Privacy Policy

1. Who we are

This Privacy Policy describes how KEYGEN AUTOMOTIVE ("we", "us", "our") collects, uses, and shares information when you visit or use our website at keygen-automotive.com (the "Service").

For the purposes of the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, we act as the data controller of the personal data described below.

Contact for privacy matters: support@keygen-automotive.com

2. What information we collect

Information you provide directly

• Account data: first name, last name, email address, password (stored hashed), phone number, country, company name, professional role.
• Profile content: any additional information you choose to add to your profile.
• Order data: services purchased, vehicle details you submit for processing, order amounts and timestamps.
• Communications: messages you send us via email or contact forms.

Information collected automatically

• Technical data: IP address, browser type and version, operating system, device identifiers, referring URLs.
• Usage data: pages visited, features used, timestamps of access, login events, sign-in alerts (IP and User-Agent of new sign-ins).
• Cookies: see section 6.

Information from third parties

• Email delivery: Resend (our SMTP provider) processes outbound transactional emails (verification, password reset, sign-in alerts).
• Anti-spam: hCaptcha may be used on registration to detect automated bots.

3. How we use your information

• To create and maintain your account and authenticate sign-ins.
• To deliver the services you request (key programming data, calculators, database access, etc.).
• To send transactional emails: account verification, password reset, email change confirmation, sign-in alerts.
• To detect and prevent fraud, abuse, and unauthorised access.
• To respond to your support requests.
• To improve the Service and develop new features.
• To comply with legal obligations.

We do not sell your personal data and we do not use it for advertising profiling.

4. Legal basis for processing (GDPR)

We process your personal data under the following legal bases:

• Contract (Art. 6(1)(b)): to provide the Service you have signed up for.
• Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, and product analytics.
• Consent (Art. 6(1)(a)): for non-essential cookies and optional communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): where we are required by law to retain or disclose data.

5. Sharing with third parties

We share personal data only with vetted processors who act on our instructions:

• Hosting: Zomro (VPS provider) — server infrastructure.
• DNS & email routing: Cloudflare — DNS and inbound email forwarding.
• Outbound email: Resend — transactional emails.
• Anti-bot: hCaptcha — registration form protection.
• Payment processors (when enabled) — for subscription billing. We do not store full card numbers; payment data is handled by the processor under PCI-DSS.

We may also disclose data when required by law, court order, or to protect our rights and safety.

6. Cookies and similar technologies

We use a small number of cookies and local-storage entries:

• Essential (always on): authentication tokens (PocketBase), language preference, cookie-consent state. Required for the site to function.
• Analytics (optional): aggregated, anonymous usage statistics. Off by default.
• Marketing (optional): currently not used. Off by default.

You can review and change your choices at any time on the Cookie Settings page.

7. Data retention

• Account data: kept while your account is active. After deletion, we erase or anonymise within 30 days, except where law requires longer retention.
• Order records: retained for up to 7 years for tax and accounting purposes (UK / EU).
• Server logs: rotated and deleted within 90 days.

8. Security

We implement appropriate technical and organisational measures, including HTTPS (TLS 1.2+) for all traffic, hashed password storage, rate-limiting on authentication endpoints, intrusion detection (fail2ban), and a host firewall. Sign-in alerts notify you of new device/IP logins.

9. Your rights

Under GDPR / UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data (you can edit most fields directly in your dashboard).
• Erase your data ("right to be forgotten").
• Restrict or object to certain processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority (e.g. ICO in the UK).

To exercise any of these rights, email support@keygen-automotive.com. We respond within 30 days.

10. International transfers

Our servers are located in the European Economic Area. Some processors (e.g. Cloudflare, Resend) may operate globally. Where data leaves the EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

11. Children's privacy

The Service is intended for automotive professionals aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email and on the dashboard at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy questions, data subject requests, or to exercise your rights:

• Email: support@keygen-automotive.com
• Phone: +44 75 5276 3369