Privacy Policy

Last updated: 8th October 2025

On this page
1. Who we are 2. Data we collect 3. How we use data 4. Legal bases 5. Sharing 6. Cookies & Tech 7. Security 8. Retention 9. Your rights 10. International transfers 11. Changes 12. Contact
1. Who we are

TotalOBD (“we”, “us”) provides a web-based diagnostics and key-programming application. We are the data controller for personal data processed through our website and app.

2. Data we collect
  • Account & contact: name, email, verification/reset tokens, login timestamps.
  • Purchase: pass selections, metadata needed to issue codes. Card details are processed by Stripe; we do not store full card numbers.
  • Usage: app events (e.g., redemption time), adapter capability checks, error logs.
  • Device permissions: Web Serial/Bluetooth prompts originate in your browser; access is local and scoped to your consent.
3. How we use data
  • Create and manage accounts; verify email; send activation/reset emails.
  • Process payments and deliver license keys.
  • Operate, secure, and improve the Service; prevent fraud and abuse.
  • Provide support and respond to enquiries.
  • Contract: to provide the Service and deliver passes/codes.
  • Legitimate interests: security, fraud prevention, and product improvement.
  • Consent: when required (e.g., certain cookies/marketing).
  • Legal obligation: tax/accounting compliance.
5. Sharing
  • Stripe: payments processing.
  • SMTP2GO / email delivery: activation, reset, and code emails.
  • Service providers under contract who must keep data confidential.
  • Law enforcement or regulators when required by law.
6. Cookies & similar tech

We use essential cookies for session and security. Your browser may load resources from CDNs (e.g., Bootstrap) subject to your Content Security Policy. Web Serial/Bluetooth access is initiated by you and requires HTTPS or localhost.

7. Security

We use encryption in transit (HTTPS) and access controls. No method is 100% secure; please use a strong, unique password and keep your devices updated.

8. Data retention

We retain personal data for as long as necessary to provide the Service and meet legal obligations. License issuance and redemption records may be retained for compliance and fraud prevention.

9. Your rights

Subject to law, you may request access, correction, deletion, restriction, portability, or object to certain processing. Contact us at [email protected]. You may also complain to the UK ICO.

10. International transfers

Where data is transferred outside the UK/EEA (e.g., to third-party providers), we rely on appropriate safeguards such as Standard Contractual Clauses.

11. Changes to this policy

We may update this Privacy Policy from time to time. We’ll update the “Last updated” date and, where appropriate, notify you of material changes.

12. Contact

Email: [email protected]

For payment details, please see Stripe’s privacy documentation.