, and app settings — is also stored and processed within the EU on secure Google Cloud services. The EU has some of the world's highest standards for data protection under the GDPR. Data stored in the EU remains accessible worldwide as needed to operate the service, but is always subject to EU privacy protections. We comply with GDPR and other applicable laws for data transfers.

Some of our processors are based in, or may process data in, the United States — in particular RevenueCat (subscription and purchase processing) and certain Google services such as Firebase Analytics and Crashlytics. Where data is transferred outside the EEA, the transfer is protected by the European Commission's Standard Contractual Clauses (SCCs) and the processors' data-processing agreements, to ensure a level of protection consistent with the GDPR.

9. Children's Privacy

Our app and services are not directed to children under 16 (or the lower minimum age set by local law, e.g. 13 in the United States), and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe that a child has provided us with personal data, please contact us at contact@obdify.net.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and update the “Last updated” date at the top. For material changes, we will provide additional notice within the app.

11. Contact

If you have any questions, contact us at:
Email: contact@obdify.net

Ready to diagnose?

Turn your phone into
a dealer-grade scan tool.

Download on the App Store Get it on Google Play

Free download · Cancel anytime