Legal

Privacy Policy

Last updated: May 2025

1. Who We Are

ECUfy (“we”, “our”, “us”) operates the website ecufy.com, a marketplace for automotive ECU files, DAMOS definitions, FRF packages, and related digital products.

We are the data controller responsible for your personal data under the General Data Protection Regulation (GDPR) and applicable EU data protection law.

Contact: legal@ecufy.com

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, hashed password (if using credentials login), or OAuth profile data (if using Google Sign-In).
  • Transaction data: products purchased, payment amount, Stripe payment session identifiers. We do not store full card numbers — payments are processed by Stripe.
  • Download activity: download count per purchase (to enforce download limits).
  • Technical data: IP address, browser type, and pages visited, collected automatically via server logs and analytics.

3. How We Use Your Data

  • To create and manage your account.
  • To process payments and deliver purchased digital files.
  • To enforce download limits and prevent abuse.
  • To send transactional emails (purchase confirmations, password resets).
  • To comply with legal obligations and resolve disputes.

We do not sell your personal data to third parties.

4. Legal Basis for Processing

  • Contract performance — processing your order and delivering files.
  • Legitimate interests — fraud prevention, security, and improving our service.
  • Legal obligation — retaining transaction records as required by tax law.
  • Consent — optional analytics or marketing communications where applicable.

5. Third-Party Services

  • Stripe — payment processing. Your payment data is governed by Stripe's Privacy Policy.
  • Cloudflare R2 — secure file storage. Files are stored in Cloudflare's EU-region infrastructure.
  • Google OAuth — optional sign-in via Google. Governed by Google's Privacy Policy.
  • Resend — transactional email delivery.

6. Data Retention

We retain your account data for as long as your account is active. Purchase and transaction records are retained for 7 years to comply with tax and accounting obligations. You may request deletion of your account at any time (subject to legal retention obligations).

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request erasure (“right to be forgotten”), subject to legal obligations.
  • Restrict or object to processing.
  • Data portability.
  • Lodge a complaint with your national data protection authority.

To exercise any of these rights, contact us at legal@ecufy.com.

8. Cookies

We use cookies for authentication and session management. For full details, see our Cookie Policy.

9. Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls. No transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the website. Continued use of the service after changes constitutes acceptance.

Terms & ConditionsCookie Policy