Back to Fuel Finder

Privacy Policy

Last updated: December 2024

1. Introduction

Welcome to Fuel Finder UK ("we", "our", or "us"). We are committed to protecting your privacy and personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services at fuel-finder.uk.

Fuel Finder UK is operated as a personal project by an individual based in the United Kingdom. For the purposes of data protection law, the operator acts as the data controller.

2. Information We Collect

2.1 Account Information

If you choose to create an account, we collect:

  • Email address (required for registration)
  • Password (stored in encrypted/hashed form)
  • Display name (optional)
  • Account creation date

2.2 User-Generated Content

When you contribute to our community features, we collect:

  • Price Reports: Fuel prices you submit, associated fuel station, fuel type, and optional photo evidence
  • Issue Reports: Reports of station issues (incorrect opening times, price corrections) and descriptions
  • Station Suggestions: New station submissions including address, postcode, brand, and optional details
  • Station Ratings: Your ratings (1-5 stars) across categories (overall, speed, reliability, safety, cleanliness) and optional comments

2.3 Favourites and Alerts

  • Favourite Stations: Stations you save to your favourites list
  • Price Alerts: Alert preferences including target prices, fuel types, and notification settings

2.4 Technical and Usage Data

We automatically collect certain technical information:

  • IP Address: Collected with submissions (price reports, issue reports, station suggestions, ratings) for abuse prevention and fraud detection
  • Device Information: Browser type, operating system, and device type (for push notification subscriptions)
  • Session Data: Session identifiers for maintaining your logged-in state and tracking anonymous favourites

2.5 Location Data

We may collect location data in the following ways:

  • GPS/Device Location: Only when you explicitly grant browser permission to use your location for finding nearby stations
  • Postcode/Address Searches: Location search terms you enter are used to find nearby stations but are not permanently stored

Your precise GPS location is not stored on our servers. Location permission can be revoked at any time through your browser settings.

2.6 Push Notification Data

If you enable push notifications, we store:

  • Push subscription endpoint (browser-specific URL)
  • Encryption keys for secure message delivery
  • Device/browser information
  • Notification preferences and quiet hours settings

3. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

  • Contract: Processing necessary to provide our services when you create an account or use our features
  • Consent: Where you have given explicit consent, such as for push notifications, price alerts, and marketing communications
  • Legitimate Interests: For abuse prevention, fraud detection, service improvement, and maintaining platform integrity

4. How We Use Your Information

We use the collected information to:

  • Provide our fuel price comparison and route planning services
  • Create and manage your user account
  • Send account verification and password reset emails
  • Process and display your community contributions (price reports, ratings, etc.)
  • Send price alert notifications when fuel prices meet your criteria
  • Deliver push notifications you have opted into
  • Calculate and display your community points, achievements, and leaderboard position
  • Prevent abuse, spam, and fraudulent submissions
  • Determine trusted reporter status based on submission accuracy
  • Improve our services through aggregated, anonymised usage analysis

5. Data Storage and Retention

5.1 Local Storage (Your Device)

Some preferences are stored locally on your device using browser localStorage, including fuel type preference, vehicle settings, and display preferences. This data never leaves your device and can be cleared through your browser settings.

5.2 Server Storage

Data stored on our servers includes:

  • Account data: Retained until you delete your account
  • User contributions: Price reports, ratings, and suggestions are retained indefinitely to maintain historical price data and community value
  • Favourites and alerts: Retained until you remove them or delete your account
  • Email verification/reset tokens: Automatically expire after 24 hours
  • Push subscriptions: Retained until you unsubscribe or the subscription fails

5.3 Image Storage

Photos uploaded as evidence for price reports, issue reports, or station suggestions are stored using Cloudinary, a third-party cloud storage service. These images are retained as long as the associated report exists.

6. Cookies and Similar Technologies

We use the following cookies:

  • Session Cookie (sessionid): Essential cookie that maintains your logged-in state. Duration: 30 days. This cookie is secure (HTTPS only) and HttpOnly (not accessible to JavaScript).
  • CSRF Token (csrftoken): Essential security cookie that protects against cross-site request forgery attacks.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not use Google Analytics or similar tracking services.

7. Third-Party Services

Our service integrates with the following third-party services:

  • OpenStreetMap/Nominatim: For geocoding (converting postcodes/addresses to coordinates) and map tiles. Your search location is sent to their servers. Privacy Policy
  • OSRM (Open Source Routing Machine): For route planning functionality. Start and end coordinates are sent to calculate routes.
  • Cloudinary: For storing user-uploaded images (photo evidence for reports). Privacy Policy
  • IONOS: For sending transactional emails (verification, password reset, price alerts). Your email address is processed by their servers. Privacy Policy

Each of these services has their own privacy policies governing their data handling practices.

8. Email Communications

We send the following types of emails:

  • Account Verification: One-time email to verify your email address when you register
  • Password Reset: Sent when you request to reset your password
  • Price Alerts: Notifications when fuel prices drop below your set threshold (you can unsubscribe from each alert individually)

All price alert emails include a one-click unsubscribe link. We do not send marketing emails or share your email address with third parties for marketing purposes.

9. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Service Providers: With third-party services listed in Section 7, solely for providing our services
  • Public Display: Your display name (if set), community contributions, and leaderboard position may be publicly visible to other users
  • Legal Requirements: If required by law, court order, or to protect our legal rights

10. International Data Transfers

Some of our third-party service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR requirements.

11. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details in Section 15. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: ico.org.uk/make-a-complaint

12. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption for all data transmission
  • Password hashing using industry-standard algorithms (PBKDF2)
  • Secure, HttpOnly session cookies
  • CSRF protection on all forms
  • Content Security Policy headers
  • Rate limiting to prevent abuse
  • Secure token generation for email verification and password reset

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Children's Privacy

Our Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us at:

Email: hello@fuel-finder.uk

Please note: Fuel Finder UK is operated by a solo developer as a personal project. While I endeavour to respond to all enquiries, there may be some delay in response times.