Introducing a mileage logbook across a company sounds straightforward. In practice, it often fails over small things: unclear exports, tedious daily usage, or a tool that creates more admin work than it eliminates.
This is not a sales pitch. It is an honest assessment of whether Xevono fits your setup, what it costs, and where the limits are.
- iOS app for companies needing cost transparency and clean documentation
- Each user works with their own app – no central dashboard
- Trip data stays decentralized: locally on the device, optionally in user’s own cloud
- GoBD-compliant documentation in Germany
- From EUR 69.99/year – business discounts available
Key Numbers
| Metric | Value |
|---|---|
| Verified trips | 4,000+ in production |
| App crashes | 0 confirmed since launch |
| Verification | Azure Immutable Storage (WORM) |
| Data residency | Switzerland (Zurich) |
| Encryption | AES-256-GCM (NIST SP 800-38D) |
| Redundancy | Geo-redundant (RA-GRS) to Geneva |
| Export formats | PDF & GDPdU/IDEA |
Where Xevono Fits Well
Xevono works best for companies where the mileage logbook should run in the background without becoming its own project.
- Your team needs a logbook that documents reliably without daily manual effort
- You need clear export formats (PDF and GDPdU) for your tax advisor
- Privacy matters: you prefer not having all movement data aggregated at a vendor
- You want a vendor that responds to feedback and ships improvements quickly
In short: Xevono is for teams that treat the mileage logbook as stable background infrastructure, not as the next tool that generates process overhead.
Where Xevono Is Not a Good Fit
Being upfront about limitations builds more trust than overselling.
- Need a central dashboard for administering all employees in one place
- Expect classic centralized server storage of all trip data
- Require Android support
Why this is the case:
Each user has their own iOS app. There is no centralized data storage on our servers because we deliberately do not operate any for trip data. Data lives locally on the device and optionally in the user’s cloud account (iCloud, Google Drive, OneDrive, Dropbox). For verification, only cryptographic checksums are stored server-side. No complete trip data, no GPS coordinates, no routes, no addresses.
This is not a gap in the product. It is a deliberate design decision in favor of privacy.
What Your Team Gets in Daily Use
Low Overhead, Not a Maintenance Project
The logbook should not become an extra administrative burden. Xevono is built for a lean daily workflow:
- Trips are documented in the background
- Apple CarPlay integrated: control trips directly from the car dashboard
- Siri Shortcuts and iOS workflows reduce manual steps
- Automatic gap detection: discrepancies between odometer and trips are flagged
Onboarding takes minutes, not hours. Add vehicle and driver, start your first trip, done.
Exports for Tax Advisors and Internal Audits
Capture alone is not enough. The data needs to be usable downstream.
| Format | Use Case |
|---|---|
| PDF export | Documentation and filing |
| GDPdU/IDEA | Structured processing during tax audits |
Additionally: Traceable data with entry-level checksums and a complete audit trail.
Privacy: Decentralized by Design
- Primary trip data stays locally on the device
- Sync through user-chosen cloud accounts (iCloud, Google Drive, OneDrive, Dropbox)
- Cloud backups encrypted with AES-256-GCM – key stays in iOS Keychain
- On our end, only cryptographic evidence (SHA-256) – no GPS data, routes, or addresses
For companies with high privacy standards, this architecture is often more robust than a centralized “everything on one server” model.
GoBD and Compliance: Precise Boundaries
This section is deliberately specific, because overpromising here is common in the industry.
- Documentation following GoBD guidelines
- GoBD-compliant process flow in Germany
- SHA-256 checksum for each entry
- Immutable audit trail for all changes
- Deleted entries remain fully traceable
- No blanket “tax authority guaranteed” promises
- No tax advice
- Binding assessments are your tax advisor’s responsibility
The app is fully usable for internal business documentation. The specific GoBD commitment applies to Germany only.
Security and Infrastructure
The verification path uses an Azure-based architecture:
| Feature | Details |
|---|---|
| Storage | Immutable (WORM) in Azure Switzerland North (Zurich) |
| Redundancy | Geo-redundant (RA-GRS) to Geneva |
| Retention | 10 years, compliant with SEC 17a-4(f) |
Microsoft engaged Cohasset Associates, a leading firm specializing in records management and information governance, to independently assess Azure immutable Blob storage. Cohasset confirmed compliance with CFTC Rule 1.31©-(d), FINRA Rule 4511, and SEC Rule 17a-4(f) – the most stringent global guidelines for records retention in financial services. The Cohasset report is available in the Microsoft Service Trust Center.
This infrastructure secures verification and integrity artifacts. It is not a centralized storage model for your complete trip data.
Additional app-level security features:
| Feature | Description |
|---|---|
| Firebase App Check | Verifies app authenticity (DeviceCheck/App Attest) |
| HMAC-SHA256 Signatures | Prevents manipulation in case of device compromise |
| Jailbreak Detection | 40+ check points, entirely local |
| Biometrics | FaceID/TouchID for critical actions |
Support: What “Fast” Actually Looks Like
Many vendors promise fast support. Here is one documented timeline from real operations:
| Time | Event |
|---|---|
| Fri, 16:51 | Customer reports bug |
| Fri, 19:29 | First response from our side |
| Fri, 21:13 | Customer provides additional details |
| Sat, 15:33 | Fix implemented and tested |
| Sat, 20:24 | Apple approves update – app live |
Under 24 hours. Over the weekend. No ticket system.
This is not an exception. It reflects how we handle feedback: directly, personally, without bureaucratic overhead.
In-House Approach vs. Xevono
Many teams face the same question: build internally or use an existing solution?
- Maximum control over features
- Ongoing maintenance burden (iOS updates, export logic, QA)
- Own responsibility for compliance changes
- Internal resource commitment
- Operational in minutes, not months
- Ongoing product maintenance incl. compliance updates
- Feedback integrated into product development
- No internal app project required
If deep custom platform control is your priority, in-house may make sense. If you want a logbook that runs reliably without tying up resources, Xevono is typically the more pragmatic path.
Pricing and Terms
| Model | Price |
|---|---|
| Single-user price | EUR 69.99/year (incl. 19% German VAT) |
| Business discounts | By team size and contract term |
| Minimum term | From 1 month |
| Trial licenses | Available on request |
Contact: [email protected]
Provider: Valeford UG (haftungsbeschränkt), based in Solingen, Germany, registered at Amtsgericht Wuppertal under HRB 36207. VAT ID: DE459434162. B2B customers with a valid EU VAT ID receive invoices without German VAT (reverse charge procedure). Invoicing is typically automated via Stripe.
Frequently Asked Questions
Is Xevono guaranteed to pass every tax audit?
Do you offer centralized employee management?
Do you store our trip data on your servers?
Is Android supported?
Can we use the app in Austria or Switzerland?
How quickly can we get started?
Do we need special hardware?
How does the encryption work?
What export formats are available?
Common Misconceptions
Not necessarily. Decentralized data architecture is a deliberate product decision. For many companies, it is the stronger privacy posture.
That depends on the use case. When each user controls their own data and the vendor has no access to trip details, it reduces risks that exist with centralized databases.
No. GoBD compliance describes adherence to technical and organizational requirements. Case-specific acceptance always depends on the actual operational process and the responsible authority.
Glossary
| Term | Explanation |
|---|---|
| GoBD | German regulatory standard for digital bookkeeping and record retention. |
| GDPdU | German standard governing data access and auditability of digital records. Defines export format for tax audits. |
| WORM | Write Once Read Many. Storage technology that technically prevents modification or deletion. |
| AES-256-GCM | Encryption standard with 256-bit key. Provides encryption and integrity verification. |
| SHA-256 | Cryptographic hash function for unique checksums. Any change alters the checksum completely. |
| RA-GRS | Read-Access Geo-Redundant Storage. Azure storage model with automatic replication to a secondary region. |
Next Step
If you want to check whether Xevono fits your workflow, get in touch with your specific setup. You will get an honest assessment of whether it is a good fit.
Alternatively, download the app from the App Store and test it yourself.