From 1ae2f1396daf6acef9825416ca88ce0d1b7eaf2d Mon Sep 17 00:00:00 2001 From: Ovidiu U Date: Wed, 10 Jun 2026 10:55:54 +0100 Subject: [PATCH] Update legal pages with contact details, location handling, and alert channels - Expand privacy policy with detailed location-use explanations: search-only, shareable links, and saved location --- resources/views/legal/cookies.blade.php | 81 ++++++++++++------------- resources/views/legal/privacy.blade.php | 78 +++++++++++++++++------- 2 files changed, 95 insertions(+), 64 deletions(-) diff --git a/resources/views/legal/cookies.blade.php b/resources/views/legal/cookies.blade.php index 6a04b17..4cdbe82 100644 --- a/resources/views/legal/cookies.blade.php +++ b/resources/views/legal/cookies.blade.php @@ -1,9 +1,9 @@ {{-- DRAFT: Generated {{ date('Y-m-d') }}. Review by UK-qualified solicitor recommended before launch. --}} + title="Cookie Policy" + heading="Cookie Policy" + lastUpdated="{{ now()->format('j F Y') }}" + metaDescription="The cookies and similar technologies FuelAlert uses, and how to manage them.">

1. What cookies are

@@ -27,62 +27,57 @@ For aggregated usage metrics we run our own self-hosted instance of Umami Analytics, which is cookieless — it does not set any cookies, does not use device fingerprinting, and does not track you across - sites. Because no personal data is collected, no consent is required. + sites. It does not store information that identifies you as an individual, so no consent + is required.

- - - - - - + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + +
NamePurposeDurationType
NamePurposeDurationType
fuel_alert_sessionKeeps you signed in and maintains your session state.SessionEssential
XSRF-TOKENProtects against cross-site request forgery attacks on forms and account actions.SessionEssential
remember_web_*"Remember me" — keeps you signed in across browser restarts if you tick the box at login.Up to 5 yearsEssential
fa_locationStores your most recent postcode search so we can show local prices on return visits without re-querying.30 daysEssential
fuel_alert_sessionKeeps you signed in and maintains your session state.SessionEssential
XSRF-TOKENProtects against cross-site request forgery attacks on forms and account actions.SessionEssential
remember_web_*"Remember me" — keeps you signed in across browser restarts if you tick the box at login.30 daysEssential

- If we add a marketing or advertising tool in future, a Marketing row will be added to the - table above and your consent will be requested before it loads. + If we add a non-essential cookie in future (for example, a marketing or advertising + tool), we will add it to the table above and request your consent before it loads.

3. Your choices

- Because we currently only use essential cookies, there is nothing to opt in or out of - on FuelAlert at this time. If we add non-essential cookies in future (for example, - analytics or marketing), we will present a consent banner and you will be able to - accept, reject, or customise your choice. We will not set non-essential cookies before - you have given consent. + Because we currently use only essential cookies, there is nothing to opt in or out of + on FuelAlert at this time. If we introduce non-essential cookies in future (for example, + analytics or marketing), we will ask for your consent first and give you a way to accept, + reject, or customise your choice. We will not set non-essential cookies before you have + given consent.

All major browsers also let you view, block, or delete cookies. The ICO publishes @@ -108,4 +103,4 @@ hello@fuel-alert.co.uk.

- + \ No newline at end of file diff --git a/resources/views/legal/privacy.blade.php b/resources/views/legal/privacy.blade.php index 955e7d0..5ff6157 100644 --- a/resources/views/legal/privacy.blade.php +++ b/resources/views/legal/privacy.blade.php @@ -1,9 +1,9 @@ {{-- DRAFT: Generated {{ date('Y-m-d') }}. Review by UK-qualified solicitor recommended before launch. --}} + title="Privacy Policy" + heading="Privacy Policy" + lastUpdated="{{ now()->format('j F Y') }}" + metaDescription="How FuelAlert collects, uses and protects your personal data under UK GDPR.">

1. Who we are

@@ -28,11 +28,41 @@

Account data

Your email address, a hashed password, and the date you created your account.

+

Contact data for alerts

+

+ If you opt in to WhatsApp or SMS alerts, your mobile phone number. We collect it only to + send the alerts you have requested, and only after you confirm the number through an + opt-in step. +

+

Location data

- Postcodes or place names you search for. With your permission, your device's precise - location to find nearby stations. Derived approximate location used to query our database. + We use location only to show you fuel prices near you, and only when you ask us to. We + never track your location in the background. Location reaches us in the following ways:

+
    +
  • + Searching nearby (everyone). When you use "find prices near me", + your browser asks your permission to share your device location. We use the + coordinates to find nearby stations. We do not store your precise coordinates. For + anonymous usage statistics (for example, "stations checked this week") we record + searches only at approximately 1 km precision, together with a one-way hashed + version of your IP address that cannot be reversed to identify you. +
    • +
  • + Shareable search links. Search results can be shared or bookmarked + as a web link. To make this work, your filters and an approximate location are + included in the link's web address. Location in links is rounded to roughly + street-level precision rather than your exact position. Anyone you share a link with + can see the approximate location it contains. +
    • +
  • + Saved location (registered users). If you provide a postcode, we + convert it to approximate coordinates and store this against your account so we can + show your local prices without you re-entering it. You can change or remove it in + your account settings, and it is deleted when you delete your account. +
    • +

Payment data

@@ -63,9 +93,12 @@

We process your personal data under the following bases of UK GDPR Article 6:

  • Account creation and service delivery — contract (Art. 6(1)(b)).
    • +
  • Sending the alerts you configure, including by email, WhatsApp, SMS or push — contract (Art. 6(1)(b)).
    • +
  • Finding stations near you on request (device location) — consent (Art. 6(1)(a)), given through your browser's location permission and withdrawable at any time.
    • +
  • Storing your saved location as a registered user — contract (Art. 6(1)(b)).
  • Payment processing — contract (Art. 6(1)(b)).
  • Security and fraud prevention — legitimate interests (Art. 6(1)(f)).
    • -
  • Analytics and product improvement — legitimate interests, with opt-out via our cookie banner where applicable.
    • +
  • Aggregated, non-identifying analytics and product improvement — legitimate interests (Art. 6(1)(f)).
  • Marketing emails — consent (Art. 6(1)(a)). You can withdraw consent at any time.
@@ -74,10 +107,11 @@

4. How we use your data

@@ -96,21 +130,22 @@
  • Umami Analytics — we run our own self-hosted Umami instance to collect aggregated, cookieless usage metrics (pages viewed, referrer, country, device - type). No personal data is collected and no analytics data is shared with third - parties. + type). It does not store data that identifies you as an individual, and no analytics + data is shared with third parties.
    • -
  • Vonage — delivers WhatsApp and SMS alerts if you opt in to those channels. Your phone number is shared only to send messages you have requested.
    • -
  • OneSignal — delivers web push notifications if you opt in to push alerts.
    • +
  • Vonage — delivers WhatsApp and SMS alerts if you opt in to those channels. Your phone number is shared only to send messages you have requested. See Vonage's privacy policy.
    • +
  • OneSignal — delivers web push notifications if you opt in to push alerts. See OneSignal's privacy policy.

    • 6. International transfers

    - Some of our processors (notably Stripe) operate outside the UK and EEA, including in the - United States. Where personal data is transferred internationally, we rely on appropriate - safeguards under UK GDPR: the UK International Data Transfer Addendum to the EU Standard - Contractual Clauses, or an equivalent mechanism. + Some of our processors — including Stripe, Vonage and OneSignal — operate + outside the UK and EEA, including in the United States. Where personal data is transferred + internationally, we rely on appropriate safeguards under UK GDPR: the UK International Data + Transfer Addendum to the EU Standard Contractual Clauses, the UK Extension to the EU-US + Data Privacy Framework, or an equivalent mechanism, depending on the processor.

    @@ -118,6 +153,7 @@

    7. How long we keep data

    To exercise any of these rights, email @@ -147,8 +183,8 @@

    9. Cookies

    - We use a small number of cookies to operate the service. Full details — including - categories and how to change your choices — are in our + We use only a small number of essential cookies to operate the service, and self-hosted, + cookieless analytics. Full details are in our Cookie Policy.

    @@ -202,4 +238,4 @@ hello@fuel-alert.co.uk.

    -     + \ No newline at end of file