Privacy Policy

← Back to homepage

Effective: January 10, 2026.

This privacy notice (hereinafter: Notice) provides information on how the Timot service (hereinafter: Service) processes your personal data, for what purpose and on what legal basis the processing takes place, and what rights you have in connection with our data processing. By using the Service, you accept the provisions of this Notice.

1. Data Controller Information

Data Controller: Balku Tamás József e.v.
Registered office: 1039 Budapest, Madzsar József utca 31. 1/5
Tax number: 69386387-1-41
Registration number: 53108346
Website:https://timot.app
E-mail: hello [@] timot [pont] app

The Data Controller has not appointed a data protection officer, as there is no legal obligation to do so.

2. Purposes and legal bases of processing, and categories of personal data processed

2.1. Provision of the Service

Purpose: operation of the Timot platform, management of user accounts, recording licence plates and vehicle data, forwarding alerts and feedback.

Processed data: e-mail address (mandatory on all registration forms), password (in case of e-mail registration), username (mandatory, automatically generated by the system and modifiable once per month), optionally provided name, time zone, language settings; vehicle-related data (country code, licence plate number, optionally vehicle name, manufacturer, model, colour); the content of alerts and ratings, and their technical metadata (IP address, user agent, GPS coordinates – optional).

Legal basis: performance of a contract pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) (registration and account management necessary to use the Timot service).

Anonymity for alerts: Alerts and feedback are forwarded anonymously by default; the owner of the licence plate does not receive information about the sender’s name or contact details. If the user voluntarily includes their name or other contact details in the message, we will make it visible to the relevant recipient.

2.2. Sending alerts and feedback without registration

Purpose: to allow users without registration to notify a vehicle owner (for example, if the vehicle is parked improperly or the lights were left on).

Processed data: the identifier of the licence plate, the type of alert, the sender’s message, and technical metadata (IP address, user agent). In the case of a guest submission, the e-mail address is stored in encrypted form.

Legal basis: performance of a contract related to the use of the service (GDPR Article 6(1)(b)), and legitimate interest (maintaining the security and operability of the system).

2.3. Newsletter subscription and communication

Purpose: informing users about news related to the Timot service, new features, or community events via newsletter.

Processed data: the user’s e-mail address and—if provided—their name.

Legal basis: the user’s consent (GDPR Article 6(1)(a)). Consent can be withdrawn at any time by clicking the unsubscribe link at the bottom of the newsletter or by e-mailing the Data Controller.

Processor: we send our newsletters and other e-mails via the MailerSend provider. Under our contract, MailerSend acts as a processor and uses only your e-mail address and name for sending. The provider applies data protection safeguards approved by the European Union (for example, EU contractual clauses) during data transfers.

2.4. Bug reporting and performance monitoring

Purpose: identifying and fixing technical errors and performance issues of the Service.

Processed data: server-side log files, which may contain the user’s IP address, the type of browser and operating system, the requested URL, the time, and error messages.

Legal basis: legitimate interest (GDPR Article 6(1)(f)) to ensure the secure and stable operation of the Service.

Processor: we analyse our server logs and error reports using the Sentry service. Sentry, acting as a processor, receives only the technical information necessary for troubleshooting. Sentry operates in accordance with data protection rules approved by the EU.

2.5. Statistical analysis

Purpose: producing anonymous statistics on Service usage to improve the system.

Processed data: anonymous or pseudonymous user behaviour data (for example, the number and frequency of page views). For statistical analysis, we run the Matomo analytics system on our own server; we do not transfer data to any external third party.

Legal basis: legitimate interest (GDPR Article 6(1)(f)). Statistical analysis is performed with Matomo in a cookie-free manner on our own server, therefore no separate user consent is required.

3. Data retention

  • User account data (e-mail address, password, name, settings): until the account is deleted, and for up to 30 days from the submission of the deletion request.
  • Vehicle data: for up to 30 days from the submission of the deletion request.
  • Metadata of alerts and ratings: for up to 6 months; in the case of orphaned alerts and ratings, for up to 2 years.
  • Licence plates: for up to 1 year from the last activity.
  • Log files and error reports: up to 1 year; logs related to an error for up to 6 months.
  • E-mail addresses on the newsletter list: for the duration of the newsletter subscription. After unsubscribing, we keep your e-mail address for up to 30 days and then delete it.

4. Data disclosure and transfers to third countries

The provider does not disclose personal data to third parties, except:

  • MailerSend: for sending newsletters and transactional e-mails; as a data controller, it receives the user’s e-mail address and name.
  • Sentry: for monitoring server errors and performance issues; IP addresses and technical metadata contained in logs are transferred to the extent necessary for error analysis.

Among these providers, MailerSend and Sentry are headquartered in the United States. Based on the agreements concluded with them, the provider applies safeguards ensuring an adequate level of protection (e.g., EU-approved Standard Contractual Clauses – SCCs) when transferring data.

To comply with official requests, in cases defined by law we may transfer your data to competent courts or authorities.

5. Cookies

Our website uses cookies for its operation. Necessary cookies are essential for the technical operation of the Timot service and do not collect personal data. We perform our statistical analyses with Matomo without cookies, therefore no separate consent is required. The detailed cookie notice is available in the cookie notice.

6. Data subject rights

The data subject (user) may exercise the following rights:

  • Right to information: you may request information about what personal data we process about you.
  • Right to rectification: you may request the correction of inaccurate personal data.
  • Right to erasure: you may request the deletion of personal data if its processing is no longer necessary.
  • Right to restriction: in the case of a disputed legal basis, you may request restriction of processing.
  • Right to object: you may object to processing carried out on the basis of legitimate interest.
  • Withdrawal of consent: for processing based on consent, you may withdraw your consent at any time (for example, in the case of newsletters).
  • Right to data portability: where processing is based on a contract or consent and is carried out by automated means, you may request that your data be provided in a machine-readable format.

You can submit your requests via the Data Controller’s contact details (hello [@] timot [pont] app). The Data Controller will respond without undue delay, but no later than within one month.

7. Remedies

If you believe that our data processing is unlawful, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH):

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Postal address: 1530 Budapest, Pf. 5.
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail:ugyfelszolgalat@naih.hu
Web:https://naih.hu

You are also entitled to bring the matter before a court at the competent regional court based on your place of residence or habitual residence.

8. Data security and incident management

The Data Controller ensures the security of personal data through technical and organisational measures. Passwords are stored using a salted, one-way hash function; the website and application operate with HTTPS encryption; we perform regular software updates and backups.

9. Amendment of the Notice

The Data Controller reserves the right to amend this Notice unilaterally. Changes become effective upon publication on the website; we will send separate notifications about material changes by e-mail or upon logging into the user account.