INTRODUCTION & SCOPE

Fuelshine ("Company," "we," "our," or "us") respects your privacy and is committed to transparent and responsible data handling practices. This Privacy Policy explains:

• What personal and sensitive data we collect

• How we collect, use, and process your data

• Who we share your data with

• Your rights and how to exercise them

• How long we retain your information

• How we protect your data

• How we handle data breaches

• Regional privacy law compliance

 

This Privacy Policy applies to:

• Fuelshine mobile application (iOS, Android)

• Fuelshine web dashboard (www.getfuelshine.com)

• Fuelshine fleet management platform (for teams and enterprises)

• All services, features, and sub-domains offered by Fuelshine

Important: By downloading, registering, or using Fuelshine, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

 

PART 1: DATA COLLECTION

1.1 Data You Provide Directly

Personal Identification Information

• Full name (first and last name)

• Email address

• Phone number

• Postal/mailing address

• Profile picture or avatar

• Password and security credentials

 

Government Identification (for Tax & Compliance)

• Driver's License number and expiration date

• Driver's License images/scans (front and back)

• Driving License class/type

• Government-issued ID photos

• Date of birth (for identity verification only)

 

Vehicle Information

• Vehicle registration number (plate/VIN)

• Vehicle make, model, year

• Vehicle color and type (sedan, SUV, truck, etc.)

• Odometer reading (initial and ongoing)

• Vehicle ownership documents

• Insurance policy details (optional, for integration)

 

Payment & Subscription Information

• Credit card number (tokenized, not stored)

• Debit card number (tokenized, not stored)

• Payment method type (Stripe, Square, Apple Pay, Google Pay)

• Billing address

• Subscription tier and renewal date

• Payment history and invoices

• Tax identification number (for B2B users)

 

Communication & Support Data

• Messages, emails, chat transcripts with Fuelshine support

• Feedback, suggestions, problem reports

• Photos or videos submitted for support tickets

• Audio recordings (only with explicit consent for customer service training)

 

1.2 Data Generated During App Usage

Location Data

Collection Method: GPS, network-based location services (WiFi), cellular triangulation

What we collect:

• Real-time GPS coordinates (latitude/longitude) with ±5-20 meter accuracy

• Location accuracy radius

• Timestamps for each location point

• Routes taken (origin to destination)

• Dwell time at locations (time spent at stops)

• Geofences (when you enter/exit predefined zones)

When we collect:

• Foreground: When app is actively open on your device

• Background: When app is running in the background (if you enable "Background Location" permissions)

• Passive: When vehicle ignition is active (via OBD connection)

Why we collect:

• Accurate trip tracking for mileage calculations

• Real-time vehicle location for fleet managers

• Fuel efficiency mapping and route optimization

• Geofence-based notifications

• Tax compliance documentation

Important: GPS accuracy may be reduced in tunnels, urban canyons, and underground parking. We recommend manual location verification for critical tax records.

 

On-Board Diagnostics (OBD) Data

Collection Method: Bluetooth or USB-connected OBD-II scanner

What we collect (when vehicle ignition is on):

• Fuel consumption (MPG/L per 100km)

• Engine RPM (revolutions per minute)

• Vehicle speed (real-time and average)

• Engine load percentage

• Throttle position

• Intake air temperature

• Coolant temperature

• Battery voltage

• Fuel level percentage

• Diagnostic Trouble Codes (DTCs) – indicates vehicle problems

• Oxygen sensor data

• Transmission gear position

• Acceleration/braking patterns

• Idle time

• Emissions-related parameters

Why we collect:

• Real-time fuel efficiency insights

• Eco-driving coaching and feedback

• Vehicle maintenance alerts

• Insurance telematics scoring (optional)

• Fleet performance analytics

• Predictive vehicle health monitoring

Important: OBD data is collected only when vehicle ignition is active. Standard connector is OBD-II (most vehicles 1996+). Some luxury vehicles may use proprietary protocols.

 

Mobile Sensor Data

What we collect:

• Accelerometer data: Acceleration, braking, cornering forces (for driving behavior analysis)

• Gyroscope data: Vehicle lean and tilt angles

• GPS: Altitude, bearing, speed variation

• Barometer: Air pressure (may indicate altitude or tunnels)

• Magnetometer: Compass heading

Why we collect:

• Harsh acceleration/braking detection

• Driving safety scoring

• Collision detection (potential accident alerting)

• Turn detection for route analysis

• Eco-driving feedback

 

Usage & Analytics Data

What we collect:

• Features used (which buttons clicked, which reports viewed)

• Time spent on each feature/screen

• Settings preferences and configurations

• Number of trips logged per week/month

• Dashboard views and searches

• Goal setting and achievement data

• EcoPoints earned and redeemed

• Notifications opened/ignored

• In-app error messages and crashes

Why we collect:

• Product improvement and feature development

• User experience optimization

• Identifying bugs and performance issues

• Understanding user behavior patterns

• Personalized recommendations

 

Device & System Data

What we collect:

• Device model and manufacturer (iPhone 14 Pro, Samsung Galaxy S24, etc.)

• Operating system version (iOS 18, Android 15, etc.)

• App version number

• Device unique identifiers (IDFA, Android Advertising ID)

• Device name

• Mobile network carrier name

• WiFi network name (SSID) – not password

• Bluetooth device names of connected OBD scanners

• Screen resolution and orientation

• Language and regional settings

• Timezone

• Device storage space available

Why we collect:

• Debugging and compatibility testing

• Performance optimization for different devices

• Feature availability by OS version

• Crash diagnostics

IP Address & Network Data

What we collect:

• IP address (IPv4/IPv6)

• ISP/carrier information (derived from IP)

• Approximate location based on IP (city/region, not precise)

• Network type (WiFi, 4G, 5G)

• Connection timestamp

• Data transmission size and duration

• Bandwidth usage

Why we collect:

• Security and fraud prevention

• Server load balancing

• Customer support troubleshooting

• Geographic compliance verification

Log Data

What we collect:

• Error logs: App crashes, failures, exceptions

• Performance logs: Response times, API latency

• Access logs: Login times, failed login attempts

• Server logs: Request/response details, HTTP status codes

• Security logs: Permission changes, data access events

Why we collect:

• Diagnosing technical issues

• Improving app stability

• Detecting unauthorized access attempts

• Legal compliance and audit trails

​

 

1.3 Data from Third Parties

Fleet Manager/Employer Data (For Team Accounts)

If you're using Fuelshine as a fleet driver under an employer account, your employer may provide:

• Your employment status

• Fleet vehicle assignments

• Manager/supervisor identity

• Performance targets and goals

• Department or cost center information

 

Data from Integrated Services

• Insurance Partners: Driving score, accident history, policy discounts

• Payment Processors (Stripe, Square, RevenueCat): Payment confirmation, refund status

• Analytics Providers (PostHog, Mixpanel): Aggregated usage patterns

• Telematics Providers: Historical driving records (if you authorized sync)

• Fuel Card Partners: Fuel purchase history (optional integration)

• CRA/IRS: Mileage audit records (if you enable tax document export)

 

Data from Other Sources

• Public vehicle registration records (to verify vehicle ownership)

• Insurance company databases (for discount eligibility checks)

• Fraud prevention services (to detect suspicious activity)

• Business credit bureaus (for B2B customer verification)

​

​

1.4 Data You Choose NOT to Provide

You can always refuse to provide optional data. However, refusing may limit certain app features:

​

​

​

​​

​

​

 

​

​

​

​​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PART 2: HOW WE USE YOUR DATA

2.1 Core Service Delivery

 

Trip Tracking & Mileage Calculation

• Accurate mileage logging for personal or business use

• Automatic trip categorization (commute, business, personal)

• Trip summaries with distance, duration, fuel consumption

• Real-time odometer synchronization across devices

• Historical trip archive (searchable, exportable)

 

Tax Compliance Documentation

• CRA (Canada) Compliance: Auto-generated mileage logs in CRA format for T2125 deductions

• IRS (USA) Compliance: Export vehicle expenses in IRS Publication 587 format for Schedule C

• Timestamp validation: Proof of contemporaneous records for tax audits

• Expense categorization: Business vs. personal trip separation

• Mileage rate application: Automatic or manual rate setting per tax year

Important Disclaimer: Fuelshine does not provide tax or legal advice. Always consult a certified accountant or tax professional. We provide data; interpretation and filing remain your responsibility.

 

Fuel Efficiency Insights

• Real-time MPG/consumption display

• Trip-by-trip fuel cost breakdown

• Monthly and yearly fuel consumption trends

• Fuel cost projections

• Pump location history

• Fuel price comparison across stations

 

Eco-Driving Coaching

• Harsh acceleration/braking alerts

• Speeding notifications

• Idle time warnings

• Optimal gear/RPM recommendations

• DriveSmart Score™ (0-100 rating based on driving behavior)

• Personalized tips for fuel savings

• Carbon emissions tracking and reduction targets

 

Vehicle Health Monitoring

• Diagnostic Trouble Code (DTC) interpretation

• Maintenance reminders (oil change, tire rotation, filter replacement)

• Battery health alerts

• Fluid level warnings

• Belt/hose inspection schedules

• Parts recall notifications

 

Real-Time Fleet Tracking (Team/Enterprise Feature)

• Current location of all fleet vehicles

• Live trip progress and ETA

• Driver availability status

• Real-time alerts (harsh braking, speeding, geofence breach)

• Idle time tracking

• Fuel consumption by vehicle

• Route optimization for multiple stops

​

 

2.2 Analytics & Improvement

Product Development

• Identifying which features are most used

• Understanding user behavior flows

• A/B testing new features and UIs

• Detecting bugs and performance issues

• Prioritizing feature improvements

• Optimizing onboarding and setup processes

 

Personalization & Recommendations

• Custom fuel savings tips based on your vehicle type

• Eco-driving coaching adapted to your location (highway vs. city)

• Personalized alerts based on your driving patterns

• Recommended maintenance based on mileage and vehicle age

• Smart refill reminders based on your consumption rate

 

Aggregated & De-identified Analytics

We may anonymize and combine your data with other users' data to understand:

• Average fuel consumption by vehicle model/year

• Common maintenance issues in specific regions

• Seasonal driving pattern changes

• Geographic fuel price trends

• EcoPoints program effectiveness

​

2.3 Insurance & Risk Management

Insurance Integration (Optional)

If you consent to insurance partner integration:

• Your DriveSmart Score™ is shared with partnered insurers

• Hard braking, speeding, and collision event frequency may affect premium discounts

• Telematics data helps verify insurance claims

• Low-risk drivers may qualify for discounts (typically 10-30%)

• High-risk drivers may face premium increases or policy non-renewal

 

Fraud Prevention & Claims Verification

• Detecting suspicious mileage claims (e.g., 500 miles in one day without corresponding logs)

• Cross-referencing fuel purchases with mileage claims

• Verifying vehicle damage vs. reported accident timelines

• Identifying falsified trip records

• Preventing premium evasion schemes

Important: Insurance companies use this data independently. Fuelshine is not responsible for insurance decisions or premium changes based on telematics data.

 

2.4 Business Operations & Support

Customer Service & Support

• Reviewing your support tickets and crash reports

• Diagnosing technical issues with your device setup

• Personalizing support responses based on your vehicle type

• Improving our customer support training (with audio consent only)

• Preventing fraudulent support requests

• Monitoring account security threats

 

Billing & Subscription Management

• Processing payments and subscription renewals

• Issuing invoices and receipts

• Handling refunds and chargebacks

• Detecting and preventing payment fraud

• Managing promotional offers and credits

• Revenue analysis by subscription tier

 

Account Security

• Monitoring for unauthorized access attempts

• Detecting unusual activity patterns

• Implementing brute-force attack protection

• Managing password reset requests

• Session management and logout tracking

• Two-factor authentication (2FA) verification

 

Marketing & Communications (With Consent)

• Sending feature updates and product announcements

• Promotional offers and seasonal campaigns (only if opted in)

• Educational content about fuel savings and vehicle maintenance

• Satisfaction surveys and feedback requests

• Event invitations (webinars, workshops)

• Re-engagement campaigns for inactive users

Your consent: You can opt out of marketing emails anytime via the unsubscribe link or in-app settings.

​

2.5 Legal & Regulatory Compliance

Compliance with Laws

• Responding to legal requests from law enforcement (subpoenas, court orders)

• Complying with tax authority requests (CRA, IRS)

• Fulfilling regulatory obligations (vehicle emissions reporting)

• Preventing fraud, money laundering, and identity theft

• Enforcing our Terms of Service

 

Corporate Transactions

• In case of merger, acquisition, bankruptcy, or reorganization, your data may be transferred to the acquiring entity (with notice and privacy policy continuation)

 

Public Safety

• Sharing location data with emergency services if you report an accident or emergency

• Detecting patterns of dangerous driving or vehicle theft

• Assisting law enforcement investigations (only with legal authority)

​

 

​PART 3: DATA SHARING & RECIPIENTS

3.1 Who We Do NOT Share Your Data With

❌ We do NOT:

• Sell your personal data to advertisers or data brokers

• Rent your email list to third-party marketers

• Share your location with corporate advertisers

• Disclose your driving behavior without consent

• Allow third-party SDKs to collect data beyond stated purposes

• Use your data for micro-targeting or discriminatory profiling

 

3.2 Who We DO Share Your Data With

Service Providers (Data Processors)

These vendors process data on our behalf under strict data processing agreements (DPA):

​

​

​

​

​​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Data Processing Agreements: All service providers are contractually bound to GDPR, PIPEDA, CCPA compliance. We regularly audit their security practices.

​

Tax & Government Authorities

We may share data with:

• Canada Revenue Agency (CRA): In response to legal audit requests or subpoenas

• Internal Revenue Service (IRS): For US tax verification (only with user export)

• State/Provincial Tax Authorities: Vehicle registration and usage data (as required by law)

• Law Enforcement: Location, trip, or vehicle data (only with valid warrant, court order, or emergency)

• Regulatory Bodies: Emissions and fuel economy data (in aggregate)

Fleet Managers / Employers (Team Accounts)

If you're a fleet driver:

• Your manager can see: Real-time location, trip details, fuel consumption, DriveSmart Score

• Your manager CANNOT see: Personal trip purposes, communications with support, payment information

• You can request trip privacy for personal errands (manager sees "Personal Trip" without details)

• All fleet data is controlled by your employer under our Data Processing Agreement

Fraud Prevention & Credit Services

• Fraud Detection Services: MaxMind, Sift Science (for payment fraud detection)

• Identity Verification: Jumio, Onfido (for government ID verification)

• Credit Reporting: May report fraudulent accounts to Equifax/TransUnion (Canada) or Equifax/Experian/TransUnion (US)

​

3.3 Third-Party Integrations

Optional Services

If you connect your Fuelshine account to third-party apps, we may share limited data:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

Important: Third-party services have their own privacy policies. Review them before connecting.

​

PART 4: DATA RETENTION

We retain data only as long as necessary to provide services and comply with legal obligations:

Retention Schedule by Data Type

​

​

​​

​

 

 

 

 

 

 

 

 

 

Account Deletion

When you delete your Fuelshine account:

1. Immediate deletion:

   • Account credentials and password

   • Subscription and payment method

   • Active trip data (not yet synced)

2. 30-day grace period:

   • All personal identification data

   • OBD and sensor readings

   • Support tickets and messages

   • Location history

   • Driver's License images

   During this period, you can restore your account and prevent permanent deletion.

3. After 30 days (permanent deletion):

   • All remaining personal data

   • Backups and archived data

   • Data forwarded to third parties

4. NOT deleted (legal retention):

   • Tax/mileage records (7 years for CRA/IRS compliance)

   • Payment records (7 years for financial audits)

   • Dispute/fraud investigation records (as required by law)

   • De-identified/anonymized analytics

Request deletion: Email privacy@getfuelshine.com with "Account Deletion Request" in the subject line. We will confirm deletion within 30 days.

​

PART 5: DATA SECURITY & PROTECTION

5.1 Technical Security Measures

Encryption

• In Transit: All data transmitted between your device and our servers uses TLS 1.3 (HTTPS) encryption

• At Rest: All personal data stored in our database is encrypted using AES-256

• Payment Data: Tokenized through PCI-DSS Level 1 compliant processors (Stripe, Square); credit card numbers are never stored

Access Controls

• Role-based access: Only authorized employees can access user data

• Principle of least privilege: Staff see only data necessary for their role

• Multi-factor authentication: Mandatory 2FA for all employee accounts

• Audit logging: All access to sensitive data is logged and reviewed monthly

Infrastructure Security

• AWS Security: Hosted on AWS with EC2 auto-scaling, RDS encryption, VPC isolation

• DDoS Protection: Cloudflare DDoS mitigation

• Intrusion Detection: 24/7 monitoring for unauthorized access attempts

• Backup & Disaster Recovery: Automatic daily backups to geographically separated regions; tested monthly

Application Security

• Code Review: All code changes reviewed by 2+ engineers before deployment

• Static Analysis: Automated security scanning (SAST) on all code commits

• Dependency Scanning: Regular updates to third-party libraries (vulnerability patches within 24 hours)

• Penetration Testing: Annual third-party security audits

• SSL Certificates: Wildcard certificates, auto-renewed, 256-bit encryption minimum

​

5.2 Organizational Security Measures

Employee Training

• Annual data protection & privacy training (mandatory)

• GDPR, PIPEDA, CCPA compliance certification

• Phishing awareness and security protocols

• Confidentiality agreements (signed on hire)

Data Minimization

• Collect only what's necessary

• Automatic purging of unnecessary data per retention schedule

• Regular data audits to identify & remove obsolete records

• De-identification of data for analytics

Vendor Management

• Annual security assessments of all vendors

• Data Processing Agreements (DPA) with all service providers

• Regular penetration testing of vendor platforms

• Right to audit vendor compliance

Privacy by Design

• Privacy impact assessments (DPIA) for all new features

• Privacy considerations in product development

• Default privacy-protective settings (opt-in for optional data collection)

• Transparent privacy controls in app settings

​

5.3 What We CANNOT Guarantee

⚠️ No method of data transmission or storage is 100% secure. While we use industry-standard protections, we cannot guarantee absolute security against:

• Sophisticated nation-state attacks

• Quantum computing threats

• Zero-day vulnerabilities

• Insider threats

• Loss of encryption keys due to user error

• Interception by ISPs or network administrators

• Malware on your personal device

Your responsibility:

• Use strong, unique passwords

• Enable two-factor authentication (2FA)

• Keep your device software updated

• Do not share your account credentials

• Report suspicious activity immediately

​

​

PART 6: YOUR PRIVACY RIGHTS & CHOICES

6.1 Rights Vary by Location

Depending on where you live, you have specific legal rights:

 

🇪🇺 If you're in the European Union, UK, or EEA:

GDPR Rights (Article 15-22):

• Right to Access: Request a copy of all data we hold about you

• Right to Rectification: Correct inaccurate or incomplete data

• Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention)

• Right to Restrict Processing: Prevent us from using your data for specific purposes

• Right to Data Portability: Receive your data in machine-readable format (JSON, CSV)

• Right to Object: Opt out of marketing, profiling, and automated decision-making

• Rights Related to Automated Decision-Making: Know when AI/algorithms make decisions affecting you

• Withdraw Consent: Stop optional processing (marketing, analytics) anytime

How to exercise: Email privacy@getfuelshine.com with your request. We respond within 30 days (extendable to 90 days for complex requests). No fees apply.

Escalation: If unsatisfied, contact your local Data Protection Authority (DPA):

• Ireland: Data Protection Commission (DPC)

• Germany: Federal Data Protection Commissioner

• France: CNIL

• Other EU: National DPA (see gdpr.eu)

 

🇨🇦 If you're in Canada (PIPEDA):

PIPEDA Rights:

• Right to Access: Request your personal information (ATIP request)

• Right to Correction: Correct inaccurate data

• Right to Challenge: Question the accuracy, completeness, or use of your data

• Right to Opt Out: Decline marketing communications and non-essential processing

• Breach Notification: Receive notice if a data breach poses real risk of significant harm

How to exercise: Email privacy@getfuelshine.com. We respond within 30 days.

Escalation: If unsatisfied, contact the Office of the Privacy Commissioner of Canada (OPC).

​

​🇺🇸 If you're in California (CCPA/CPRA):

CCPA/CPRA Rights:

• Right to Know: Request what personal information we collect, use, and share

• Right to Delete: Request deletion of your personal information (limited exceptions)

• Right to Correct: Correct inaccurate personal information

• Right to Opt Out: Opt out of "sale" or "sharing" of personal data (including for cross-context behavioral advertising)

• Right to Limit Use: Limit our use of sensitive personal information

• Right to Non-Discrimination: We cannot penalize you for exercising your rights

• Right to Access Profile Inferences: Know what characteristics/inferences we've made about you

What counts as "sale" under CCPA: Sharing data with third parties for monetary consideration or valuable consideration. Sharing with service providers (for service delivery) is NOT a sale.

How to exercise: Use the "Privacy Rights" form in your account settings, or email privacy@getfuelshine.com with "CCPA Request" in the subject. We respond within 45 days.

Escalation: If unsatisfied, contact the California Privacy Protection Agency (CPPA).

​

🇧🇷 If you're in Brazil (LGPD):

LGPD Rights:

• Right to Access: Request your personal data

• Right to Rectification: Correct inaccurate data

• Right to Deletion: Request deletion (with exceptions)

• Right to Data Portability: Receive data in structured format

• Right to Confirmation: Confirm whether data about you is processed

• Right to Anonymization: Request anonymization instead of deletion

• Right to Opt Out: Decline non-essential processing

How to exercise: Email privacy@getfuelshine.com with your request. We respond within 15 business days.

Escalation: Contact the Brazilian Data Protection Authority (ANPD – Autoridade Nacional de Proteção de Dados).

​

🇦🇺 If you're in Australia (Privacy Act, APPs):

Privacy Act Rights:

• Right to Access: Request your personal information

• Right to Correction: Correct or update inaccurate data

• Right to Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

• Right to Privacy: Protection against serious privacy invasions (new tort)

How to exercise: Email privacy@getfuelshine.com. We respond within 30 days.

Escalation: Contact the OAIC.

 

🇸🇬 If you're in Singapore (PDPA):

PDPA Rights:

• Right to Access: Request your personal information

• Right to Correction: Correct inaccurate data

• Right to Withdraw Consent: Withdraw consent for future processing (does not affect past processing)

• Right to Opt Out: Decline direct marketing

How to exercise: Email privacy@getfuelshine.com. We respond within 30 days.

Escalation: Contact the Personal Data Protection Commission (PDPC).

​

6.2 In-App Privacy Controls

You can manage your privacy anytime in Fuelshine Settings → Privacy & Security:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

PART 7: DATA BREACH NOTIFICATION

7.1 Our Commitment

If we become aware of a data breach that poses a real risk of significant harm to you, we will:

1. Assess the breach immediately (within 24 hours of discovery)

2. Notify you without undue delay via email, SMS, or in-app notification

3. Notify regulators as required:

   • GDPR: Within 72 hours to supervisory authorities

   • PIPEDA: As soon as feasible to Office of Privacy Commissioner + affected individuals

   • LGPD: Within reasonable timeframe to ANPD

   • Others: Per local law requirements

4. Provide in the notification:

   • What data was compromised

   • When the breach occurred

   • What we're doing to fix it

   • What you can do to protect yourself

   • Contact information for questions

 

7.2 Real Risk of Significant Harm

We evaluate breach severity based on:

• Sensitivity of data: Payment info > location data > analytics data

• Likelihood of misuse: If data is encrypted, risk is lower

• Number of people affected: 1 user vs. 10,000 users

• Attacker sophistication: Accidental deletion vs. deliberate theft

• Your vulnerability: Senior citizens, high-income individuals at greater risk

Example: If an unencrypted backup drive is lost with 100 users' Driver's License photos → Real risk of harm → We notify.

Example: If anonymized, aggregated fuel consumption data is accessed → No real risk → We may not notify but will still investigate.

 

PART 8: CHILDREN'S PRIVACY

8.1 Age Restrictions

Fuelshine is not intended for children under 13 years old. We comply with:

• COPPA (USA): Children's Online Privacy Protection Act

• GDPR Article 8 (EU): Parental consent for under-16s

• Similar laws: PIPEDA, LGPD, PDPA child protection rules

8.2 If We Discover a Child's Data

If we discover that someone under 13 has created an account or provided personal information:

1. We will immediately delete all their data from our active systems

2. We will notify the parent/guardian at their email address

3. We will preserve data for legal holds (30 days in case of investigation, then delete)

4. We will not contact the child directly about the deletion

If you're a parent/guardian: If you become aware your child has created a Fuelshine account, contact privacy@getfuelshine.com immediately.

​

​​PART 9: INTERNATIONAL DATA TRANSFERS

9.1 Where Your Data Lives

Fuelshine stores user data across multiple geographic regions for redundancy and compliance:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

9.2 Cross-Border Data Transfers

When you use Fuelshine, your data may be transferred across borders:

Why:

• Cloud infrastructure spans multiple countries for redundancy

• Service providers (Stripe, PostHog) operate globally

• Backup and disaster recovery require geographic distribution

How we protect:

• Standard Contractual Clauses (SCCs): EU adequacy mechanism for GDPR compliance

• Binding Corporate Rules (BCRs): Internal rules for intra-company transfers

• Privacy Shield equivalent: Supplementary safeguards where needed

• Encryption: Data is encrypted in transit; servers cannot access unencrypted data

Your rights:

• You can request data to be stored in specific regions only (may limit features)

• You can request deletion of international backups (retains local copy)

• Email privacy@getfuelshine.com for region-specific requests

​

PART 10: COOKIES & TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small text files stored on your device that remember your preferences and behavior.

10.2 What Cookies We Use

Essential Cookies (Required):

• Session ID: Keeps you logged in

• CSRF token: Prevents cross-site attacks

• Preferences: Language, timezone, dark mode

Analytics Cookies (Optional, with consent):

• PostHog: User behavior, feature usage, bug tracking

• Mixpanel: User journey, retention, conversion metrics

Third-Party Cookies:

• Stripe: Payment processing

• Google Analytics: Traffic and usage patterns (if enabled)

• Firebase: Crash reporting and performance monitoring

10.3 Cookie Management

In the app: Settings → Privacy & Security → Cookie Preferences

In your browser:

• Apple Safari: Preferences → Privacy → Manage Website Data

• Google Chrome: Settings → Privacy & Security → Delete browsing data

• Firefox: Preferences → Privacy → Cookies and Site Data

Opt-out: You can disable cookies, but some app features may not work properly. Website functions (login, payments) will not work without essential cookies.

 

PART 11: THIRD-PARTY LINKS & PRIVACY POLICIES

Fuelshine may contain links to third-party websites:

• Fuel station locators

• Vehicle manufacturers

• Insurance company partners

• News and fuel price tracking sites

Important: We are NOT responsible for third-party privacy practices. Each has its own privacy policy. Review them before sharing your data.

Examples of third parties:

• insureprivate.com (insurance partner)

• GasBuddy.com (fuel prices)

• VehicleHistory.com (vehicle info)

• Apple.com, Google.com (if you use Sign In with Apple/Google)

 

PART 12: UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect:

• Changes in data collection/use practices

• New features or integrations

• Changes in applicable laws

• Improvements to security measures

• Feedback from users and regulators

12.1 How We Notify You

• Major changes: In-app notification + email notification (2 weeks before effective date)

• Minor changes: Posted on this page with updated date; no separate notification

• Emergency changes: Immediate, if required by law

12.2 Your Acceptance

By continuing to use Fuelshine after we update this Privacy Policy, you accept the new terms. If you disagree, you can delete your account.

​

PART 13: CONTACT US & COMPLAINTS

13.1 Privacy Questions

Email: privacy@getfuelshine.com

Response time: Within 30 days (extendable to 90 days for complex inquiries)

What to include:

• Your full name and account email

• Description of your question or concern

• Any supporting documentation

• Your preferred method of contact

13.2 Formal Privacy Requests (GDPR, PIPEDA, CCPA, LGPD, etc.)

Submit via email with your request type in subject line:

• Subject: "GDPR Data Access Request" / "PIPEDA Data Request" / "CCPA Right to Know" / "LGPD Access Request"

• Include: Full name, email, account ID, request details

• We verify your identity before processing

13.3 Complaints to Regulators

If you believe Fuelshine violates your privacy rights, you can file a complaint with:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

APPENDIX A: DATA PROCESSING AGREEMENT (DPA)

For EU/UK users and business customers, a formal Data Processing Agreement is available upon request.

Email: privacy@getfuelshine.com with subject "Request for DPA"

The DPA includes:

• Article 28/29 GDPR processor obligations

• Standard Contractual Clauses (SCCs) for data transfers

• Sub-processor list and notification procedures

• Audit and inspection rights

• Data breach notification requirements

• Data deletion and return procedures

• Duration and confidentiality terms

​

APPENDIX B: DEFINITIONS

​

​

 

 

 

 

 

 

 

 

​

​

​

​

 

 

 

 

 

 

 

​​​​​​​​​​​​​​​​​​​​​​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​