3. Why we use your data — legal bases

4. Sharing with third parties

We share personal data only with vetted processors who act on our instructions and under written data processing agreements. Categories include:

• Cloud hosting: OVH Cloud (France, Gravelines / Strasbourg — EU only).
• Vehicle telematics providers — depending on which vehicle or e-bike you connect, this can include: vehicle manufacturers operating their own telematics endpoint (e.g. Tesla Fleet API), with whom Wagoi maintains direct OAuth integration agreements; telematics aggregators that unify data across many OEMs into a single API; eBike platforms acting as data holders under the EU Data Act. The specific manufacturer or platform for each vehicle you connect is identified in the in-app Consent Center at the moment of connection. The current authoritative list of all telematics providers we use, with each provider’s role, jurisdiction, transfer safeguards, and the categories of data shared, is published at wagoi.eu/providers and updated as we onboard new providers.
• Vehicle identity lookup: EU-based vehicle-data providers selected per country of registration to decode a VIN into descriptive attributes.
• Analytics & crash: PostHog (EU-hosted), Sentry (EU-hosted).
• Email: Brevo (France, EU).
• Push: Firebase Cloud Messaging (Google LLC, US — SCCs).
• Payments: Mollie (Netherlands, EU). Wagoi does not handle card details — only customer and transaction identifiers.

Vehicle imagery shown in the app may be generated using third-party AI models. When this is done, Wagoi sends only non-personal descriptive vehicle attributes (such as brand, model, model year, and colour); no Vehicle Identification Number, frame number, account information, or telemetry is shared with those AI models.

We do not sell your personal data and we do not share it with advertising networks.

4a. EU Data Act recipient role

Where the EU Data Act (Regulation (EU) 2023/2854, in force since 12 September 2025) applies to your vehicle, e-bike or other connected product, Wagoi acts as a registered data recipient of the manufacturer or platform that holds the product data. The manufacturer remains the source of the data; Wagoi receives it on your behalf under your explicit consent given to that manufacturer.

You can revoke that consent at any time, either through Wagoi’s settings or directly with the manufacturer or platform. Withdrawal takes effect immediately for future data flows; data already received is handled in accordance with §6 (Retention) below.

Wagoi’s obligations as a data recipient under the Data Act include honouring the purpose-limitation of the access (we will not use the data for purposes you did not authorise), not on-sharing the data with competitors of the data holder, and implementing the same security measures as for any other personal data we process.

5. International transfers

Where personal data is transferred outside the European Economic Area, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where required, supplementary technical measures (encryption in transit and at rest, pseudonymisation of identifiers sent to non-EU processors).

6. Retention

• Account data: kept while your account is active and for up to 12 months after deletion (legal-obligation and dispute-handling window). On request we may delete sooner, subject to legal exceptions.
• Vehicle telemetry and trips: retained as long as the vehicle is connected. Free-tier users see only the most recent trips; full history is available via Wagoi Plus.
• Crash reports: 90 days.
• Anonymous product analytics: aggregated indefinitely, individual events for up to 13 months.
• Magic-link tokens: 15 minutes from issuance.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data deleted (right to be forgotten) — use wagoi.eu/delete-account.
• Restrict or object to certain processing.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time (for consent-based processing such as analytics or marketing) without affecting the lawfulness of prior processing.
• Lodge a complaint with your local data-protection authority. In Malta this is the Office of the Information and Data Protection Commissioner (IDPC).

To exercise any of these rights, email privacy@wagoi.eu. We respond within 30 days.

8. Consent Center

The Wagoi app contains an in-app Consent Center where you can toggle granular processing consents (analytics, marketing, telemetry, recommendations). Changes take effect immediately and apply going forward. We do not use pre-ticked boxes, and we do not bundle marketing consent with terms acceptance (in line with EU Court of Justice case C-673/17 “Planet49”).

9. Security

We protect your data with industry-standard measures:

• HTTPS with certificate pinning in the mobile app.
• Authentication tokens stored in platform-secure storage (iOS Keychain / Android Keystore).
• Encryption-at-rest for sensitive credentials, with versioned key rotation.
• Audit logs of administrative access to user data.
• Daily encrypted backups to OVH Object Storage in the EU.

No system is perfectly secure. If you believe your account has been compromised, contact security@wagoi.eu immediately.

10. Children

The Service is not directed at children under 16 (or the higher minimum age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@wagoi.eu and we will delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes (major-version bumps) are communicated in-app and require renewed acceptance before continued use. Minor clarifications, editorial fixes, and additions to our public providers list (minor or patch versions) do not require re-acceptance. Previous versions remain accessible at /privacypolicy-vX-Y-Z.

12. Contact

For questions about this Privacy Policy or to exercise your rights, contact privacy@wagoi.eu. For security disclosures, contact security@wagoi.eu.

3. Why we use your data — legal bases

4. Sharing with third parties

We share personal data only with vetted processors who act on our instructions and under written data processing agreements. Categories include:

• Cloud hosting: OVH Cloud (France, Gravelines / Strasbourg — EU only).
• Vehicle telematics providers — depending on which vehicle or e-bike you connect, this can include: vehicle manufacturers operating their own telematics endpoint (e.g. Tesla Fleet API), with whom Wagoi maintains direct OAuth integration agreements; telematics aggregators that unify data across many OEMs into a single API; eBike platforms acting as data holders under the EU Data Act. The specific manufacturer or platform for each vehicle you connect is identified in the in-app Consent Center at the moment of connection. The current authoritative list of all telematics providers we use, with each provider’s role, jurisdiction, transfer safeguards, and the categories of data shared, is published at wagoi.eu/providers and updated as we onboard new providers.
• Vehicle identity lookup: EU-based vehicle-data providers selected per country of registration to decode a VIN into descriptive attributes.
• Analytics & crash: PostHog (EU-hosted), Sentry (EU-hosted).
• Email: Brevo (France, EU).
• Push: Firebase Cloud Messaging (Google LLC, US — SCCs).
• Payments: Mollie (Netherlands, EU). Wagoi does not handle card details — only customer and transaction identifiers.

Vehicle imagery shown in the app may be generated using third-party AI models. When this is done, Wagoi sends only non-personal descriptive vehicle attributes (such as brand, model, model year, and colour); no Vehicle Identification Number, frame number, account information, or telemetry is shared with those AI models.

We do not sell your personal data and we do not share it with advertising networks.

4a. EU Data Act recipient role

Where the EU Data Act (Regulation (EU) 2023/2854, in force since 12 September 2025) applies to your vehicle, e-bike or other connected product, Wagoi acts as a registered data recipient of the manufacturer or platform that holds the product data. The manufacturer remains the source of the data; Wagoi receives it on your behalf under your explicit consent given to that manufacturer.

You can revoke that consent at any time, either through Wagoi’s settings or directly with the manufacturer or platform. Withdrawal takes effect immediately for future data flows; data already received is handled in accordance with §6 (Retention) below.

Wagoi’s obligations as a data recipient under the Data Act include honouring the purpose-limitation of the access (we will not use the data for purposes you did not authorise), not on-sharing the data with competitors of the data holder, and implementing the same security measures as for any other personal data we process.

5. International transfers

Where personal data is transferred outside the European Economic Area, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where required, supplementary technical measures (encryption in transit and at rest, pseudonymisation of identifiers sent to non-EU processors).

6. Retention

• Account data: kept while your account is active and for up to 12 months after deletion (legal-obligation and dispute-handling window). On request we may delete sooner, subject to legal exceptions.
• Vehicle telemetry and trips: retained as long as the vehicle is connected. Free-tier users see only the most recent trips; full history is available via Wagoi Plus.
• Crash reports: 90 days.
• Anonymous product analytics: aggregated indefinitely, individual events for up to 13 months.
• Magic-link tokens: 15 minutes from issuance.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data deleted (right to be forgotten) — use wagoi.eu/delete-account.
• Restrict or object to certain processing.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time (for consent-based processing such as analytics or marketing) without affecting the lawfulness of prior processing.
• Lodge a complaint with your local data-protection authority. In Malta this is the Office of the Information and Data Protection Commissioner (IDPC).

To exercise any of these rights, email privacy@wagoi.eu. We respond within 30 days.

8. Consent Center

The Wagoi app contains an in-app Consent Center where you can toggle granular processing consents (analytics, marketing, telemetry, recommendations). Changes take effect immediately and apply going forward. We do not use pre-ticked boxes, and we do not bundle marketing consent with terms acceptance (in line with EU Court of Justice case C-673/17 “Planet49”).

9. Security

We protect your data with industry-standard measures:

• HTTPS with certificate pinning in the mobile app.
• Authentication tokens stored in platform-secure storage (iOS Keychain / Android Keystore).
• Encryption-at-rest for sensitive credentials, with versioned key rotation.
• Audit logs of administrative access to user data.
• Daily encrypted backups to OVH Object Storage in the EU.

No system is perfectly secure. If you believe your account has been compromised, contact security@wagoi.eu immediately.

10. Children

The Service is not directed at children under 16 (or the higher minimum age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@wagoi.eu and we will delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes (major-version bumps) are communicated in-app and require renewed acceptance before continued use. Minor clarifications, editorial fixes, and additions to our public providers list (minor or patch versions) do not require re-acceptance. Previous versions remain accessible at /privacypolicy-vX-Y-Z.

12. Contact

For questions about this Privacy Policy or to exercise your rights, contact privacy@wagoi.eu. For security disclosures, contact security@wagoi.eu.