Privacy Policy — odtah.li Driver mobile app
This policy applies solely to the odtah.li Driver mobile app (Android / iOS). The odtah.li web platform has a separate privacy policy.
Last updated: May 24, 2026
Version: 1.1
1. Operator
The odtah.li Driver mobile app (the “App”) is operated by:
Assistance Solutions s.r.o.
registered office at Příčná 1892/4, 110 00 Prague 1, Czech Republic
Company ID (IČO): 24941778
registered in the Commercial Register of the Municipal Court in Prague, file no. C 445391
data box: 2j2dnga
contact: dpo@odtah.li
(the “Operator”)
The App is a working tool for roadside-assistance and vehicle-recovery drivers. It acts as a client of the odtah.li platform — it displays assigned jobs, navigation, and lets drivers document an intervention. Personal data of drivers and customers is processed by the Operator as a processor under Article 28 GDPR; the controller is the recovery or assistance company that employs or contracts the driver.
To identify the specific controller of your data, contact your employer or the Operator at dpo@odtah.li — we will tell you which platform client manages your data.
2. Device permissions the App uses
The App requests only the permissions necessary to perform work tasks. Each permission can be revoked at any time in device settings; some features may then be unavailable.
| Permission | Purpose | When active |
|---|---|---|
| Camera | Taking photos of the vehicle, damage, and sign-off protocols as part of documenting an intervention | Only when the driver actively takes a photo |
| Location (GPS) | Determining the intervention site and navigating to the vehicle | Only in connection with an active job; the App does not access location in the background |
| Notifications (push) | Alerts about newly assigned jobs and status changes | While signed in |
| Photos and media / storage | Saving captured photos and sign-off protocols to the device gallery | Only when the driver captures a photo as part of documenting an intervention |
The App does not use the microphone and does not record audio. The App does not access contacts, call logs, SMS messages, or the calendar on the device.
3. What data the App collects and why
The following table lists every category of data the App collects or processes, together with its purpose. This list corresponds to the Data Safety declaration on Google Play.
| Data type | Specific data | Purpose | Shared with third parties |
|---|---|---|---|
| Personal identifiers | Driver’s name and email address (obtained at sign-in via email + password or via Google account) | Authentication and account management | No |
| Phone number | Driver’s phone number (previously entered into the platform) | Initiating a notification phone call to the driver about a new job | Yes — Twilio (see section 5) |
| Location | Precise GPS coordinates of the driver during an active job | Determining the intervention site, navigation, job documentation | No |
| Photos | Photos of the vehicle, damage, intervention site, and sign-off protocols | Intervention documentation, evidentiary record, basis for invoicing and claims | No |
| Job data | Customer name and contact, licence plate and vehicle details, address and intervention description, signature | Performance of the assigned job | No |
| In-app activity | Records of actions in the App (opening a job, changing status, taking a photo) | App operation, job life-cycle | No |
| Device identifiers | Device identifier (push token) | Delivery of push notifications | Yes — Google (Firebase Cloud Messaging) |
| Security logs | Sign-in records (time, IP address, device type) | Service security and fraud prevention | No |
The App does not collect data for advertising or marketing purposes, does not sell data to third parties, and data is not used for training machine-learning models or for advertising profiling.
4. Purpose and legal basis
We process data to operate the App and to carry out the driver’s work tasks — job assignment, navigation, and intervention documentation.
Legal basis:
- Performance of a contract (Art. 6(1)(b) GDPR) — between the driver and their employer
- Legitimate interest (Art. 6(1)(f) GDPR) — service security, fraud prevention, and detection and fixing of app bugs
- Compliance with legal obligations (Art. 6(1)(c) GDPR) — accounting and tax regulations
5. Recipients and data location
Data entered in the App is stored on the odtah.li platform within the European Economic Area:
- Data layer: Google Cloud / Firebase, region europe-west1 (Belgium)
- Compute layer: Google Cloud, region europe-west4 (Netherlands)
The Operator does not transfer personal data outside the EU/EEA.
The App shares data with the following third parties, always only to the extent necessary:
- Google LLC (Firebase Cloud Messaging) — receives the device identifier (push token) for notification delivery.
- Twilio Inc. — if the controller uses the phone-notification feature, Twilio receives only the driver’s phone number in order to initiate a notification call. The call reaches the driver as a regular incoming call over the mobile network; the App does not record or process the audio and does not access the microphone.
- SMSbrána s.r.o. — if the controller uses the SMS feature, receives only the driver’s phone number and message text to send the SMS notification.
All communication is encrypted (HTTPS); stored data and data in transit are both encrypted.
Full and current list of sub-processors: https://odtah.li/subprocessors.
6. Retention
- Job data is retained for the duration of the contract between the driver’s employer and the Operator and a further 30 days after its termination (for backup and recovery purposes), then irreversibly deleted.
- Driver account data (email, name) is deleted at the controller’s request or within 90 days of account deactivation.
- Security logs are retained for 90 days.
- Anonymised operational statistics (job counts, intervention times) may be retained indefinitely.
- Accounting records are retained for 10 years under Czech Act No. 563/1991 Coll. on Accounting.
After signing out and uninstalling the App, the App does not retain any personal data on the device beyond the sign-in session and cache. Photos the driver saved to the device gallery remain in the gallery until the driver deletes them; job data remains stored on the platform with the relevant controller.
7. Account and data deletion
You can request deletion of your account and associated personal data in the following ways:
- In the App — request account deactivation via account settings.
- By email — send a deletion request to dpo@odtah.li from the email address associated with your account.
- Through your employer — the controller (your recovery or assistance company) may request deletion of your account on your behalf.
After a deletion request, driver account data (name, email) is deleted within 90 days. Job data associated with completed jobs is retained for the period stated in section 6, as it forms part of the controller’s records and may be subject to statutory accounting archiving; after that period it is irreversibly deleted.
Photos saved to your device gallery can be deleted at any time directly in the device gallery.
8. Your rights
As a data subject you have the right to:
- access your data (Art. 15 GDPR)
- rectification of inaccurate data (Art. 16 GDPR)
- erasure of data (Art. 17 GDPR)
- restriction of processing (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- objection to processing (Art. 21 GDPR)
Exercise these rights with the relevant controller (your recovery or assistance company). The Operator will provide the necessary cooperation. If you do not know which controller processes your data, contact us at dpo@odtah.li — we will tell you the relevant organisation.
You also have the right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
9. Children
The App is a professional work tool intended solely for adult drivers of recovery and assistance companies. It is not intended for children or persons under 18 years of age. We do not knowingly collect personal data from children.
10. Security
To protect personal data we apply:
- Encryption in transit (HTTPS) and at rest
- Data isolation between clients at the level of separate databases
- Multi-factor authentication available for administrator accounts
- Regular security audits (most recent: 19–20 May 2026)
- Incident response plan with a 72-hour notification window per Art. 33 GDPR
Details at https://odtah.li/security.
11. Contact
For matters concerning personal data protection, contact us:
- Email: dpo@odtah.li
- Data box: 2j2dnga
- Postal address: Assistance Solutions s.r.o., Příčná 1892/4, 110 00 Prague 1, Czech Republic
12. Changes to this policy
We may update this policy. We will notify you of material changes:
- at the next sign-in to the App (modal notification)
- by email to registered users
The current version is always available at https://app.odtah.li/mobile-privacy.
Version 1.1, effective from May 24, 2026.