Good2Know

Last Updated: 20 March 2026
Effective Date: 20 March 2026

1. Introduction

Good2Know OÜ (Reg. 17058788, VAT EE102803545), Staapli tn 3-115, 10415 Tallinn, Estonia ("Good2Know," "we," "our," "us") is the controller for personal data processed when you use our application, website, or related services (collectively, the "Service").

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national law.

Where Good2Know provides services to enterprise customers, we may also act as a processor for data submitted by those customers. This Privacy Policy covers processing for which Good2Know acts as the controller.

2. Who This Policy Applies To

This Policy applies to the following categories of data subjects:

B2B users — individuals using Good2Know through an enterprise customer account.
B2C users — individuals using the consumer version of the Service.
Vehicle-linked individuals — persons whose vehicle-related information is processed when a VIN or licence plate is submitted (Art. 14 GDPR).
Website and app visitors — individuals generating device telemetry or technical logs when interacting with the Service.

B2B Users (Enterprise Customers)

B2B users access the Service under a contract between Good2Know and their employer or organisation. Vehicle data sourced from public authorities is available only to B2B customers, as the underlying licences restrict use to professional, organisational purposes.

B2C Users (Consumer Users)

B2C users do not receive any authority-sourced data. B2C users receive only data they submit themselves (e.g. VIN, licence plate, photo), data internally derived by Good2Know, and data from third-party sources whose licences permit consumer use.

Authority-sourced data will not be used or displayed in the B2C Service unless the legal basis and licensing framework are extended in the future.

3. Information We Collect

3.1 Information You Provide

Email address
Vehicle registration numbers and VINs
Optional photos for plate or VIN recognition (no facial or biometric analysis is performed)
Optional profile information (name, company, country)
Feedback and support correspondence
Payment information, processed by secure third-party providers

3.2 Automatically Collected Information

IP address and non-precise location
Device details (browser, operating system, model, screen resolution)
Session identifiers
Usage logs and performance metrics
Timestamps
Error logs and security telemetry

We do not intentionally collect biometric identifiers, facial data, or data that would enable identification of private individuals linked to a vehicle.

3.3 Data from External Sources

We may receive non-identifying vehicle-related information from public authorities (B2B only, under licence), enterprise customers (where we act as processor), and third-party providers (payments, analytics, diagnostics).

3.4 Authority-Sourced Data

Access to authority-sourced data is contract-based and subject to strict purpose limitations. This data is available only to B2B customers whose intended use meets the relevant authority's requirements. Good2Know does not use, process, or display authority-sourced data for B2C users.

If access is expanded in the future, we will provide a dedicated Privacy Notice and update the applicable legal basis accordingly.

4. Purposes and Legal Basis

We process personal data for the following purposes:

Contractual necessity (Art. 6(1)(b) GDPR) — providing, operating, and maintaining the Service.
Legitimate interests (Art. 6(1)(f) GDPR) — security, abuse prevention, fraud detection, diagnostics, product improvement, and safe operation of the Service.
Legal obligations (Art. 6(1)(c) GDPR) — billing, accounting, and regulatory compliance.
Consent (Art. 6(1)(a) GDPR) — optional marketing communications and camera access.
Authority-sourced vehicle data (B2B only) — legitimate interest (Art. 6(1)(f) GDPR) to provide vehicle-related non-identifying information to enterprise customers.

We do not process authority-derived personal data for B2C users.

5. Art. 14 — Information for Individuals Not Directly Contacted

When processing vehicle data originating from public authorities or third parties, we do not receive identifying information about private individuals. VINs, licence plates, and technical vehicle attributes cannot identify natural persons without additional information that we do not possess.

Providing individual notices to all potential data subjects would be impossible or involve disproportionate effort. We rely on the exemptions provided under Art. 14(5)(b) and Art. 14(5)(c) GDPR.

6. Data Retention

VINs and licence plates — retained while the user account is active.
Vehicle analysis results — retained while the user account is active.
Billing and accounting data — retained for up to 7 years in accordance with applicable law.
Technical logs and analytics — retained for up to 90 days.
Photos — retained while the user account is active. Users may delete individual photos at any time.

After the applicable retention period expires, data is erased or anonymised.

7. Data Storage and Security

All data is stored within the EU/EEA. Data in transit is protected using TLS encryption, and data at rest is protected using strong encryption standards. Access is controlled through role-based authorisation. Our systems include security monitoring, vulnerability management, and periodic security assessments. Any access by external support providers is limited in scope and covered by GDPR-compliant safeguards.

8. Third-Party Processors

We use vetted processors, including cloud infrastructure providers located in the EU/EEA, payment providers (e.g. Stripe), and vehicle data APIs that receive only pseudonymous identifiers (B2B only).

We do not share personal data with advertisers or data brokers.

9. International Transfers

We do not transfer personal data outside the EU/EEA. If any support provider uses personnel outside the EU/EEA, such transfers take place under Standard Contractual Clauses and equivalent safeguards.

10. Camera and Photo Use

Camera access requires your explicit permission. Photos are used solely to identify licence plates or VINs and are not analysed for biometric or facial data. Images are retained for use within the Service and may be deleted by the user at any time.

11. Cookies and Tracking

We do not use advertising cookies. Essential cookies and local storage support authentication, functionality, and security. Optional analytics operate without cross-site tracking or advertising identifiers.

12. Automated Decision-Making

We do not perform automated decision-making or profiling as described under Art. 22 GDPR.

13. Your Rights

Under the GDPR, you have the right to access, correct, delete, restrict, or object to the processing of your personal data. You also have the right to data portability and the right to withdraw consent at any time.

To exercise your rights, contact us at privacy@good2know.co.

Your rights may be limited where data originates from a public authority (we cannot alter authoritative records) or where data cannot be linked to an identifiable individual (e.g. a VIN or licence plate alone). In those cases, we will direct you to the appropriate authority.

14. Children's Data

The Service is not directed to individuals under 16. We do not knowingly collect data from minors. If we identify data belonging to a minor, it will be deleted promptly.

15. Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local EU/EEA supervisory authority.

16. Policy Updates

We may update this Privacy Policy from time to time. The "Last Updated" date at the top indicates the latest version. Significant changes will be communicated to registered users.

17. Contact

Controller: Good2Know OÜ
Staapli tn 3-115, 10415 Tallinn, Estonia
Reg. 17058788 · VAT EE102803545

Email: privacy@good2know.co
Data Protection Lead: Jarmo Paabo (not a statutory DPO)