Privacy Policy

Last updated: 6/3/2026

1. Data Controller

The controller of personal data collected through the Driver ID service is Tierra Virtual Adrian Nicoś, registered at Kielnieńska 148C, 80-299 Gdańsk, Poland, Tax ID: 8811432370, Company Registration Number: 021396361 (hereinafter: "Controller").

We process your personal data based on:

  • Art. 6(1)(b) GDPR - performance of a contract for service provision
  • Art. 6(1)(c) GDPR - compliance with legal obligations (accounting, VAT)
  • Art. 6(1)(f) GDPR - legitimate interests (security, analytics)
  • Art. 6(1)(a) GDPR - consent (newsletter, cookies)

3. What Data We Collect

3.1. Account Data

  • Full name
  • Email address
  • Password (encrypted)

3.2. Company Data

  • Company name
  • Tax ID, Company Registration Number
  • Address (street, postal code, city, country)
  • Phone number
  • Company email address

3.3. Employee Driver License Data

  • Employee full name
  • Driver license number
  • License category
  • License expiration date

3.4. Payment Data

  • Transaction history (date, amount, status)
  • Payment card data is processed by Stripe (we do not store it)

3.5. Technical Data

  • IP address
  • Browser type and device
  • System logs and errors (Sentry)
  • Cookies

4. Purpose of Data Processing

  • Service provision - monitoring employee driver license validity
  • Payment processing - managing subscriptions (Stripe)
  • Email notifications - reminders about expiring licenses (Mailjet)
  • Spam protection - reCAPTCHA verification (Google)
  • Error monitoring - improving service quality (Sentry)
  • Customer support - responding to inquiries
  • Accounting - issuing VAT invoices

5. Sharing Personal Data

Your data may be shared with the following entities:

5.1. Data Processors

  • Stripe, Inc. (USA) - payment processing (PCI DSS certified)
  • Mailjet SAS (France) - email delivery
  • Google LLC (USA) - reCAPTCHA (spam protection)
  • Sentry (USA) - application error monitoring
  • Cloudflare, Inc. (USA) - CDN and DDoS protection

5.2. Other Entities

  • Hosting service providers
  • Accounting office (for invoice issuance)
  • State authorities (upon request, e.g., tax office)

Data transfers outside the EEA: Some of our subcontractors (Stripe, Google, Sentry) are located in the USA. Data transfer is based on Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention Period

  • Account data - until account deletion by user
  • Company and license data - until subscription termination + 30 days
  • VAT invoices - 5 years (legal requirement)
  • System logs - 90 days
  • Payment data (Stripe) - according to Stripe's policy (typically 7 years)

7. Your Rights

Under GDPR, you have the following rights:

7.1. Right of Access (Art. 15 GDPR)

You can obtain information about what data we process about you.

7.2. Right to Rectification (Art. 16 GDPR)

You can correct incorrect data in account settings.

7.3. Right to Erasure (Art. 17 GDPR)

You can request account deletion and all data ("Delete account" button in settings). The deletion process takes up to 24 hours.

7.4. Right to Restriction of Processing (Art. 18 GDPR)

You can restrict data processing in certain situations.

7.5. Right to Data Portability (Art. 20 GDPR)

You can receive your data in CSV or JSON format.

7.6. Right to Object (Art. 21 GDPR)

You can object to data processing for marketing purposes.

7.7. Right to Withdraw Consent (Art. 7(3) GDPR)

You can withdraw consent for cookies or newsletter at any time.

7.8. Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection authority.

To exercise your rights, write to: [email protected]

8. Cookies and Tracking Technologies

8.1. Essential Cookies

  • authjs.session-token - login session (essential)
  • next-locale - language selection (essential)

8.2. Functional Cookies

  • Stripe - payment processing
  • reCAPTCHA - spam protection

8.3. Analytics Cookies

  • Sentry - error and performance monitoring (anonymous)

You can block cookies in your browser settings, but this may limit service functionality.

9. Data Security

We implement the following security measures:

  • HTTPS encryption (SSL/TLS) for all communication
  • Password hashing (bcrypt)
  • Web application firewall (Cloudflare WAF)
  • Regular database backups
  • Security audits and penetration testing
  • Two-factor authentication (optional)

10. Children's Data

Our service is not intended for persons under 18 years of age. If you notice that a child has provided us with data, please contact us.

11. Changes to Privacy Policy

We reserve the right to change this Privacy Policy. We will notify you of any changes via email or notification in the service. The date of the last update is visible at the top of the document.

12. Contact

For matters concerning personal data protection, contact us:

⚖️ Legal Notice: This Privacy Policy is informational and does not constitute legal advice. We recommend consulting with a data protection lawyer before implementation.