This is a summary for IT and other departments for buying VDA QMC products

Licensing

Named Licensing Model

• Each tool is licensed to a specific user (“named license”).

• The same user can install and use the tool on any number of devices.

• If needed, license ownership can be transferred by submitting a request to the Webshop.

• Licenses do not expire for the current version of the product, and all minor updates are included.

• Support and updates continue for at least three years, or as long as the associated book/rules remain current.

Software

• Browser-Based Progressive Web App (PWA)

  • Runs in modern browsers with full JavaScript support.

  • Optimized primarily for tablets and workstations, with limited optimization for mobile devices.

  • Operates fully offline after initial installation, as long as the browser’s cache is not cleared.

• Update & Licensing Model

  • The server is only needed to download the latest version and perform periodic license checks (typically every 2–4 weeks).

  • If the product integrates with a REST API backend, additional server communication is used for data exchange.

  • All server interactions (e.g., license requests or API calls) trigger user-visible status messages.

• Technical Stack

  • Built with Angular (legacy products use AngularJS) alongside various open-source libraries.

  • Designed primarily for offline operation, with a file-based architecture.

  • All data is stored in JSON files, facilitating easy data exchange.

  • IndexedDB is used for convenient local storage, though it is not intended as a permanent data repository.

Certifications

Because the product does not store any data outside the client’s device—and we have no access to that data—we currently have no plans to pursue cloud-related certifications such as TSIAX.

Data Privacy

• All data—beyond the minimal information required for licensing—is fully private and resides on the user’s device.

• No server communication occurs outside of license checks.

• License information is limited to essential licensing details only.

• Logs are generated exclusively for licensing and tool-download events, and are automatically deleted after 14 days.

• Users are responsible for ensuring the safety of their locally stored data.

• IndexedDB is not intended for long-term storage; users must back up data by saving JSON and PDF files.

• The tool supports creating full backups and saving reports/documents for data preservation.

Security & Risks

• Secure Server Infrastructure

  • Our servers run on Linux with restricted privileges, hosted in Microsoft Azure.

  • Regular penetration testing ensures no compromised versions are delivered.

• Minimal Data Transmission

  • The software executes fully offline, limiting potential security threats from data communication.

  • Licensing requests transmit only the minimal data required.

• Local Data Storage

  • All product data remains on the user’s device, with no online exchange.

  • IndexedDB access is restricted to the correct domain and protected at the operating system level under the user account.

  • Some products support additional local user logins and AES encryption for enhanced security.

• User-Specific Risks

  • The primary risk arises if the user’s device is compromised; otherwise, security risks are minimal given the local-only data model.

Copyright Notice

This software is protected by copyright laws and international treaties. Any unauthorized reproduction, distribution, or use of this program, in whole or in part, may result in significant civil and criminal penalties, and will be prosecuted to the fullest extent permitted by law. © VDA QMC. All rights reserved.

Sales, Distribution & Support

• VDA-QMC (vda-qmc.de/en/ andwebshop.vda.de/QMC/en/apps):
  Sales, distribution, and non-technical support

• InfoSysC (infosysc.de/impressum):
  Development, technical support, and service desk management