Privacy Statement
This Privacy Policy governs the use of Tecaser websites and applications (collectively, the "Service"). By using our Service, you accept and agree to be bound by this Privacy Policy.
GDPR Compliance: This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.
Age Restriction: Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use our Service or provide any personal data.
If you are a Tecaser client, your personal data and other data will be governed by the provisions as contractually agreed between your organization and Tecaser.
WHAT PERSONAL DATA DO WE COLLECT?
Personal data is any information relating to an identified or identifiable person (such as a name, identification number, location data, or online identifier).
Personal data you provide to us:
You may provide us with personal data by filling in forms on our Service, or by corresponding with us by phone, email, or otherwise. This includes:
- Name, address, email address, phone number, and photo
- Organization and job title
- Account credentials and profile information
- Fleet and vehicle data: Vehicle Identification Numbers (VIN), license plate numbers, odometer readings, maintenance records, and service history
- Uploaded documents and images: Invoices, receipts, service records, and other documents related to vehicle maintenance and operations (which may contain personal data, company information, or financial details)
- Content of communications with us
- Any other information you submit through forms or inquiries
Personal data we collect automatically:
When you use our Service, we automatically collect:
- Technical data: IP address, browser type and version, device type and settings, operating system
- Usage data: Pages visited, page response times, visit duration, referral source, clickstream data
- Location data: Approximate geographic location based on IP address (for website visitors), and precise GPS location data for fleet vehicles when using our fleet management service
- Vehicle tracking data: Real-time and historical GPS coordinates, route information, and geolocation data for vehicles enrolled in fleet management
- Cookies and tracking data: Information collected through cookies and similar technologies (see Cookies section below)
Personal data we receive from third-party identity providers:
If you choose to sign in using a third-party identity provider (Google, Apple, or Microsoft), we receive limited personal data from that provider:
- From Google: Name, email address, profile picture
- From Apple: Name (optional), email address (real or private relay email)
- From Microsoft: Name, email address, profile picture
We only receive the data necessary for authentication and account creation. You can manage permissions granted to Tecaser through your Google, Apple, or Microsoft account settings.
COOKIES AND TRACKING TECHNOLOGIES
What are cookies?
Cookies are small text files stored on your device that help us provide and improve our Service. We use both session cookies (deleted when you close your browser) and persistent cookies (remain until deleted or expired).
Cookies we use:
Strictly Necessary Cookies (Always Active)
- Essential for the Service to function
- Enable security features and user authentication
- Cannot be disabled
Analytics Cookies (Can be Disabled)
- Google Analytics: We use Google Analytics on our website only (not in our mobile app or fleet data systems)
- Helps us understand how visitors use our Service
- Collects anonymous usage statistics and performance data
- You can disable analytics cookies through Cookie Settings on our website
Functional Cookies (Can be Disabled)
- Remember your preferences and settings
- Improve user experience through personalization
Managing cookies:
You can control cookies through:
- Cookie Settings on our website
- Your browser settings (to block or delete cookies)
- Google Analytics Opt-out Browser Add-on: tools.google.com/dlpage/gaoptout
Disabling cookies may limit the functionality of our Service.
WHAT DO WE USE YOUR PERSONAL DATA FOR?
We process your personal data under the following legal bases:
Contractual Performance
To provide you with our Service, we must process your personal data for:
- Creating and managing your account
- Delivering our fleet management services (including vehicle tracking, maintenance scheduling, route optimization, and fleet analytics)
- Processing vehicle and fleet data (VIN, license plates, GPS location, odometer readings, maintenance records, uploaded invoices and documents)
- Processing your requests and communications
- Providing customer support
Legitimate Interest
We process your personal data based on our legitimate interests (balanced with your rights) to:
- Improve and optimize our Service
- Provide updates about Tecaser products and features
- Analyze Service usage through analytics and reports
- Ensure security of our systems and prevent fraud
- Conduct research and trend analysis
- Create anonymized and aggregated data for business purposes (infographics, case studies, sales materials, social media content, campaigns)
- Re-engage users through retargeting on our website and social media
- Prefill forms with data you previously provided
Legal Obligations
We process your personal data to comply with legal requirements:
- Prevent and detect fraud, crime, and security threats
- Comply with applicable laws, regulations, and industry guidelines
- Respond to legal requests and court orders
- Maintain records as required by law
Consent
For certain processing activities, we will obtain your explicit consent, including:
- Marketing communications (you can withdraw consent at any time)
- Optional cookies and tracking beyond strictly necessary ones
THIRD-PARTY DATA PROCESSORS
We work with trusted third-party service providers who process personal data on our behalf:
Google Analytics
- Purpose: Website analytics
- Data shared: Anonymous usage data, IP addresses (anonymized)
- Location: United States (with EU-US Data Privacy Framework safeguards)
- Privacy Policy: policies.google.com/privacy
OVH (Cloud Hosting Provider)
- Purpose: Infrastructure and data storage
- Data shared: All data stored in our systems
- Location: Gravelines Data Center, France (European Economic Area)
- Privacy Policy: ovhcloud.com/en/personal-data-protection
Microsoft (Email Service Provider)
- Purpose: Transactional and service emails
- Data shared: Email addresses, names, email content
- Location: European Economic Area
- Privacy Policy: privacy.microsoft.com
Third-Party Identity Providers (OAuth)
- Purpose: Optional authentication via Google, Apple, or Microsoft accounts
- Data received: Name, email address, profile picture (as described in the data collection section)
- Your relationship: These providers share your data with us only when you authorize it through their login systems
- Privacy Policies:
- Google: policies.google.com/privacy
- Apple: apple.com/legal/privacy
- Microsoft: privacy.microsoft.com
All processors are contractually required to protect your data and process it only according to our instructions and applicable data protection laws.
WHERE DO WE STORE YOUR PERSONAL DATA?
Primary Storage: Your personal data is stored on secure servers hosted by OVH in their Gravelines data center in France (European Economic Area).
International Transfers: Some third-party services (such as Google Analytics) may transfer data outside the EEA. When this occurs, we ensure appropriate safeguards are in place, including:
- EU-US Data Privacy Framework certification
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
HOW LONG DO WE KEEP YOUR DATA?
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law:
| Data Type | Retention Period | Reason |
|---|---|---|
| Website analytics | 14 months | Google Analytics default, sufficient for trends |
| Contact form submissions | 3 years | Business development and service inquiries |
| Active user accounts | Duration of active account | Service delivery |
| Fleet and vehicle data (VIN, plates, GPS, odometer, maintenance, uploaded documents) | Duration of active account | Service delivery |
| Deleted account data | Immediately and permanently deleted | Apple policy compliance, irreversible |
| Financial/tax records (if applicable) | 7 years | Legal requirements |
| Marketing consent | Until withdrawn + 30 days | Compliance verification |
| Server logs | 90 days | Security and troubleshooting |
After these periods, we securely delete or anonymize your personal data. If you delete your account, all your personal data is immediately and permanently deleted and cannot be recovered. This is in compliance with Apple's App Store policies and ensures your data is irreversibly removed from our systems.
YOUR RIGHTS UNDER GDPR
You have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you, in a portable format (CSV, JSON, or PDF).
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data. To fully erase your data, log in to your Tecaser account and delete your account in the organization section. We require login authentication for security purposes.
Important: Account deletion is immediate, permanent, and irreversible. All your personal data, including fleet data (vehicles, GPS history, maintenance records, uploaded documents, and invoices), is permanently deleted and cannot be recovered. This complies with Apple's App Store data deletion requirements.
You can also email us at tecaser@techmetria.pl to request deletion, though in-app deletion is the fastest method.
Right to Restrict Processing
Request that we limit how we use your personal data.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format to transfer to another service.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
Right Not to Be Subject to Automated Decision-Making
You will not be subject to decisions based solely on automated processing that significantly affect you. We do not engage in such automated decision-making.
How to Exercise Your Rights
Contact us at:
- Email: tecaser@techmetria.pl
- Data Protection Officer: tecaser@techmetria.pl
We will respond to your request within 30 days. We may need to verify your identity before processing requests.
PROTECTING YOUR PERSONAL DATA
Security is fundamental to our Service:
- Encryption: We use SSL/TLS encryption for data in transit and strong encryption algorithms for data at rest
- Access Controls: Strict access controls ensure only authorized personnel can access personal data
- Authentication: OAuth2/OIDC authentication with secure token management, with optional sign-in via Google, Apple, or Microsoft identity providers
- Infrastructure Security: Kubernetes-based deployment with security contexts, network policies, and regular updates
- Monitoring: Continuous monitoring for security threats and unauthorized access
- Compliance: We meet security standards required by applicable laws and industry best practices
- Regular Audits: Periodic security assessments and penetration testing
DATA BREACH NOTIFICATION
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Supervisory Authority within 72 hours of becoming aware of the breach
- Notify Affected Individuals without undue delay if the breach poses a high risk to you
- Provide Information about the nature of the breach, likely consequences, and measures taken
We maintain detailed incident response procedures to detect, respond to, and mitigate data breaches.
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
- Post the updated Privacy Policy with a new "Last Updated" date
- Notify you of material changes via email or prominent notice on our Service
- For significant changes, we may request your renewed consent
OUR CONTACT DETAILS
Tecaser is a registered trademark of Tecaser Marcin Nowak.
Contact Information:
- Email: tecaser@techmetria.pl
- Data Protection Officer: tecaser@techmetria.pl
Business Address:
- Tecaser Marcin Nowak
- Poland
COMPLAINTS TO THE SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the data protection supervisory authority, particularly in:
- The country where you reside
- Your place of work
- The place where you believe a data protection violation occurred
In Poland, the supervisory authority is:
Polish Data Protection Commissioner (Urząd Ochrony Danych Osobowych - UODO)
- Address: ul. Stawki 2, 00-193 Warszawa, Poland
- Telephone: +48 22 531 03 00
- Email: kancelaria@uodo.gov.pl
- Website: uodo.gov.pl
You can also contact the supervisory authority in any other EU member state where you reside or work.
Last updated: January 14, 2026
