Privacy Policy

Last updated: March 3, 2026

This Privacy Policy describes how Servo ("Servo", "we", "us", "our") collects, uses, and protects personal data when you use the Servo mobile application and related services (the "Service"). This Policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Data Controller

Servo, based in the European Union.
Email: hello@servo.pro

Servo acts as the Data Controller for all personal data processed through the Service.

2. Personal Data We Collect

2.1 Information You Provide

• Name and email address
• Account credentials (password stored securely using hashing)
• Vehicle information (make, model, year, license plate, VIN)
• Odometer readings
• Fuel-up entries
• Service and maintenance records
• Uploaded documents and images (including receipts)
• Notes and metadata related to vehicle history

2.2 Automatically Collected Information

• Device type and operating system
• App version
• IP address
• Usage and interaction data (via PostHog analytics)
• Crash reports and diagnostics

3. Purposes of Processing

We process personal data for the following purposes:

• Providing and maintaining the Service
• Creating and managing user accounts
• Storing structured vehicle history records
• Syncing data across devices via cloud sync
• Generating public shareable vehicle history links
• Processing receipt images via OCR
• Sending transactional emails (via Resend)
• Sending reminders and notifications
• Ensuring security and preventing fraud
• Improving the Service through analytics
• Complying with legal obligations

4. Legal Basis for Processing

We rely on:

• Article 6(1)(b) GDPR — performance of a contract (providing the Service)
• Article 6(1)(f) GDPR — legitimate interests (security, service improvement, analytics)
• Article 6(1)(a) GDPR — consent, where applicable

5. Public Vehicle History Links

Users may generate public history links. When enabled:

• Selected vehicle data becomes accessible to anyone possessing the link
• Servo does not index such links for search engines
• Users may deactivate links at any time

Users are responsible for sharing links.

6. Data Retention

We retain personal data:

• For the duration of the user account
• Until deletion is requested
• For limited backup periods for system integrity

Upon account deletion, personal data is permanently erased within a reasonable timeframe, except where retention is required by law.

7. Data Processors & Third Parties

We may use third-party service providers including:

• Hetzner — cloud hosting (Germany, EU)
• PostHog — product analytics
• Resend — transactional emails
• Apple App Store — payment processing

We enter into appropriate Data Processing Agreements (DPAs) where required.

8. International Transfers

Your data is primarily stored on servers in Germany (EU). If data is transferred outside the EU/EEA, we ensure adequate safeguards such as Standard Contractual Clauses.

9. Security Measures

We implement appropriate technical and organizational safeguards including:

• Encrypted data transmission (TLS/HTTPS)
• Secure token storage (Keychain on iOS)
• Password hashing
• Access control policies
• Monitoring for unauthorized access

No system can guarantee absolute security.

10. Your GDPR Rights

You have the right to:

• Access your data
• Rectify inaccurate data
• Erase your data
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent

Requests may be submitted to hello@servo.pro.

You also have the right to lodge a complaint with your local Data Protection Authority.

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated through the app or email. Continued use of the Service after changes constitutes acceptance of the revised policy.