Privacy Policy

Effective: from October 20, 2025
Version: 1.0
Issuer: Tamás József Balku, sole proprietor
Service: Timot – license plate–based notification and feedback community platform
Website:https://timot.app

1. Purpose and legal basis of data processing

The purpose of this Privacy Policy (hereinafter: Policy) is to inform users of the Timot service (hereinafter: Service) about the manner, purpose, legal basis, and duration of the processing of personal data.

Timot is a community platform that enables vehicle owners to send messages or feedback to each other based on license plates, and allows users to manage their vehicle data and notifications. The Service Provider is committed to protecting personal data and applies the applicable legislation at every stage of processing, in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),
• Act CXII of 2011 (Infotv.),
• Act CVIII of 2001 (Ektv.).

The legal bases for processing are:

• the user’s consent (e.g., providing optional data, use of GPS),
• performance of a contract (registration, sending notifications, feedback),
• the controller’s legitimate interests (system security, abuse prevention, statistical analysis),
• and compliance with legal obligations (in the event of official requests).

2. Data controller details

Name of controller: Tamás József Balku, sole proprietor
Registered office: Hungary
Contact for general and data protection matters:hello@timot.app
Website:https://timot.app

The controller has not appointed a data protection officer, as there is currently no legal obligation to do so.

3. Categories of data processed and retention periods

Data is processed solely to the extent necessary for operating the service and fulfilling statutory obligations.

3.1. User profile

• Required data: email address, password (for email-based registration), language, time zone
• Optional data: name, mobile phone number, gender, date of birth, login tokens (Google, Facebook), other data
• Purpose: registration, login, account management, communication
• Retention: 2 years, or up to 30 days from the date of a deletion request

3.2. Vehicles linked to a user

• Required data: country code, license plate number
• Optional data: vehicle name, manufacturer, model, color, other data
• Purpose: managing notifications related to the vehicle
• Retention: up to 30 days from the date of a deletion request

3.3. Alerts related to a vehicle

• Required data: license plate ID, vehicle ID, type of alert
• Optional data: free-text message, email address for guest submissions (encrypted)
• Additional technical data: sender’s IP address, user-agent, GPS (optional), other authentication information
  • These metadata are retained for a maximum of 6 months from the creation of the alert, or for up to 30 days from the date of a deletion request
• Retention: orphaned alerts are retained for up to 2 years, or 30 days in case of a deletion request

3.4. Feedback related to a vehicle

• Required data: license plate ID, vehicle ID, rating
• Optional data: identifiers of other types of feedback, email address for guest submissions (encrypted)
• Additional technical data: sender’s IP address, user-agent, GPS (optional), other authentication information
  • Metadata related to the feedback are retained for up to 6 months, or 30 days in case of a deletion request
• Retention: orphaned feedback entries are retained for up to 2 years, or 30 days in case of a deletion request

3.5. License plates

• Required data: country code, license plate number
• Purpose: ensuring identification and notification features
• Retention: up to 1 year from the last activity

3.6. Activities and logging

• Data: IP address, user-agent
• Purpose: debugging, security checks, system administration
• Retention: user activities for up to 1 year; other log files for up to 6 months

4. Data transfers and access

Timot does not transfer personal data to third parties and does not use external processors. An exception is made for official requests required by law (e.g., police). No personal data is transferred outside the European Union.

5. Statistics and cookies

During operation, Matomo is used to compile anonymous statistics on self-hosted servers only. IP addresses are shortened, no profiling is performed, and data is not shared with third parties.

Cookies necessary for operation (session, security tokens) are essential and the application would not function without them. Statistical or convenience cookies are used only with the user’s consent.

6. Rights of the data subject

The data subject (user) may exercise the following rights:

• Right to information: may request information about the processing
• Right to rectification: may request the correction of inaccurate data
• Right to erasure: may request deletion of personal data when processing is no longer necessary
• Right to restriction: may request suspension of processing where legality is disputed
• Right to object: may object to processing based on legitimate interests
• Right to withdraw consent: may withdraw consent at any time (e.g., for GPS data)

The controller responds to requests within 1 month. If, due to a lack of human resources or overload, the controller cannot meet the deadline, the response period may be extended by up to an additional 2 months. If a request is manifestly unfounded or excessive, the controller may refuse to comply or charge a reasonable administrative fee.

7. Remedies

If you believe that processing is unlawful, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
• Postal address: 1530 Budapest, P.O. Box 5
• Phone: +36 1 391 1400
• E-mail:ugyfelszolgalat@naih.hu
• Web:https://naih.hu

The data subject is also entitled to bring an action before the competent court.

8. Data security and incident management

The controller takes all reasonable technical and organizational measures to protect personal data. In the event of a data protection incident, the controller investigates the case, logs it, and, where necessary, notifies the NAIH within 72 hours, as well as the affected users.

9. Amendments to the Policy

The controller reserves the right to amend this Policy at any time, unilaterally. We will notify users by publishing the changes on the website and, where necessary, by email. The currently effective version of the Policy is available at https://timot.app.