General Terms and Conditions (GTC)

Effective: October 20, 2025

1. Introduction

This document (hereinafter: Policy) explains how Timot handles your personal data.
Timot is an online service that allows drivers to send alerts or feedback to each other based on license plate numbers.
Our goal is to ensure that users understand what data we collect, why we collect it, how long we retain it, and how we protect it.

During its operation, Timot complies with the General Data Protection Regulation (GDPR) of the European Union and Hungarian data protection laws.
Transparency is important to us, as well as ensuring that you are always aware of how your data is used.

2. Who processes the data?

Data Controller: Tamás József Balku, sole proprietor
Registered office: Hungary
Contact and data protection inquiries:privacy@timot.app
Website:https://timot.app

Timot has not appointed a separate data protection officer, as this is currently not required.

3. Where and how do we store data?

Data is stored on European Union (primarily Hungarian) servers operated by us.
No third parties have access.
To protect the data, we use modern security measures such as encrypted connections, logging, regular updates, and backups.
Passwords are stored securely using industry-standard cryptographic algorithms and are not readable in plain text.

4. Legal basis for data processing

• GDPR (EU 2016/679): the General Data Protection Regulation of the EU
• Act CXII of 2011: on informational self-determination and freedom of information
• Act CVIII of 2001: on electronic commerce services

5. Why do we process your data?

The reason for processing depends on the specific feature you use:

• Service provision: such as registration, login, vehicle and license plate management, sending and receiving alerts, handling feedback.
• Based on your consent: for example, sharing GPS data when sending an alert (always optional).
• Legal obligation: if an authority (e.g., police) requests information.
• Legitimate interest: ensuring system security, detecting errors, preventing misuse, and performing statistical analysis (via the Matomo system, self-hosted).

6. Stored data and their management

6.1. User profile

• Required data: email address, password (for email-based registration), language, time zone
• Optional: name, mobile number, gender, date of birth, login tokens (Google, Facebook), other data
• Retention: 2 years or up to 30 days after a deletion request

6.2. Vehicles linked to the user

• Required data: country code, license plate number
• Optional: vehicle name, manufacturer, model, color, other details
• Retention: up to 30 days after a deletion request

6.3. Alerts related to vehicles

• Required data: license plate ID, vehicle ID, type of alert
• Optional data: free-text message, sender email (encrypted, if a guest)
• Technical metadata: sender IP address, user-agent, GPS (optional), and other verification data
  • These metadata are stored for a maximum of 6 months after the alert is created or up to 30 days after a deletion request.
• Retention: orphaned alerts are kept for up to 2 years, or 30 days after a deletion request

6.4. Feedback related to vehicles

• Required data: license plate ID, vehicle ID, rating
• Optional data: additional rating identifiers, sender email (encrypted, if a guest)
• Technical metadata: sender IP address, user-agent, GPS (optional), and other verification data
  • These metadata are stored for up to 6 months after creation or 30 days after a deletion request.
• Retention: orphaned feedback entries are kept for up to 2 years, or 30 days after a deletion request

6.5. License plates

• Required data: country code, license plate number
• Retention: up to 1 year after the last activity (e.g., alert or feedback received)

6.6. Activity logs

• Data: IP address, user-agent
• Retention: user activities (e.g., login, data changes) for up to 1 year; other log files up to 6 months

7. Who can see the data?

• Data is not shared with external partners
• In case of official requests (e.g., police), we are legally obliged to provide the requested data
• No data is transferred outside the EU

8. Statistics and cookies

Timot uses the Matomo system on its own servers to create anonymous statistics. IP addresses are anonymized, no user profiles are created, and no data is shared with third parties.

Cookies essential for operation are mandatory; the website cannot function without them. We ask for separate consent for statistical cookies, which can be disabled at any time.

9. Automated decision-making

Timot does not use any automated systems that make decisions or create user profiles.

10. What are your rights?

You may request at any time:

• Information: what data we process about you
• Correction: if any information is inaccurate
• Deletion: if the data is no longer needed
• Restriction: if you dispute the legality of processing
• Objection: if you disagree with the processing
• Withdrawal of consent: for example, GPS data

We respond to all requests within 1 month. If, due to a lack of human resources or system overload, we are unable to respond in time, this period may be extended by up to 2 months. If a request is clearly unfounded or excessive, we may refuse it or charge a reasonable administrative fee.

11. Where can you file a complaint?

If you believe your data is being processed unlawfully, you can contact the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
• Mailing address: 1530 Budapest, P.O. Box 5
• Phone: +36 1 391 1400
• E-mail:ugyfelszolgalat@naih.hu
• Website:https://naih.hu

12. Data protection incidents

If a data protection incident occurs (e.g., unauthorized access), we will investigate the issue and, if necessary, notify the authority and affected users.

13. Amendments to this Policy

Timot reserves the right to modify this Policy from time to time. The current version will always be available on our website, and we will send separate notifications in the event of significant changes.