Privacy Policy

1. Information We Collect

1.1 Personal Information

When you create an account and use Fuelito, we collect the following personal information:

• Account Information: Email address, encrypted password, and display name
• Profile Settings: Currency preference, fuel efficiency unit preference (km/L, MPG, L/100km), and language settings
• Payment Information: If you purchase a Pro subscription, payment processing is handled by Apple (App Store) or Google (Google Play). We do not store your payment card details

1.2 Trip and Vehicle Data

To provide our core functionality, we collect and store:

• Vehicle Information: Vehicle name, fuel efficiency rating, fuel type, and vehicle icon
• Trip Data: Origin and destination addresses, distance, duration, estimated fuel consumed, calculated costs, and trip timestamps
• Budget Information: Monthly fuel budget amounts, spending history, and budget alerts
• Fuel Price Data: Manually entered fuel prices for accurate cost calculations

1.3 Location Information

With your explicit permission, we collect location data to:

• Use your current location as a trip starting point
• Calculate accurate trip distances and routes via Google Maps
• Provide location-based features and suggestions

You can control location permissions through your device settings. Denying location access will limit some features but the App will remain functional for manual address entry.

1.4 Usage and Device Data

We automatically collect certain information about how you use the App:

• Device Information: Device type, operating system version, unique device identifiers, mobile network information
• App Usage Statistics: Features used, frequency of use, session duration, screen views
• Error Logs: Crash reports and diagnostic data to improve App stability
• Performance Data: App performance metrics and loading times

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide Core Functionality: Calculate fuel costs, track trips, manage vehicles, monitor budgets, and deliver all app features
• Personalization: Remember your preferences, settings, and provide a customized experience
• Analytics and Improvement: Understand usage patterns, identify popular features, and improve user experience
• Communication: Send important updates, security alerts, feature announcements, and respond to support inquiries
• Customer Support: Provide technical assistance, troubleshoot issues, and respond to your questions
• Security and Fraud Prevention: Detect, prevent, and address technical issues, fraud, abuse, and security threats
• Legal Compliance: Comply with applicable laws, regulations, legal processes, and enforceable governmental requests
• Business Operations: Conduct internal research, auditing, and data analysis to improve our services

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party service providers (Supabase for database, Google Maps for routing) who assist in operating our App, subject to strict confidentiality obligations and data processing agreements
• Legal Requirements: When required by law, court order, subpoena, or government regulation
• Protection of Rights: To protect our rights, property, or safety, or that of our users or the public, as required or permitted by law
• Business Transfers: In connection with a merger, acquisition, bankruptcy, reorganization, or sale of assets, with advance notice to affected users
• With Your Consent: When you explicitly consent to sharing your information for a specific purpose
• Aggregated Data: We may share aggregated, anonymized data that cannot identify you personally for analytics and research purposes

4. Third-Party Services

4.1 Supabase (Database and Authentication)

We use Supabase to securely store your account information, trip data, and app settings. Supabase is an open-source backend service with enterprise-grade security. Your data is encrypted in transit (TLS/SSL) and at rest (AES-256).

Supabase Privacy Policy: https://supabase.com/privacy

4.2 Google Maps Platform

We use Google Maps APIs for:

• Address autocomplete and geocoding (converting addresses to coordinates)
• Route calculation and distance measurement
• Map display and navigation features

When you use these features, Google may collect certain data according to their privacy policy.

Google Privacy Policy: https://policies.google.com/privacy

4.3 Apple App Store / Google Play Store

If you purchase a subscription, payment processing is handled entirely by Apple or Google. We do not have access to your payment card information. Subscription management is also handled through your App Store or Google Play account.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information:

• Encryption: Data in transit is encrypted using TLS/SSL protocols; data at rest is encrypted using AES-256
• Secure Authentication: Passwords are hashed using bcrypt with salt
• Access Controls: Strict access controls and authentication requirements for our systems
• Regular Security Assessments: Periodic security audits and vulnerability assessments
• Secure Infrastructure: Cloud infrastructure with enterprise-grade security (Supabase)
• Data Minimization: We collect only the data necessary to provide our services

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with our services and maintain your account
• Comply with legal obligations (tax, accounting, audit requirements)
• Resolve disputes and enforce our agreements
• Prevent fraud and abuse

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or security purposes. Backup copies may persist for up to 90 days before permanent deletion.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 Access and Portability

You can access and export your data at any time through the App's settings. We provide data in a structured, commonly used, machine-readable format (JSON, CSV).

7.2 Correction

You can update or correct your personal information through the App's settings at any time.

7.3 Deletion

You can request deletion of your account and associated data through the App's settings. See our Account Deletion page for detailed instructions.

7.4 Opt-Out

You can opt out of non-essential communications by adjusting your notification settings in the App.

7.5 Withdraw Consent

You can withdraw consent for location access or other permissions through your device settings at any time.

To exercise any of these rights, please contact us at privacy@fuelito.vercel.app. We will respond within 30 days.

8. Children's Privacy

Fuelito is not intended for use by children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@fuelito.vercel.app, and we will take prompt steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

We ensure that such transfers comply with applicable data protection laws and that your information receives an adequate level of protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Other lawful transfer mechanisms

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information is collected, used, shared, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information

To exercise these rights, contact us at privacy@fuelito.vercel.app. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of processing and access to your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on: (1) your consent, (2) performance of a contract with you, (3) compliance with legal obligations, or (4) our legitimate interests.

12. Cookies and Tracking Technologies

Fuelito is a native mobile application and does not use browser cookies. However, we may use similar technologies:

• Local Storage: To save app preferences, settings, and cached data
• Analytics SDKs: To understand app usage patterns (anonymized)
• Authentication Tokens: To maintain secure login sessions
• Device Identifiers: For app functionality and fraud prevention

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

We will notify you of any material changes by:

• Posting the updated Privacy Policy in the App with a new "Last Updated" date
• Sending you an in-app notification or email (for significant changes)
• Requiring you to accept the updated policy before continuing to use the App (for material changes)

Your continued use of the App after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within a reasonable timeframe, typically within 30 days. For urgent privacy concerns, please mark your email as "Urgent - Privacy Matter."