Privacy

Privacy policy

Driver Solution processes the personal data needed to deliver its services, handle queries and contracts, generate documents and maintain technical security. This policy explains what data is collected, the purpose, the legal basis, the recipients and the data subject's rights, in accordance with the EU GDPR and Spanish LOPDGDD law (Spanish law).

Data controller

Owner: Pedro Mulero Sánchez.
Tax ID (NIF/CIF): 43700194X.
Website: https://www.driversolution.es
Email: info@driversolution.es
Phone: (+34) 604 52 64 87

Contact

For notices, information requests or issues related to the Site and data processing, please use the contact form or write to info@driversolution.es. You can also call (+34) 604 52 64 87. Please state the reason for your communication in the subject line (e.g. "Privacy", "Technical issue").

Purposes of processing

  • Providing and managing the contractual and functional services of Driver Tacho, Driver Lex and Driver Docs.
  • Handling queries, support requests and contact-form communications.
  • Generating documents and AI-assisted responses; where applicable, preparing drafts and deliverables requested by the user.
  • Managing payments and invoicing related to the contracted services.
  • Security, usage analytics, fraud prevention and service improvement (subject to consent where required).
  • Compliance with legal obligations and incident handling.

Legal basis

The applicable legal bases include: (i) performance of a contract or pre-contractual steps where relevant; (ii) the data subject's consent for optional processing (e.g. analytics, marketing); (iii) legitimate interests for security and fraud prevention; and (iv) compliance with legal obligations.

Categories of data processed

Depending on the purpose, the following data is processed:

  • Identification and contact data (name, email, phone where supplied).
  • Employment and professional data supplied through forms (job title, workplace, category, collective agreement, etc.).
  • Documents attached by the user (e.g. PDFs) for analysis or use in queries.
  • Technical browsing data and activity logs (IP address, cookies, technical identifiers) as set out in the Cookies policy.
  • Payment and billing data processed by payment providers (Stripe) under their terms.
  • Authentication and profile data managed by identity services (for example, Supabase) where used.
  • Data extracted from the digital tachograph driver card when the user chooses to use Driver Tacho: card number, issuing Member State, holder's name and surnames, date of birth and, where applicable, Spanish national ID (DNI/NIE) (in Spain, derived from the card number itself). The .TGD binary files ("driver files" under EU Regulation 165/2014) downloaded from the card, when the user decides to keep them in their personal cloud archive.

Specific processing and third-party providers

Driver Lex

Queries sent to Driver Lex may include data and documents supplied by the user. The PDF documents selected for analysis are sent as part of the request to the processing services running the serverless functions and, where applicable, are transmitted to AI providers to obtain the automated response (e.g. OpenAI). Sending a query constitutes consent to the processing of the data needed to obtain the response. The user declares they are entitled to provide the documents submitted and undertakes not to upload third-party documents without proper authorisation.

Driver Docs

The data and templates used to generate documents are the user's responsibility. Driver Solution provides automated or assisted generation, but does not guarantee the legal suitability of the final document: the user must review and validate it before use.

Driver Tacho — personal cloud archive

Driver Tacho lets drivers read their own digital tachograph card (Gen1, Gen2 v1 and Smart Tacho 2 / Gen2 v2) and, on an optional and free basis, keep the resulting .TGD files in a personal cloud archive for a maximum period of five (5) years from the upload date. The service runs on Supabase infrastructure (authentication, PostgreSQL database with Row-Level Security and a private storage bucket).

Card–user link. The first registration requires an email address from the user; after the initial sign-up, the tool links the driver card number to that email (user account) on a 1:1 basis. On subsequent reads, recognising the card number automatically opens the holder's session, with no need to re-enter the email. If the card is already linked to another account (e.g. a different driver's card), the system will detect this and refuse the read to prevent cross-access.

Access restricted to the holder. The TGD files and the associated metadata are accessible only to the registered user who holds the card. Access control is applied at the database level through Row-Level Security policies (each record is linked to the holder's user_id and can only be queried, downloaded or deleted by them) and at the storage level through bucket policies that restrict operations to the user's own path. Driver Solution does not access the content of the TGD files except for support purposes specifically authorised by the user, or by legal requirement.

Derived data kept. Alongside each TGD file, the following metadata is stored to operate the archive: file name, size, upload date, SHA‑256 checksum of the content, issuing Member State of the card, card number, period of activity covered, holder's name and a hash of the holder's Spanish national ID (the ID itself is not stored in clear). No additional copies of the TGD files are kept, and their content is not used for purposes other than those explicitly requested by the user (generating the expert report, downloading the TGD itself, etc.).

Free model. Reading the card, saving the TGD in the cloud and downloading the TGD itself are free for the cardholder. Only the generation and download of the full expert report in PDF/Excel is subject to a one-off payment; the cloud archive does not require a subscription or recurring fee.

Deletion and portability. The user can download any of their own TGD files at any time from within the tool and can manually delete any file (physical deletion, no recycle bin). After five years from the upload date, files and their metadata are deleted automatically. Deleting the user account triggers a cascading deletion of all associated TGD files and metadata.

Payments (Stripe)

Payments are handled by Stripe or other external providers. Driver Solution does not store full payment card data. Please review Stripe's privacy policies for information on payment data processing.

AI services and technical third parties

The service may use external providers: OpenAI (AI-assisted answer generation/validation for Driver Lex and Driver Docs), Supabase (user authentication, PostgreSQL database with Row-Level Security and private storage bucket for the Driver Tacho TGD archive), Brevo (sending the account verification email via authenticated SMTP) and Netlify (site hosting, serverless functions and Edge Functions). These integrations involve transmitting data to those providers in line with their policies. For international transfers, Driver Solution will apply appropriate safeguards or notify users in advance where required.

Recipients

Data may be shared with processors needed to deliver the service: payment platforms (Stripe), AI providers (OpenAI or others), hosting and serverless function providers (Netlify), authentication and database services (Supabase), and analytics or marketing providers if the user has consented (e.g. Google Analytics, Microsoft Clarity, Brevo). Data will not be shared with third parties for other purposes without the user's consent unless required by law.

Retention

Data will be kept for as long as needed to fulfil the stated purposes, meet legal obligations or handle incidents and claims. Indicative retention periods by data type:

  • Driver Tacho TGD archive: .TGD files voluntarily kept by the user in their personal cloud archive are stored for a maximum of five (5) years from the upload date; after that they are deleted automatically. The user can manually delete any file at any time from within the tool.
  • Card–user link: the record linking the driver card number to the holder's email account is kept while the account is active; it is deleted when the account is deleted.
  • User account and authentication data: kept while the user keeps the account active; deleting the account triggers a cascading deletion of the associated TGDs and metadata.
  • Driver Lex queries and Driver Docs drafts: processed at the moment of use and not stored on Driver Solution servers beyond the technical logs strictly needed for service operation and debugging (platform logs).
  • Contact-form data: kept for as long as needed to handle the query and, where applicable, respond to subsequent complaints.
  • Accounting and billing data: kept in line with applicable tax and commercial rules (generally 6 years under Spanish law).
  • Technical data and cookies: per the durations set out in the Cookies policy.

Data subject rights

You have the right to request access, rectification, erasure, objection, restriction and portability of your data, and to withdraw consent at any time where processing is based on consent. To exercise your rights, please use the contact form with "Privacy - Rights request" in the subject line, and include the documentation required to prove your identity. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) (Spanish law) or your local supervisory authority.

Security measures

Driver Solution applies technical and organisational measures appropriate to the risk (access controls, in-transit encryption, data minimisation, privilege-based access policies). However, no system is invulnerable: in the event of an incident, response protocols will be applied and, where required, notifications made to the authority and data subjects in accordance with the law.

Sensitive data

Please do not request or send specially sensitive data (racial origin, health, beliefs, etc.) unless strictly necessary and with the appropriate legal basis. If such data is sent by mistake, contact us immediately through the form so it can be deleted.

Policy amendments

This policy may be updated. The current version will be published on this page with the date of last revision.

Exercise rights