GDPR / DSGVO

Privacy Policy

This privacy policy explains how the service processes personal data for website visits, account access, support, billing, and product operations.

Last updated

May 5, 2026

Privacy requests should be handled through the published privacy contact channel and documented according to the operator compliance process.

The legal and policy information on these public pages should be kept aligned with the current company registration, tax treatment, support workflow, payment setup, and applicable regulatory obligations.

Controller

Fahrnex. Please enter the full registered business address. Representative: Please enter the full legal representative name..

Privacy Contact

info@fahrnex.de. Data protection officer: Please enter the data protection officer contact or state that no appointment is legally required..

Supervisory Authority

Please enter the competent supervisory authority based on the registered business address.

Processing Activities And Legal Bases

Website, contact, and demo requests

Data: Name, email address, optional phone number, company, job title, fleet size, message content, preferred contact channel, language, and technical request metadata.

Purpose: Responding to enquiries, preparing demos, qualifying Enterprise requests, and keeping sales/support context.

Legal basis: Art. 6(1)(b) GDPR for pre-contractual requests and Art. 6(1)(f) GDPR for business communication and service security.

Retention: Enquiries are kept while the request is active and then retained only as needed for business documentation or legal obligations.

Account, authentication, and security

Data: Name, email, password hash, session cookies, email verification state, password reset tokens, role, locale, login/session activity, and admin acting-user context.

Purpose: Creating accounts, signing users in, protecting accounts, sending verification/password emails, and preventing misuse.

Legal basis: Art. 6(1)(b) GDPR for account delivery and Art. 6(1)(f) GDPR for security and abuse prevention.

Retention: Account data is kept while the account exists. Security logs and reset/verification tokens are limited according to operational need.

Vehicle operations

Data: Vehicle details, VIN lookups, mileage, reminders, service logs, expenses, uploaded documents, document metadata, telemetry provider settings, and related support history.

Purpose: Providing the Fahrnex SaaS features for vehicle maintenance, reminders, documents, expenses, analytics, telemetry, and support.

Legal basis: Art. 6(1)(b) GDPR for product delivery and Art. 6(1)(f) GDPR for product reliability and support.

Retention: Vehicle and document records remain available while the account is active or until the user deletes them, subject to legal retention duties.

Consent-based website and product analytics

Data: Aggregated event names, public page paths, referrer domain, campaign parameters, inferred visit intent, device/browser category, language, account identifiers where applicable, timestamps, limited non-sensitive metadata such as plan type or feature category, and Google Analytics 4 measurement data where visitors opt in.

Purpose: Understanding public-page interest, campaign performance, feature usage, reliability, conversion, and support demand. Google Analytics 4 should load only after analytics consent, while non-essential advertising and retargeting storage remain disabled.

Legal basis: Art. 6(1)(a) GDPR for consent-based analytics and Art. 6(1)(f) GDPR for product improvement, operational insight, and service reliability where data is processed without non-essential cookies.

Retention: Analytics events are kept only as long as needed for product and operational reporting, then aggregated or deleted according to the retention policy.

Billing, subscriptions, and invoices

Data: Plan, subscription status, invoice data, billing name, billing email, payment preferences, Stripe checkout references, refund claims, and invoice PDFs.

Purpose: Managing paid plans, invoices, refunds, payment confirmation emails, and accounting records.

Legal basis: Art. 6(1)(b) GDPR for billing performance and Art. 6(1)(c) GDPR for statutory tax/accounting duties.

Retention: Commercial and accounting records may be retained for statutory retention periods, commonly up to 10 years in Germany depending on record type.

Support tickets and notifications

Data: Ticket subject, category, priority, messages, assigned admin, notification settings, notification logs, and reply history.

Purpose: Providing customer support, documenting support actions, and sending support replies or reminders.

Legal basis: Art. 6(1)(b) GDPR for support related to the service and Art. 6(1)(f) GDPR for support quality and dispute documentation.

Retention: Support records are kept while needed for customer service, product quality, and legal defence.

Service Providers And Data Recipients

Fahrnex uses carefully selected service providers to host the application, store files, deliver emails, process payments, operate deployments, and provide optional integrations. These providers process personal data only as needed for the relevant service.

Cloud hosting and storage providers

Hosting the backend application, databases, file storage, operational monitoring, and related security controls.

EU/EEA regions are used where reasonably available for production workloads.

Frontend hosting and delivery providers

Serving the public website and web application, including static assets and deployment-related processing.

Content delivery may involve global infrastructure depending on visitor location and provider configuration.

Payment service providers

Processing payment checkout, subscription references, billing workflows, invoices, refunds, and related payment events when paid features are used.

EU/EEA and international processing may occur according to the provider's data processing terms.

Email delivery providers

Sending account verification, password reset, billing, support, reminder, and service notification emails.

EU/EEA or international processing may occur depending on delivery routing and provider configuration.

Development and deployment tooling providers

Operating source code, deployment, incident investigation, and support workflows. Personal data is not intentionally stored there, but limited log or support context may be processed if needed to resolve issues.

International processing may occur for development and deployment operations.

Optional integration and communication providers

Calendar export, telemetry integrations, SMS, WhatsApp, or similar optional features when configured or enabled by the user.

Only used for the relevant optional feature; international processing may occur depending on the provider.

Where processors or subprocessors process data outside the EU/EEA, transfers should rely on an adequacy decision, EU Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, or another valid transfer mechanism.

Security

See how account, document, and operational security are described publicly.

Cookie Policy

Review consent behavior for analytics and non-essential storage.

Terms

Read service, billing, and support responsibilities.

Contact

Reach the team for privacy, enterprise, or onboarding questions.