Last updated: 28 May 2026 — aligned with EU Regulation 2016/679 (GDPR), Kosovo Law No. 06/L-082 on the Protection of Personal Data, and the e-Privacy Directive 2002/58/EC.
VCDS Pro (sole proprietorship in registration), Republic of Kosovo. Contact: info@vcdspro.cloud. Data-protection requests: data@vcdspro.cloud.
We have not appointed a Data Protection Officer (DPO) as we do not meet the thresholds of GDPR Art. 37(1). The contact above serves as our data-protection contact.
| Category | What | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Account / Licensing | Hardware ID (HWID, hashed), email, license key | 1(b) contract | License duration + 12 months |
| Payments | Processed by Stripe — we receive: email, last 4 digits of card, country, billing address, Stripe customer ID | 1(b) contract, 1(c) accounting law | 10 years (tax) |
| Diagnostic data (local) | VIN, DTC codes, freeze frames, ECU IDs, mileage | 1(b) contract — stays on your device by default | Until you delete |
| Diagnostic data (Cloud Sync, opt-in) | Same as above, transmitted to our Turso database | 1(a) consent | Until you revoke consent |
| Crash logs (local) | Stack traces written to ~/VCDS_Pro_Data/crash_reports | Stored only on your device, never transmitted | Until you delete |
| Support emails | Whatever you send to info@vcdspro.cloud | 1(f) legitimate interest — supporting customers | 3 years |
| VIN lookups | VIN, country plate, query timestamp | 1(b) contract | 30 days (rate-limit cache) |
We rely on the following processors. Each processes data on our instructions under a GDPR Art. 28 contract.
Stripe, Vercel, Resend and Turso may process data on infrastructure that includes the United States. Transfers rely on the EU Standard Contractual Clauses (2021/914) and, where applicable, the EU-US Data Privacy Framework. Copies of the SCCs are available on request.
Under GDPR Art. 15-22 and Kosovo Law No. 06/L-082 you have the right to:
To exercise any right, email data@vcdspro.cloud from the address linked to your account. We respond within 30 days.
Our website uses the following cookies and local-storage items:
| Name | Purpose | Type | Duration |
|---|---|---|---|
vcds_consent | Remembers your cookie / consent choice | Strictly necessary | 12 months |
__stripe_* | Set by Stripe on the checkout page for fraud prevention | Strictly necessary | Session / 1 year |
IndexedDB vcds_local | Stores your diagnostic sessions locally in the browser | Strictly necessary (functional) | Until you clear |
We do not use analytics, advertising or tracking cookies. No consent is therefore required for the strictly-necessary cookies above under Art. 5(3) e-Privacy Directive.
Cloud data is encrypted in transit (TLS 1.2+) and at rest. License keys are HMAC-signed and verified server-side. Stripe handles all card data — we are not subject to PCI DSS because we never see card numbers. Local diagnostic data stays on your device unless you opt into Cloud Sync.
The Software is not directed at minors under 16. We do not knowingly collect data from children.
We may update this policy. Material changes will be announced on the website at least 30 days before they take effect. The "Last updated" date at the top reflects the current version.
VCDS Pro, Republic of Kosovo · info@vcdspro.cloud · Data-protection requests: data@vcdspro.cloud · Telegram: @vcdspro