1 · Who is the controller
The data controller for the technician's account data and for the technical identifiers processed through the remote services module is LandBech Tech Solutions, incorporated in the State of Delaware, United States. Contact for privacy and data-protection requests: legal@landbechtool.com.
2 · Categories of data we process
A · Account & licensing
- Email address used to sign in and receive transactional notifications.
- Workshop name, country of operation and tax/registry identifier when voluntarily provided.
- License tier, authentication tokens and consumption metrics (per-operation timestamps and credit deltas).
B · Technical identifiers of the device under intervention
When the technician submits an order against the remote services module (e.g. carrier-unlock check, blacklist verification, factory firmware lookup, repair status), the software collects and transmits the following identifiers strictly to execute that order:
- IMEI / IMEI2 (15 digits) or device serial number, model and manufacturer.
- Originating carrier or lock-source reported by the device.
- Country selected by the technician for the order.
- Order identifier and timestamp.
These identifiers are technical data of the equipment. We treat them as personal data when they are linked to the device's lawful holder, in accordance with GDPR Art. 4 and the equivalent definitions of the other regulations listed above.
C · AI diagnostic context
When the technician invokes the integrated AI assistant, the application sends a redacted snapshot of the device context (model, chipset, operating-system version, bootloader/recovery/EDL state, error code) for the sole purpose of generating the requested technical suggestion. The customer's personal data (contacts, photos, messages, account credentials, biometrics, message contents) is never collected by the software and is never transmitted.
D · Forensic chain-of-custody
A local log of operations executed during each session is stored on the technician's machine. It is not transmitted automatically to LandBech Tech Solutions servers; it may be exported by the technician on demand for the technician's own compliance purposes.
E · Payment data
Card payments are handled exclusively by certified PCI-DSS processors (currently Stripe and Square). LandBech Tech Solutions does not store the full card number; only the last four digits and the processor token are kept to allow the technician to identify their card on file and to issue refunds.
F · Shipping data (physical store)
When the technician purchases a physical item from the store, we process the recipient address, contact phone and carrier tracking ID for the sole purpose of delivering the order.
3 · Purpose and legal basis
| Purpose | Data category | Legal basis |
|---|---|---|
| Authentication & session | A | Performance of the contract (GDPR Art. 6(1)(b); CCPA "necessary to perform a service"). |
| Execute remote services orders | B | Performance of the contract (GDPR Art. 6(1)(b)). The technician acts as data controller toward the equipment's lawful holder. |
| AI assistance | C | Performance of the contract on explicit user request. |
| Billing & anti-fraud | A, E | Performance of the contract and legitimate interest in preventing fraud (GDPR Art. 6(1)(b) and 6(1)(f)). |
| Tax and accounting compliance | A, E, F | Legal obligation (GDPR Art. 6(1)(c) and equivalents). |
| Ship physical orders | F | Performance of the contract. |
We do not sell personal data, do not build behavioural profiles, do not run advertising trackers and do not transfer data to marketing platforms.
4 · Sub-processors and recipients
We work with the following categories of processors strictly under written contractual confidentiality, with GDPR Art. 28 obligations, and only for the purposes listed above:
| Processor | Purpose | Region |
|---|---|---|
| Supabase Inc. | Hosting, PostgreSQL database, authentication, file storage. | USA / EU |
| Stripe, Inc. | Card payments and refunds. | USA |
| Block, Inc. (Square) | Alternative card payment rail. | USA |
| OpenAI, LLC | Generation of AI diagnostic suggestions on technician request (category C). | USA |
| Resend, Inc. | Transactional e-mail delivery (receipts, order updates, support). | USA / EU |
| Authorized upstream processors for remote services | Execution of remote unlock / blacklist / firmware-lookup orders submitted by the technician (category B). | USA / EU / APAC |
| Logistics carrier | Shipping of physical orders (category F). | Per destination country |
The current operating list of upstream remote-services processors is available on written request to legal@landbechtool.com. We update this section whenever a new sub-processor is added.
5 · International transfers
Some sub-processors operate data centres outside the technician's country, mainly in the United States and the European Union. International transfers are protected by the EU Standard Contractual Clauses (2021/914) for processors based in the EEA and equivalent contractual safeguards (UK IDTA, Latin American transfer agreements) where applicable. Pseudonymisation and access controls are applied wherever technically possible.
6 · Retention period
- Account data: duration of the active subscription plus six (6) years for tax and audit obligations.
- Technical identifiers of devices submitted to remote services: time strictly necessary to execute and audit the order, with a maximum default of 24 months from the order date, after which the identifiers are pseudonymised.
- AI diagnostic context: not retained on our servers beyond the lifecycle of the request; the AI processor's own retention is governed by its DPA.
- Forensic chain-of-custody log: stored locally on the technician's machine; not retained by LandBech Tech Solutions.
- Payment records: minimum 7 years to comply with tax and accounting law.
7 · Data-subject rights
Under GDPR, UK-GDPR, CCPA/CPRA, LGPD and LFPDPPP (as applicable to the technician's residence) the data subject may exercise the rights of access, rectification, restriction, portability, erasure, objection, withdrawal of consent (where consent is the basis) and the right not to be subject to solely automated decisions with legal effects. California residents additionally have the right to know, delete, correct, opt-out of sale/sharing (we do not sell or share for cross-context behavioural advertising) and to non-discrimination.
Requests must be addressed to legal@landbechtool.com accompanied by proof of identity. We respond within 30 calendar days. If the request relates to the device's lawful holder (and not to the technician), the request must be channelled through the technician with the holder's documented authorisation.
8 · Security
Data resides on audited Supabase / PostgreSQL infrastructure with Row-Level Security, AES-256 encryption at rest and TLS 1.3 in transit. Backups are encrypted and rotated quarterly. Administrative access is restricted to verified members of the engineering team under multi-factor authentication and is recorded in an immutable audit log. In the event of a personal-data breach affecting the technician we notify within 72 hours under GDPR Art. 33 and equivalents.
9 · Children
LandBech Tool™ is a professional product. We do not knowingly process data of children under 16. If we become aware that we have collected data of a minor without parental authorisation, we will delete it without undue delay.
10 · Changes to this policy
Material changes are notified in-app the next time the technician launches the software and require re-acceptance of the terms. The full change log is published at the top of this page ("Last updated").
11 · Contact
Privacy and data-protection enquiries: legal@landbechtool.com. General queries: support@landbechtool.com.