Privacy Policy

Information on the processing of personal data in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1. Controller

Autoflasher GmbH
Betriebsring 4 / Building 2
A-2483 Ebreichsdorf, Austria

Phone: +43 664 2036863
E-Mail: info@autoflasher.de

Managing Director: Ionut Florin Merca
VAT ID: ATU77225227

Autoflasher GmbH (hereinafter referred to as "we", "us" or "Controller") is the controller within the meaning of the GDPR for the processing of your personal data in connection with the website autoflashlog.com, the associated customer portal, the dashboard and the desktop application AutoFlashLog.

If you have any questions about data protection, you can reach us at any time at info@autoflasher.de.

2. Collection and Storage of Personal Data

2.1 When visiting the website

When you access our website, your browser automatically transmits information to our server. This information is temporarily stored in so-called server log files. The following data is collected without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which access was made (referrer URL)
Browser used and, if applicable, the operating system of your computer and the name of your access provider

The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring a smooth connection, convenient use, system security and stability, and evaluation for administrative purposes.

2.2 When registering and using a user account

Registration is required to use our portal and the AutoFlashLog desktop application. The following data is collected during registration:

E-mail address
Password (stored as a cryptographic hash)
First and last name
Company (optional)
Billing address (street, postal code, city, country)
VAT ID (optional, for business customers)
Delivery address (for hardware orders)

The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(a) GDPR (consent upon registration).

2.3 When using the AutoFlashLog desktop application

The AutoFlashLog desktop application (Electron app) collects the following data for license verification and functionality:

Hardware ID (HWID): A unique identifier generated from device characteristics for activating and binding your license to a specific device.
License and session data: License keys, activation status, session tokens.
Vehicle and ECU data: Measurement data (logging data) you record is stored locally on your device and is only transmitted to our servers if you actively initiate this (e.g. cloud upload).

The legal basis is Art. 6(1)(b) GDPR (contract performance – license management).

3. Purpose of Data Processing

We process your personal data for the following purposes:

Provision and operation of the website, portal and desktop application
Creation and management of your user account
License management and HWID-based activation
Payment processing and invoicing
Communication with you (support, enquiries)
Provision of the API (VehicleDatabase.eu)
Ensuring IT security and abuse prevention
Compliance with statutory retention obligations (in particular tax and commercial law obligations)

4. Disclosure of Data to Third Parties

Your personal data will only be transferred to third parties in the following cases:

Payment service provider: Stripe, Inc. (see Section 5)
Hosting provider: Our servers are operated by professional hosting providers in the EU. A data processing agreement pursuant to Art. 28 GDPR is in place.
Google LLC: Integration of Google Fonts (see Section 7)
Legal obligation: If we are legally required to do so (Art. 6(1)(c) GDPR), e.g. towards tax authorities.

Data transfers to third countries (outside the EEA) only take place to the extent necessary for the performance of the contract (e.g. Stripe, Google) and on the basis of appropriate safeguards pursuant to Art. 46 GDPR or an adequacy decision pursuant to Art. 45 GDPR (EU-US Data Privacy Framework).

5. Payment Processing (Stripe)

We use the service Stripe (Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA / Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland) for payment processing.

The following data is transmitted to Stripe during the payment process:

First and last name
E-mail address
Billing address
Payment information (credit card details etc. – these are processed directly by Stripe and are not visible to us)
Order details and amount

The legal basis is Art. 6(1)(b) GDPR (contract performance). Stripe is certified under the EU-US Data Privacy Framework. Further information can be found in Stripe's Privacy Policy.

6. Cookies

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device.

6.1 Technically necessary cookies

We use technically necessary cookies that are absolutely required for the operation of the website and portal. These include in particular:

Session cookies: For authentication and maintaining your login session.
Language setting: To store your preferred language.

These cookies are automatically deleted at the end of the browser session or after a defined period. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technical functionality of the website).

6.2 No tracking or analytics cookies

We do not use tracking cookies, analytics tools (such as Google Analytics) or cookies for advertising purposes.

7. Google Fonts

This website uses so-called Google Fonts for uniform display of fonts, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When a page is loaded, your browser downloads the required fonts (Inter, JetBrains Mono) directly from Google's servers. Your IP address is transmitted to Google in the process. According to Google's own statements, Google does not store any cookies in connection with the Fonts API and does not log IP addresses permanently.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in uniform, high-performance display). Google is certified under the EU-US Data Privacy Framework.

Further information can be found in Google's Privacy Policy and the Google Fonts FAQ.

8. Server Log Files

The hosting provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
IP address
Time of the server request

This data is not merged with other data sources. Storage is based on Art. 6(1)(f) GDPR (legitimate interest in technical security and error analysis). Server log files are automatically deleted after a maximum of 90 days, unless further retention for evidentiary purposes is required.

9. Contact

If you contact us by e-mail, contact form or telephone, the data you provide (e.g. name, e-mail address, content of the message) will be stored and processed by us to handle your enquiry.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or contract performance) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

Your data will be deleted once the enquiry has been fully processed and there are no statutory retention obligations to the contrary.

If you sign up for our newsletter, we will use your e-mail address to send regular information about our products and services. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR.

You can unsubscribe at any time, e.g. via the unsubscribe link in each newsletter e-mail or by e-mail to info@autoflasher.de. After unsubscribing, your e-mail address will be immediately removed from the newsletter mailing list.

10. Rights of the Data Subject

You have the following rights against us as the controller pursuant to the GDPR:

10.1 Right of access (Art. 15 GDPR)

You have the right to obtain information about the personal data we store about you. This includes in particular information on the purposes of processing, categories of data, recipients, storage periods, origin of the data, and the existence of a right to rectification, erasure, restriction or objection.

10.2 Right to rectification (Art. 16 GDPR)

You have the right to demand the immediate rectification of inaccurate or the completion of incomplete personal data.

10.3 Right to erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data, provided that processing is not necessary to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

10.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data where the accuracy of the data is contested, processing is unlawful, we no longer need the data, or you have objected to processing.

10.5 Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You can transmit this data to another controller without hindrance.

10.6 Right to object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data which is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest). We will then no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests.

10.7 Right to withdraw consent (Art. 7(3) GDPR)

If processing is based on your consent, you can withdraw this at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

To exercise your rights, please contact us at info@autoflasher.de.

11. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority responsible for us is:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria

Phone: +43 1 521 52-2569
E-Mail: dsb@dsb.gv.at
Website: www.dsb.gv.at

12. Currency and Changes to this Privacy Policy

This privacy policy is currently valid and dated March 2026.

Due to the further development of our website and services, or as a result of changed legal or regulatory requirements, it may be necessary to amend this privacy policy. The current version of the privacy policy can be accessed at any time on our website at autoflashlog.com/en/datenschutz.html.