Privacy Policy
Last updated: April 2026 · HVDesk, Vienna, Austria
1. Who We Are
HVDesk ("we", "us", "our") is a remote EV diagnostic support service. We provide technical consulting to independent automotive repair shops worldwide.
Data controller: HVDesk - support@hvdesk.com
2. What Data We Collect
When you register and use our service, we collect:
- Account data: business name, email address, phone number, location (country/city)
- Case data: vehicle information (make, model, year, VIN, mileage), fault codes, complaint descriptions, diagnostic data, files you upload (scan tool reports, photos, videos)
- Communication data: messages exchanged within the platform
- Technical data: IP address (for rate limiting and security), session tokens
- Payment data: processed entirely by Stripe. We do not store card numbers or payment details.
3. How We Use Your Data
- To provide remote EV diagnostic support (primary service)
- To communicate case updates via email
- To process payments via Stripe
- To prevent fraud and abuse (rate limiting, security monitoring)
- To improve our service
We do not sell your data to third parties. We do not use your data for advertising.
4. Legal Basis (GDPR)
We process your data based on:
- Contract performance (Art. 6(1)(b) GDPR) - to deliver the service you signed up for
- Legitimate interests (Art. 6(1)(f) GDPR) - security, fraud prevention, service improvement
- Legal obligation (Art. 6(1)(c) GDPR) - where required by Austrian or EU law
5. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion request
- Case data and files: retained for 3 years after case closure for quality assurance, then deleted
- Session tokens: expire after 30 days
- Payment records: retained by Stripe per their policy; we retain transaction references for 7 years per Austrian accounting law
6. Your Rights (GDPR)
As an EU resident or as someone whose data we process, you have the right to:
- Access - request a copy of the data we hold about you
- Rectification - correct inaccurate data
- Erasure - request deletion of your account and data
- Portability - receive your data in a machine-readable format
- Objection - object to processing based on legitimate interests
- Restriction - request we limit how we use your data
To exercise any of these rights, email support@hvdesk.com. We will respond within 30 days. You can also delete your account directly from your account settings.
You have the right to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at).
7. Third-Party Services
- Stripe - payment processing. Their privacy policy applies to payment data.
- Hostinger - email delivery (SMTP). Emails may be processed on their servers.
- Google Fonts - font loading on public pages. Subject to Google's privacy policy.
8. Data Security
We use industry-standard security measures including encrypted HTTPS connections, hashed passwords (bcrypt), HTTP-only secure session cookies, and rate limiting on authentication endpoints. Our servers are located in the EU.
9. International Transfers
If you are based outside the EU, your data is still processed in accordance with GDPR, as our company is registered in Austria. Stripe may process payment data in the United States under Standard Contractual Clauses.
10. Changes to This Policy
We may update this policy. Changes will be posted on this page with an updated date. Continued use of HVDesk after changes constitutes acceptance.
11. Contact
Questions about this policy: support@hvdesk.com