bitstream/fuel-alert
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Update legal pages with ICO registration, query logging, push notifications, and automated recommendations disclosure
Some checks are pending
linter / quality (push) Waiting to run
Details
tests / ci (8.3) (push) Waiting to run
Details
tests / ci (8.4) (push) Waiting to run
Details
tests / ci (8.5) (push) Waiting to run
Details

Browse Source 
- Add ICO registration reference (00014395133) to privacy policy, terms of service, and refund policy
- Document search/query logging (hashed IP, location, fuel type, result count) with 24-month retention under legitimate interests
- Add push notification data section (OneSignal endpoints, encryption keys, preferences) to privacy policy
- Add new section on automated recommendations explaining fill-up timing algorithm is informational only without legal effects
- Clarify IP address collection context: security/abuse/fraud only, not individual profiling
- Update retention periods: security logs 12 months, query logs 24 months, push subscriptions until unsubscribe
- Expand data processor descriptions (OneSignal push data, Umami cookieless commitment)
- Add commercial use restrictions to terms: no scraping, mirroring, or republishing compiled data/rankings without permission
- Clarify downstream data aggregator role and upstream data feed limitations
- Add prohibition on using service while operating motor vehicle
- Remove annual billing references (monthly only)
- Add VAT status notice and downgrade-to-free-tier behavior on cancellation
- Add data controller contact details to privacy policy footer
This commit is contained in:
Ovidiu U
2026-06-10 13:15:43 +01:00
parent ad2230728c
commit 8fe3461adf
3 changed files with 113 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
resources/views/legal/privacy.blade.php
View File

@@ -13,8 +13,8 @@
is the <strong>data controller</strong> for personal data collected through this service.
</p>
<p>
As the data controller, Ovidiu Ungureanu is registering with the UK Information
Commissioner's Office (ICO). Our registration number will be published here once issued.
Ovidiu Ungureanu is registered with the UK Information Commissioner's Office (ICO) as a
data controller. <strong>ICO registration reference: 00014395133.</strong>
</p>
<p>
If you have any questions about this policy or how we handle your personal data, contact us at
@@ -31,8 +31,8 @@
<h3 class="font-semibold text-zinc-900">Contact data for alerts</h3>
<p>
If you opt in to WhatsApp or SMS alerts, your mobile phone number. We collect it only to
send the alerts you have requested, and only after you confirm the number through an
opt-in step.
send the alerts you have requested, and only after you verify the number through a
one-time passcode (OTP) sent to that number.
</p>
<h3 class="font-semibold text-zinc-900">Location data</h3>
@@ -64,6 +64,15 @@
</li>
</ul>
<h3 class="font-semibold text-zinc-900">Search and query logs</h3>
<p>
When you search for stations or prices, we log the approximate search location, fuel
type selected, result count, timestamp, a one-way hashed IP address, and basic device
information (browser type, device type). We use these logs for abuse prevention,
troubleshooting, and aggregate service statistics. We do not use them to build a profile
of your individual behaviour. Logs are retained for a maximum of 24 months.
</p>
<h3 class="font-semibold text-zinc-900">Payment data</h3>
<p>
Payment card details are collected and processed by <strong>Stripe</strong>, our payment
@@ -72,16 +81,25 @@
renewal date).
</p>
<h3 class="font-semibold text-zinc-900">Push notification data</h3>
<p>
If you opt in to push notifications via OneSignal, we store your push subscription
endpoint (a browser-specific URL), the encryption keys needed for secure message
delivery, and your notification preferences. This data is retained until you unsubscribe,
revoke browser permission, or your subscription becomes stale.
</p>
<h3 class="font-semibold text-zinc-900">Usage data</h3>
<p>
Features you use, queries you make, and alerts you configure used to deliver the
service and improve it.
Features you use and alerts you configure used to deliver the service and improve it.
</p>
<h3 class="font-semibold text-zinc-900">Technical data</h3>
<p>
IP address, browser type and version, device type, and operating system used for
security, fraud prevention, and basic analytics.
IP address, browser type and version, device type, and operating system. IP address is
collected alongside account actions and searches for security, abuse prevention, and
fraud detection (lawful basis: legitimate interests, Art. 6(1)(f)). We do not use IP
addresses to identify you as an individual in any other context.
</p>
<h3 class="font-semibold text-zinc-900">Marketing preferences</h3>
@@ -97,7 +115,8 @@
<li><strong>Finding stations near you on request (device location)</strong> &mdash; consent (Art. 6(1)(a)), given through your browser's location permission and withdrawable at any time.</li>
<li><strong>Storing your saved location as a registered user</strong> &mdash; contract (Art. 6(1)(b)).</li>
<li><strong>Payment processing</strong> &mdash; contract (Art. 6(1)(b)).</li>
<li><strong>Security and fraud prevention</strong> &mdash; legitimate interests (Art. 6(1)(f)).</li>
<li><strong>Security, abuse prevention, and fraud detection (including IP address logging)</strong> &mdash; legitimate interests (Art. 6(1)(f)).</li>
<li><strong>Search and query logging for aggregate statistics and troubleshooting</strong> &mdash; legitimate interests (Art. 6(1)(f)).</li>
<li><strong>Aggregated, non-identifying analytics and product improvement</strong> &mdash; legitimate interests (Art. 6(1)(f)).</li>
<li><strong>Marketing emails</strong> &mdash; consent (Art. 6(1)(a)). You can withdraw consent at any time.</li>
</ul>
@@ -118,7 +137,19 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">5. Who we share data with</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">5. Automated recommendations</h2>
<p>
FuelAlert generates fill-up timing recommendations (for example, "fill up now" or "wait")
using an algorithm that analyses local price trends, historical patterns, and market
signals. These recommendations are <strong>informational only</strong> and are produced
automatically without human review. They do not have legal or similarly significant
effects on you, and we do not use them to make decisions that affect your rights or
interests in any material way.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">6. Who we share data with</h2>
<p>We use the following processors to deliver the service. We do not sell your data to anyone.</p>
<ul class="list-disc space-y-2 pl-6">
<li>
@@ -131,15 +162,17 @@
<strong>Umami Analytics</strong> &mdash; we run our own self-hosted Umami instance to
collect aggregated, cookieless usage metrics (pages viewed, referrer, country, device
type). It does not store data that identifies you as an individual, and no analytics
data is shared with third parties.
data is shared with third parties. We periodically review our analytics setup to
confirm it remains cookieless; if this changes we will update our Cookie Policy and
request consent before setting any non-essential cookies.
</li>
<li><strong>Vonage</strong> &mdash; delivers WhatsApp and SMS alerts if you opt in to those channels. Your phone number is shared only to send messages you have requested. See <a class="text-accent underline" href="https://www.vonage.co.uk/legal/privacy-policy/" target="_blank" rel="noopener">Vonage's privacy policy</a>.</li>
<li><strong>OneSignal</strong> &mdash; delivers web push notifications if you opt in to push alerts. See <a class="text-accent underline" href="https://onesignal.com/privacy_policy" target="_blank" rel="noopener">OneSignal's privacy policy</a>.</li>
<li><strong>OneSignal</strong> &mdash; delivers web push notifications if you opt in to push alerts. Push subscription data (endpoint, encryption keys, device type) is processed by OneSignal on our behalf. See <a class="text-accent underline" href="https://onesignal.com/privacy_policy" target="_blank" rel="noopener">OneSignal's privacy policy</a>.</li>
</ul>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">6. International transfers</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">7. International transfers</h2>
<p>
Some of our processors &mdash; including Stripe, Vonage and OneSignal &mdash; operate
outside the UK and EEA, including in the United States. Where personal data is transferred
@@ -150,18 +183,22 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">7. How long we keep data</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">8. How long we keep data</h2>
<ul class="list-disc space-y-1 pl-6">
<li><strong>Active account data:</strong> for as long as your account is open, plus 12 months after closure.</li>
<li><strong>Saved location (registered users):</strong> while your account is active; deleted when you delete your account.</li>
<li><strong>Alert and notification preferences:</strong> while your account is active; deleted when you close your account or remove the preference.</li>
<li><strong>Push notification subscriptions:</strong> until you unsubscribe, revoke browser permission, or the subscription becomes stale.</li>
<li><strong>Payment records:</strong> 6 years, to meet HMRC requirements for self-employed traders.</li>
<li><strong>Marketing data:</strong> until you withdraw consent.</li>
<li><strong>Logs and analytics:</strong> a maximum of 24 months.</li>
<li><strong>Security and fraud logs (including IP records):</strong> a maximum of 12 months.</li>
<li><strong>Search and query logs:</strong> a maximum of 24 months.</li>
<li><strong>Aggregated analytics:</strong> retained indefinitely in anonymised, non-identifiable form only.</li>
</ul>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">8. Your rights under UK GDPR</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">9. Your rights under UK GDPR</h2>
<p>You have the following rights in relation to your personal data:</p>
<ul class="list-disc space-y-1 pl-6">
<li><strong>Right of access</strong> &mdash; ask for a copy of the data we hold about you.</li>
@@ -170,7 +207,7 @@
<li><strong>Right to restrict processing</strong> &mdash; ask us to pause processing in certain circumstances.</li>
<li><strong>Right to data portability</strong> &mdash; receive your data in a machine-readable format.</li>
<li><strong>Right to object</strong> &mdash; object to processing based on legitimate interests.</li>
<li><strong>Rights related to automated decision-making</strong> &mdash; we do <strong>not</strong> make solely automated decisions with legal or similarly significant effects on you.</li>
<li><strong>Rights related to automated decision-making</strong> &mdash; our fill-up timing recommendations are generated algorithmically but are informational only and do not have legal or similarly significant effects on you.</li>
<li><strong>Right to withdraw consent</strong> &mdash; where we rely on consent (for example, device location or marketing).</li>
</ul>
<p>
@@ -181,7 +218,7 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">9. Cookies</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">10. Cookies</h2>
<p>
We use only a small number of essential cookies to operate the service, and self-hosted,
cookieless analytics. Full details are in our
@@ -190,7 +227,7 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">10. Security</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">11. Security</h2>
<p>
All traffic between your device and our service is encrypted with HTTPS. Passwords are
stored as one-way hashes &mdash; we never see your plaintext password. Sensitive fields in
@@ -201,7 +238,7 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">11. Children</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">12. Children</h2>
<p>
FuelAlert is not directed at children. We do not knowingly collect data from anyone under
16. If you believe a child has provided us with personal data, contact us and we will
@@ -210,7 +247,7 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">12. Complaints</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">13. Complaints</h2>
<p>
We hope you'll contact us first if you have a complaint, so we can try to put it right.
You also have the right to lodge a complaint with the UK Information Commissioner's Office
@@ -223,7 +260,7 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">13. Changes to this policy</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">14. Changes to this policy</h2>
<p>
We may update this policy from time to time. If we make material changes we will notify
registered users by email. Non-material changes will be shown by an updated "Last updated"
@@ -232,10 +269,14 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">14. Contact</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">15. Contact</h2>
<p>
For any privacy queries, email
For any privacy or data protection queries, email
<a href="mailto:hello@fuel-alert.co.uk" class="text-accent underline">hello@fuel-alert.co.uk</a>.
</p>
<p class="text-sm text-zinc-600">
Data controller: Ovidiu Ungureanu trading as FuelAlert, Peterborough, United Kingdom.
ICO registration reference: 00014395133.
</p>
</section>
</x-layouts.legal>

2
resources/views/legal/refund.blade.php
View File

@@ -1,7 +1,7 @@
{{-- DRAFT: Generated {{ date('Y-m-d') }}. Review by UK-qualified solicitor recommended before launch. --}}
<x-layouts.legal
title="Refund & Cancellation Policy"
heading="Refund &amp; Cancellation Policy"
heading="Refund & Cancellation Policy"
lastUpdated="{{ now()->format('j F Y') }}"
metaDescription="Your right to cancel a FuelAlert subscription, including the 14-day cooling-off period under UK law.">

56
resources/views/legal/terms.blade.php
View File

@@ -11,6 +11,7 @@
FuelAlert is a trading name of <strong>Ovidiu Ungureanu</strong>, a sole trader based in
Peterborough, United Kingdom ("we", "us", "our"). These terms form a legally binding
contract between you and Ovidiu Ungureanu trading as FuelAlert.
ICO registration reference: 00014395133.
</p>
<p>
By creating an account or using the service, you confirm that you have read, understood
@@ -22,8 +23,12 @@
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">2. The service</h2>
<p>
FuelAlert provides UK fuel price comparison and forecasting. We aggregate publicly
available UK fuel price data and surface it through a web app, alerts and forecasts.
FuelAlert provides UK fuel price comparison and fill-up timing recommendations. We act
as a downstream consumer of publicly available UK government fuel price data feeds
(including the UK Fuel Finder / Pump Watch transparency scheme) and surface that data
through a web app, alerts, and forecasts. We do not control the prices submitted by fuel
retailers to those upstream schemes and are not responsible for errors or delays in
that data.
</p>
<p>
We offer a free tier and one or more paid subscription plans. The current list of plans
@@ -49,8 +54,8 @@
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">4. Subscriptions, billing and payment</h2>
<p>
Paid plans are billed in advance, either monthly or annually. The current price for each
plan is shown on the <a class="text-accent underline" href="/#pricing">pricing page</a> at the time you subscribe.
Paid plans are billed monthly in advance. The current price for each plan is shown on
the <a class="text-accent underline" href="/#pricing">pricing page</a> at the time you subscribe.
</p>
<p>
<strong>Auto-renewal.</strong> Subscriptions renew automatically at the end of each
@@ -71,7 +76,13 @@
<p>
<strong>VAT.</strong> FuelAlert is currently below the UK VAT registration threshold and is
not VAT-registered, so no VAT is charged on your subscription. The price shown is the total
amount you pay.
amount you pay. If our VAT status changes, we will update these terms and notify you before
any price change takes effect.
</p>
<p>
<strong>Downgrade on cancellation.</strong> When a paid subscription ends or is cancelled,
your account reverts to the free tier. Paid alert channels (WhatsApp, SMS) are deactivated,
but your alert settings are retained and will reactivate if you resubscribe.
</p>
</section>
@@ -94,11 +105,14 @@
<h2 class="font-display text-2xl font-bold text-zinc-900">6. Acceptable use</h2>
<p>You agree not to:</p>
<ul class="list-disc space-y-1 pl-6">
<li>Scrape, reverse-engineer, or bulk-extract data from the service.</li>
<li>Scrape, reverse-engineer, or bulk-extract data from the service without our written permission.</li>
<li>Mirror, republish, or systematically reproduce our compiled price data, station rankings, scoring outputs, or any other value-added data derived from the service.</li>
<li>Use the service or its outputs for commercial exploitation, resale, or competitor monitoring without our written consent.</li>
<li>Resell or redistribute fuel price data taken from FuelAlert.</li>
<li>Use the service for any unlawful purpose.</li>
<li>Attempt to circumvent or compromise our security measures.</li>
<li>Use automated tools to make queries beyond what a single human user would reasonably make.</li>
<li>Use the service while operating a motor vehicle. You must not interact with the service while a vehicle is in motion. Compliance with the Road Traffic Act 1988, the Highway Code, and all applicable road traffic laws is your sole responsibility.</li>
</ul>
</section>
@@ -107,8 +121,10 @@
<p>
Fuel prices shown on FuelAlert are sourced from official UK government data feeds
(including the Pump Watch / Fuel Finder transparency schemes) and refreshed
periodically. Stations can change prices at any time, and there is usually a delay
between a forecourt change and the feed update.
periodically. FuelAlert acts as a downstream consumer of those feeds and does not
control the data submitted by fuel retailers to the central aggregator. Stations can
change prices at any time, and there is usually a delay between a forecourt change
and the feed update.
</p>
<p>
We make reasonable efforts to display accurate prices but <strong>we cannot guarantee
@@ -123,21 +139,22 @@
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">8. Forecasts and predictions</h2>
<h2 class="font-display text-2xl font-bold text-zinc-900">8. Forecasts and recommendations</h2>
<p>
FuelAlert may show forecasts and recommendations (e.g. "fill up now" or "wait"). These
are <strong>informational only</strong>, are not financial advice, and should not be
relied upon as a guarantee of future prices. Past trends do not guarantee future prices.
We do not warrant the accuracy of any forecast.
are generated algorithmically based on local price trends, historical patterns, and
market signals. They are <strong>informational only</strong>, are not financial advice,
and should not be relied upon as a guarantee of future prices. Past trends do not
guarantee future prices. We do not warrant the accuracy of any forecast or recommendation.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">9. Intellectual property</h2>
<p>
The FuelAlert name, logo, software, and original content are owned by Ovidiu Ungureanu.
You receive a limited, non-exclusive, revocable licence to use the service for personal,
non-commercial purposes.
The FuelAlert name, logo, software, scoring algorithms, and original content are owned
by Ovidiu Ungureanu. You receive a limited, non-exclusive, revocable licence to use the
service for personal, non-commercial purposes.
</p>
<p>
Underlying fuel price data is owned by the respective fuel retailers and published under
@@ -176,6 +193,11 @@
including but not limited to outages or errors at our payment processor, hosting
provider, or upstream data sources.
</li>
<li>
We are not responsible for the accuracy, completeness, or timeliness of data
submitted by fuel retailers to the UK Fuel Finder scheme or any other upstream
source we consume as a downstream aggregator.
</li>
</ul>
</section>
@@ -218,5 +240,9 @@
For questions about these terms, email
<a href="mailto:hello@fuel-alert.co.uk" class="text-accent underline">hello@fuel-alert.co.uk</a>.
</p>
<p class="text-sm text-zinc-600">
Ovidiu Ungureanu trading as FuelAlert, Peterborough, United Kingdom.
ICO registration reference: 00014395133.
</p>
</section>
</x-layouts.legal>