Privacy Policy

Refuelr ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights over that data.

1. Information We Collect

We collect the following categories of information:

1.1 Account and Profile Information

• Email address and username (required for account creation and authentication).
• First name and last name (optional profile fields).
• Password (transmitted securely for authentication; stored as a hash on our servers).

1.2 Vehicle and Fuel Data

• Vehicle information: Make, model, year, and other details of vehicles you add.
• Fuel records: Odometer readings, fuel amounts, fuel costs, dates, fuel type, and station information you enter.
• Trip data: Trip distances, categories, and associated fuel records.
• Maintenance records: Scheduled and completed maintenance events, service providers, and associated costs.
• Monthly fuel budget: Optional budget amount you set in app settings.

1.3 Photos and Documents

• Receipt images: Photos captured via camera for automated receipt scanning. When you use receipt scanning, these images are sent to a third-party AI service for text extraction (see Section 3).
• Maintenance documents: Files you upload as supporting documentation for maintenance records. These are stored on cloud infrastructure (AWS S3).

1.4 Location Data

• Approximate location: Fuel station coordinates (latitude/longitude) that you optionally enter or select via a map picker. We do not access your device's GPS or request location permissions.

1.5 Device and Diagnostic Information

• Crash reports: Anonymised crash traces and error information collected automatically via Firebase Crashlytics.
• App usage analytics: Aggregate usage statistics collected automatically via Firebase Analytics (e.g., screen views, feature usage).
• Bug reports: When you voluntarily submit a bug report, we collect device model, operating system version, SDK level, screen resolution, and available memory.
• Push notification token: A Firebase Cloud Messaging (FCM) device token is generated and stored on our servers to deliver push notifications (e.g., maintenance reminders).

1.6 Financial Information

• In-app purchase history: Subscription purchase tokens are processed through Google Play Billing to verify your subscription status. We do not store your payment method details.

We do not collect precise GPS location, contacts, call logs, SMS, calendar data, health data, or audio recordings.

2. How We Use Your Information

• To provide and maintain the Refuelr service (fuel tracking, statistics, maintenance reminders).
• To sync your data across sessions via our backend API.
• To process receipt images for automated data extraction using AI-powered text recognition.
• To deliver push notifications about maintenance reminders and service updates.
• To display advertisements via Google AdMob (see Section 4).
• To verify and manage your subscription status via Google Play Billing.
• To send account-related emails (OTP verification, password reset) when you request them.
• To export your data as CSV files when you request a data export.
• To improve app stability and fix bugs using crash report analytics.
• To understand aggregate app usage patterns and improve the service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services that may collect or process your data:

• Firebase Analytics (Google): Collects aggregate usage statistics and app interaction data. See Firebase Privacy.
• Firebase Crashlytics (Google): Collects crash traces and device information for stability monitoring. See Firebase Privacy.
• Firebase Cloud Messaging (Google): Delivers push notifications using a device token. See Firebase Privacy.
• Google AdMob: Displays advertisements in the app. AdMob may collect your Advertising ID and use the Android Privacy Sandbox APIs (Topics API, Attribution Reporting API) for ad personalisation. See Google Ads Privacy and Section 4 below.
• Third-Party AI Services: Processes receipt images for automated text extraction. Images are sent to the provider's servers for processing, and the provider's own data retention policies apply.
• Google Sign-In: Optional OAuth authentication using your Google account. See Google Privacy Policy.
• Google Maps SDK: Displays map tiles for station location selection. Map tile requests may include device data. See Google Privacy Policy.
• Google Play Billing: Processes in-app subscription purchases. Purchase tokens are shared with Google for verification. See Google Privacy Policy.
• ML Kit Text Recognition (Google): Performs on-device text recognition on receipt images. Processing occurs entirely on your device; no data is sent to external servers.
• Amazon Web Services (AWS): Stores maintenance document uploads on AWS S3 cloud storage.

4. Advertising

Refuelr displays advertisements through Google AdMob. The AdMob SDK may collect the following data for ad serving and measurement:

• Advertising ID: Your Android Advertising ID may be collected by AdMob for ad personalisation and measurement.
• Privacy Sandbox APIs: Refuelr participates in the Android Privacy Sandbox, including the Topics API (for interest-based advertising) and the Attribution Reporting API (for ad conversion measurement).
• Ad interactions: Information about ads displayed and your interactions with them.

Your choices:

• When required by law (e.g., in the European Economic Area), you will be shown a consent prompt before personalised ads are served.
• You can opt out of personalised advertising by adjusting your device's ad settings (Settings > Privacy > Ads on Android).
• You can reset your Advertising ID or opt out of ad personalisation at the system level.

5. Data Storage and Security

• On-device: Authentication tokens are stored in Android's EncryptedSharedPreferences (AES-256 encryption). App preferences are stored in DataStore. Fuel records and vehicle data are cached in a local Room database.
• On our servers: Your account, fuel, vehicle, trip, and maintenance data are stored on our backend infrastructure. All data is transmitted exclusively over HTTPS (TLS).
• Cloud storage: Maintenance documents are stored on AWS S3 with server-side encryption.
• Receipt images: Images captured for receipt scanning are processed transiently and are not permanently stored on our servers.

6. Your Rights (GDPR and equivalents)

If you are located in the European Economic Area, the UK, or other jurisdictions with equivalent data protection laws, you have the following rights:

• Right of access: You can export your fuel records, vehicle data, trip data, and maintenance records as CSV files from the app (Settings > Export Data).
• Right to deletion: You can permanently delete your account and all associated data from the app (Settings > Delete Account). You can also request account deletion via our web-based deletion form. Deletion is irreversible and completed within 30 days.
• Right to rectification: You can edit any fuel record, vehicle, trip, or maintenance record directly in the app.
• Right to data portability: Your exported CSV files contain your data in a machine-readable format.
• Right to object: You can manage ad personalisation via your device's ad settings and adjust analytics preferences by contacting us (see Section 9).

7. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all associated data — including fuel records, vehicle data, trips, maintenance records, and uploaded documents — is permanently removed from our servers within 30 days. Crash report data retained by Firebase Crashlytics and analytics data retained by Firebase Analytics are subject to Google's retention policies.

8. Children's Privacy

Refuelr is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the revised policy.