This is a summary for IT and other departments for buying VDA QMC products

Licensing

Named Licensing Model

• Each tool is licensed to a specific user (“named license”).

• The same user can install and use the tool on any number of devices.

• If needed, license ownership can be transferred by submitting a request to the Webshop.

• Licenses do not expire for the current version of the product, and all minor updates are included.

• Support and updates continue for at least three years, or as long as the associated book/rules remain current.

Software

• Browser-Based Progressive Web App (PWA)

  • Runs in modern browsers with full JavaScript support.

  • Optimized primarily for tablets and workstations, with limited optimization for mobile devices.

  • Operates fully offline after initial installation, as long as the browser’s cache is not cleared.

• Update & Licensing Model

  • The server is only needed to download the latest version and perform periodic license checks (typically every 2–4 weeks).

  • If the product integrates with a REST API backend, additional server communication is used for data exchange.

  • All server interactions (e.g., license requests or API calls) trigger user-visible status messages.

• Technical Stack

  • Built with Angular (legacy products use AngularJS) alongside various open-source libraries.

  • Designed primarily for offline operation, with a file-based architecture.

  • All data is stored in JSON files, facilitating easy data exchange.

  • IndexedDB is used for convenient local storage, though it is not intended as a permanent data repository.

Certifications

Because the product does not store any data outside the client’s device—and we have no access to that data—we currently have no plans to pursue cloud-related certifications such as TSIAX.

Data Privacy

• Outside the scope of licensing data all data is 100% privateAll data—beyond the minimal information required for licensing—is fully private and resides on the user’s device.

• No server communication

  with data

  occurs outside

  the scope

  of license

  check

  checks.

• License information

  contains only required licensing data

  Logging only is limited to essential licensing details only.

• Logs are generated exclusively for licensing and downloading of the tool

  Automatically

  tool-download events, and are automatically deleted after 14 days.

• Users are responsible for data ensuring the safety in context of storage

  • IndexDB is not acceptable permanent data storage user have to save json and pdf files

  • Creation of full backup

  • Creation of report/document saves

Security & Risks

• Servers are Linux low rights servers @Microsoft Azure that are regularly pen tested to avoid delivery of comprised version

• Security Risks due to data communication are negligible due to 100% offline execution

  • Licensing requests are based on minimal required data

• Security Risks for data by our products are low because data is not exchanged

  • IndexDB access is only possible for the correct domain

• Security risks existing only by compromised machines the tool is executed on

  • IndexDB data is protected by the user account the user is using on the device

• Some products allow additional local user logins and also AES data encryption

Copyright

• The software is protected under copyright laws and international agreementsof their locally stored data.

• IndexedDB is not intended for long-term storage; users must back up data by saving JSON and PDF files.

• The tool supports creating full backups and saving reports/documents for data preservation.

Security & Risks

• Secure Server Infrastructure

  • Our servers run on Linux with restricted privileges, hosted in Microsoft Azure.

  • Regular penetration testing ensures no compromised versions are delivered.

• Minimal Data Transmission

  • The software executes fully offline, limiting potential security threats from data communication.

  • Licensing requests transmit only the minimal data required.

• Local Data Storage

  • All product data remains on the user’s device, with no online exchange.

  • IndexedDB access is restricted to the correct domain and protected at the operating system level under the user account.

  • Some products support additional local user logins and AES encryption for enhanced security.

• User-Specific Risks

  • The primary risk arises if the user’s device is compromised; otherwise, security risks are minimal given the local-only data model.

Copyright Notice

This software is protected by copyright laws and international treaties. Any unauthorized reproduction, distribution, or use of this program, in whole or in part, may

...

result in significant civil and criminal penalties, and will be prosecuted to the fullest extent permitted by law. © VDA QMC. All rights reserved.

...

Sales, Distribution & Support

• VDA-QMC (https://vda-qmc.de/en/ ) https:// andwebshop.vda.de/QMC/en/apps):
  DevelopmentSales, distribution, Technical Support and Service Desk management by InfoSysC (https://and non-technical support

• InfoSysC (infosysc.de/impressum):
  Development, technical support, and service desk management