Privacy Notice

1. Controller

2. Scope

3. Legal bases for processing

• •Article 6(1)(a) - Consent: location access, optional profile features, and Google OAuth sign-in.
• •Article 6(1)(b) - Contract performance: account registration, order processing, service delivery, and the rewards programme.
• •Article 6(1)(c) - Legal obligation: fiscal and commercial retention requirements.
• •Article 6(1)(f) - Legitimate interests: application security, error monitoring, fraud prevention, and performance optimisation.

4. Data we collect and why

• •Account data (name, email address, encrypted password, unique user ID, account type, creation and update timestamps, account balance): contract performance - to authenticate you and manage your account and order history.
• •Order and service data (pickup and delivery addresses with GPS coordinates, oil volumes, preferred dates and times, special instructions, order status, payment status, driver assignment, update timestamps): contract performance - to process and fulfil used-oil collection and delivery requests.
• •Location data (GPS coordinates, reverse-geocoded address information, distance calculations, route planning data): consent - to support address search, map display, and route planning. You can withdraw consent in your device settings at any time; this may limit app functionality.
• •Rewards programme data (credit balance, transaction history, oil volumes, reward calculations, redemption records): contract performance - to administer eligible exchange and reward behaviour according to current business rules.
• •Authentication and session data (JWT tokens, session data, OTP verification codes valid for 10 minutes, verification attempt logs retained 30 days): legitimate interests - to secure accounts and prevent unauthorised access.
• •Google OAuth data (Google user ID, email, name, profile photo if shared, OAuth tokens): consent - to enable single-click sign-in via Google.
• •Technical and log data (IP address, request timestamp, GMT offset, requested resource, HTTP status code, data volume, app version, OS, device type and model, unique request-tracking identifiers): legitimate interests - to deliver the service, maintain security, and diagnose errors. Retained for 7 days then deleted.
• •Error monitoring data (error messages, stack traces, anonymised usage data, device type, OS version, app version, crash reports, performance metrics): legitimate interests - personal data is automatically removed from error reports; IP addresses are anonymised; no user-identifiable information is included in crash reports. Retained 90 days.
• •Saved addresses and booking preferences: consent - to simplify repeat booking. Deleted when you remove them or close your account.

5. Third-party service providers

• •Clerk Inc. (USA) - authentication and session management. Transfer basis: EU Standard Contractual Clauses.
• •Google LLC (USA) - Google Maps / Places API for map display, address search, route planning, and geocoding. Transfer basis: EU adequacy decision.
• •Geoapify GmbH (EU) - reverse geocoding and address resolution.
• •Sentry / Functional Software Inc. (USA) - error monitoring and crash reporting. Transfer basis: EU Standard Contractual Clauses.
• •Stripe Inc. (USA) - payment processing infrastructure (payment flows are not yet active; this notice will be updated before activation). Transfer basis: EU-US Data Privacy Framework.
• •Vercel Inc. (USA) - website and API hosting. Transfer basis: EU Standard Contractual Clauses.

6. International transfers

7. Retention periods

• •Account data: for the lifetime of your account plus 3 years, unless a different lawful retention period applies.
• •Order and commercial data: retained according to applicable commercial, accounting, and tax obligations.
• •Technical server logs: 7 days.
• •OTP verification codes: 10 minutes after generation.
• •OTP verification attempt logs: 30 days.
• •Error monitoring data: 90 days.
• •Session-scoped cache: cleared when the app is restarted or the browser session changes.
• •Local device data such as secure tokens and app settings: until app uninstall, manual deletion, or account/session cleanup.

8. Data security

• •TLS encryption for data in transit.
• •Role-based access controls.
• •Access logging with request-tracking identifiers.
• •Privacy-aware error reporting.
• •Session and token security controls appropriate to the platform.

9. Automated decision-making

10. Children's data

11. Your rights

• •Right of access (Article 15): obtain confirmation of whether and what personal data we process about you.
• •Right to rectification (Article 16): have inaccurate or incomplete data corrected.
• •Right to erasure (Article 17): request deletion of your data where the processing purpose has ended, consent has been withdrawn, data was processed unlawfully, or deletion is required by law - subject to overriding legal obligations.
• •Right to restriction (Article 18): restrict processing while accuracy is contested, or data is needed for legal claims.
• •Right to data portability (Article 20): receive your data in a structured, machine-readable format.
• •Right to object (Article 21): object to processing based on legitimate interests for reasons relating to your specific situation.
• •Right to withdraw consent (Article 7(3)): withdraw any consent at any time without affecting the lawfulness of prior processing.
• •Right to lodge a complaint (Article 77): file a complaint with the supervisory authority.

12. Supervisory authority

13. Changes to this notice