Legal

Privacy Policy

How we collect, use, and protect your information when you use Wreet and our website.

Effective date
02.10.2025.
Home Order
Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Data
  4. Legal Bases (GDPR)
  5. Desktop App & Contract Signing
  6. Cookies & Tracking
  7. Payments
  8. Sharing & Disclosure
  9. Data Retention
  10. Security
  11. Your Rights (EEA/UK)
  12. International Transfers
  13. Children’s Privacy
  14. Pre-Purchase Digital Agreement
  15. Changes to This Policy
  16. Contact Us

Tip: use the contents list to jump to any section.

This page is provided for your convenience and is not legal advice. If you operate in specific jurisdictions or have special compliance needs, please have your counsel review.

1) Who We Are

BENC ELEKTRONIK (trading as “BencMotorsport”) (“we”, “us”, “our”) develops and sells the "Wreet" file calculator for repairing car electronics.

  • Website: https://benc-motorsport.com
  • Product: Wreet (software)
  • Data Controller: BENC ELEKTRONIK (trading as BencMotorsport)
  • Registered/Operating country: Croatia (EU)
  • VAT ID: HR46540246369
  • Contact: info@benc-motorsport.com

2) Data We Collect

  • Contact & account data — name, email, company, VAT details (if provided), and messages sent to support.
  • Transaction data — pre-order selections, prices, currency, timestamps. Payment card data is handled by our payment processor (see Payments).
  • Technical data (web) — device/browser information, IP address, HTTP headers, and server logs used for security, performance, and debugging.
  • Usage data (web & app) — feature interactions, error events, performance metrics, and high-level activity logs used to improve the product and detect/prevent abuse. We do not inspect the contents of your ECU files for marketing purposes.
  • Marketing preferences — opt-in to emails, unsubscribes, and related communication settings.
  • Desktop app identifiers & device binding — technical signals used to derive a persistent, Wreet-specific hardware identifier, including (for example) Windows Machine GUID, SMBIOS/board UUID, and CPU identifier, which are combined and cryptographically hashed into a unique hardware ID; your computer name and OS username; a non-exportable device key stored on your device (only its public key is sent to us); and request metadata such as headers (X-Hardware-ID, X-App-Client) and cookies used for licensing, authentication, and security. Navigation and requests inside the desktop app are limited to our own domains and services.
  • Security & integrity signals — information derived from checks for debuggers, instrumentation/profilers, and certain remote-control/screen-sharing tools. These checks are primarily performed locally to protect against tampering and unauthorized access. Where necessary, we may log that an instrumentation or integrity issue was detected.
  • Contract-signing data — first name, last name, email (from your account), street address, postal code, city, country, agreement checkbox, drawn signature (PNG/base64), typed full name, and a generated PDF of the signed agreement.

3) How We Use Data

  • Provide and improve Wreet; fulfill orders/pre-orders; deliver updates and support.
  • Validate licenses and device binding, prevent unauthorized use, and enforce fair use and contractual limits.
  • Generate and store legally binding digital agreements (subscription contracts).
  • Analyze performance and relevant usage patterns to detect, investigate, and prevent abuse, fraud, tampering, or misuse (including suspicious automation, reverse engineering, or sharing).
  • Process payments and send purchase confirmations, service messages, and critical notices.
  • Comply with legal obligations (invoicing, accounting, tax/VAT, record-keeping).
  • With consent: send product news, promotions, onboarding tips, and other marketing communications.
  • Contract — to deliver the services/features you request, manage your account, and conclude/perform subscription agreements.
  • Legitimate interests — product improvement, ensuring service reliability, information security, license validation, device binding, and targeted anti-abuse and anti-tampering measures.
  • Consent — optional marketing emails and certain non-essential cookies or analytics where required.
  • Legal obligation — tax, accounting, regulatory compliance, and retention of contract records and related evidence.

    • Where processing is based on our legitimate interests, we have carried out a Legitimate Interests Assessment (LIA) to ensure that such processing is necessary, proportionate, and balanced against the rights and freedoms of data subjects. We apply safeguards such as data minimization, hashing or derivation of identifiers, limited retention, and access controls to reduce privacy impact.

5) Desktop App & Contract Signing

5.1 Desktop App Identifiers & Device Binding

The Wreet Desktop app is designed as a secure shell that only loads our own web application on approved domains. To protect the service and enforce licensing, the app:

  • Derives a Wreet-specific hardware ID from certain system identifiers (such as Windows Machine GUID, SMBIOS UUID, and CPU identifier). These values are combined and hashed into a token (e.g. wreet1-…) before being used or transmitted.
  • Generates a non-exportable cryptographic device key (ECDSA P-256). The private key remains on your device; the public key may be sent to our servers to enable secure device verification.
  • Includes headers such as X-Hardware-ID and X-App-Client, and a secure cookie, on requests to our services for authentication, licensing, anti-fraud and integrity checks.
  • Restricts in-app navigation to our service domain; external links are opened in your system browser, not inside Wreet.

These measures allow us to recognize compliant clients, detect cloned or tampered builds, and link a subscription to authorized devices without exposing raw hardware identifiers more than necessary.

We design these mechanisms in accordance with the principle of data minimization. Raw system identifiers are not stored where derived or hashed values are sufficient, and hardware-related data is used solely for licensing, security, and integrity purposes and not for marketing, profiling, or tracking users across unrelated services.

5.2 Contract Signing (Digital Agreement)

When you sign the Service Subscription Agreement, we collect: your first name, last name, email, address (street, postal code, city, country), your acceptance checkbox, your drawn signature (PNG/base64) and typed full name. We generate a PDF of the agreement containing this information. PDFs are stored securely (e.g., in Azure Blob Storage), typically under a filename derived from your email (or similar identifier), and are retained as part of our contractual and legal records.

5.3 Telemetry, Anti-Abuse & Remote-Control Detection

We may use technical and usage data from the Wreet Desktop app and our web services to: detect suspicious behavior (such as unauthorized sharing, automation, or reverse engineering), protect accounts, and maintain service integrity.

The desktop app locally checks for certain remote-control or screen-sharing tools (e.g., AnyDesk, TeamViewer, VNC variants and similar) by comparing running process names against a predefined list. If such software is detected:

  • Wreet may log you out and close the application to protect your data and our service.
  • The check is performed locally; we do not transmit a full list of your running processes. Only the fact that a disallowed condition exists may be logged or used to enforce our security policy.

These checks do not involve continuous monitoring of user behavior, keystrokes, screen contents, or communications. They are limited to determining the presence or absence of predefined technical conditions required to protect the integrity and security of the Wreet software and services.

5.4 Anti-Debugging & Integrity Protection

To prevent tampering, the desktop app may:

  • Detect active debuggers, profilers, or known instrumentation frameworks.
  • Check for suspicious modules or abnormal timing behavior that suggests instrumentation.
  • Verify that the running binary matches an expected integrity fingerprint obtained from our server.

If such conditions are detected, the app may refuse to run, perform a logout, and/or record a minimal diagnostic log entry. These checks are aimed solely at protecting the security and integrity of Wreet and our users.

5.5 Automated Security Decisions

Certain security and integrity measures within Wreet are applied automatically, such as temporary access restrictions, session termination, or refusal to run the application where integrity or licensing violations are detected.

These measures are necessary to protect our services, intellectual property, and users. Where such actions have a significant effect, users may contact us to request information, express their point of view, or seek human review of the decision.

6) Cookies & Tracking

We use essential cookies and similar technologies for authentication, security, and core functionality of our website and web-based components of Wreet. We may use analytics tools to understand aggregate usage and improve the product. Where required by law, we will ask for your consent before setting non-essential cookies or similar tracking technologies. You can control cookies via your browser settings.

7) Payments

Payments are processed by third-party providers (e.g., PayPal). We do not store full payment card details on our servers. Your payment data is handled under the processor’s own terms and privacy notices.

8) Sharing & Disclosure

  • Service providers — hosting (e.g., Microsoft Azure), payment processors, email delivery, logging/monitoring, and customer support tools. Their access is limited to what is necessary to perform services for us.
  • Legal — where necessary to comply with law, enforce our terms, investigate suspected fraud, abuse, or security incidents, or protect our rights, users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, in which case data may be transferred under appropriate safeguards.

9) Data Retention

  • Contract data and signed PDFs — retained for the duration of your subscription/relationship and for mandatory legal/accounting periods and defense of legal claims.
  • Hardware IDs, device keys, and licensing data — retained as long as reasonably necessary for licensing, security, integrity protection, and enforcement of our terms.
  • Usage and security logs — retained for operational and security purposes, typically for limited periods, unless longer retention is required for incident investigation, legal purposes, or statutory obligations.

When data is no longer required, we take steps to securely delete or irreversibly anonymize it.

10) Security

  • Use of TLS/HTTPS for communication with our services.
  • Encryption at rest for sensitive data stored in our infrastructure where appropriate.
  • Use of Windows DPAPI and non-exportable keys for protecting certain secrets on the client device.
  • Hashing and tokenization of hardware identifiers before or during transmission (we work with derived identifiers rather than relying on raw values wherever possible).
  • Restriction of the desktop app’s embedded browser to our own domains; external links open in the user’s default browser.
  • Automatic denial of risky WebView2 permissions (such as built-in basic auth prompts or certain device access) within the desktop shell.
  • Integrity checks, anti-debugging, and remote-control detection mechanisms to prevent unauthorized access, tampering, or abuse.
  • Access controls and least-privilege principles for staff and systems handling personal data.

No method of transmission or storage is 100% secure, but we actively maintain and improve technical and organizational measures to protect your information.

11) Your Rights (EEA/UK)

  • Access your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data, subject to legal/contractual retention requirements.
  • Request restriction of processing in certain circumstances.
  • Object to processing based on our legitimate interests.
  • Request data portability where applicable.
  • Withdraw consent at any time where processing is based on consent (this does not affect prior lawful processing).
  • Lodge a complaint with your local supervisory authority.

Please note that certain data may need to be retained despite a deletion request where required to comply with legal obligations, establish, exercise or defend legal claims, or enforce our contractual terms, including the prevention of fraud, abuse, or unauthorized use of the software.

To exercise your rights, contact us at info@benc-motorsport.com.

12) International Transfers

We aim to process and store data in the EEA (for example, using Azure EU regions such as Germany West Central). Where data is transferred outside the EEA/UK, we rely on appropriate safeguards (such as Standard Contractual Clauses) or other mechanisms permitted by applicable law.

13) Children’s Privacy

Wreet is intended for professional and business use. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

14) Pre-Purchase Digital Agreement

Before purchasing Wreet Software, users are informed that a digital agreement will be required. This agreement includes Terms of Service, data collection and processing information, and acknowledgement of how personal and technical data may be used in accordance with this Privacy Policy. Access to the software may be conditional on signing this agreement.

15) Changes to This Policy

We may update this Policy from time to time. We will update the “Effective date” above and, where appropriate, notify you of significant changes through the website, within the Wreet app, or by email.

16) Contact Us

Questions about this Policy or your data?

  • Email: info@benc-motorsport.com
  • Company: BENC ELEKTRONIK (trading as BencMotorsport), Croatia (EU) — VAT ID: HR46540246369