bitstream/fuel-alert
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ecd45588e9ae007221df2ae076a09427b7e37235
fuel-alert/resources/views/legal/privacy.blade.php
Ovidiu U ecd45588e9
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (8.3) (push) Has been cancelled
Details
tests / ci (8.4) (push) Has been cancelled
Details
tests / ci (8.5) (push) Has been cancelled
Details
Add legal policy pages and shared layout component 
- Add Cookie Policy view documenting essential cookies (session, CSRF, remember_me, fa_location) and cookieless Umami analytics
- Add Privacy Policy view covering UK GDPR compliance, data categories, lawful bases, processors, retention, and user rights
- Add Refund & Cancellation Policy view explaining 14-day cooling-off period under Consumer Contracts Regulations 2013 and express-consent flow
- Add Terms of Service view defining account rules, subscription billing, and governing law
- Create shared legal layout component with FuelAlert header, footer with cross-links, and consistent typography
- Add feature tests covering all four legal pages and their cross-links
- All policies include placeholders for ICO registration number, email, and hosting/email providers pending production config
2026-05-14 17:43:53 +01:00

206 lines
11 KiB
PHP
Raw Blame History

{{-- DRAFT: Generated {{ date('Y-m-d') }}. Review by UK-qualified solicitor recommended before launch. --}}
<x-layouts.legal
title="Privacy Policy"
heading="Privacy Policy"
lastUpdated="{{ now()->format('j F Y') }}"
metaDescription="How FuelAlert collects, uses and protects your personal data under UK GDPR.">
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">1. Who we are</h2>
<p>
FuelAlert is a trading name of <strong>Ovidiu Ungureanu</strong>, a sole trader based in
Peterborough, United Kingdom. For the purposes of UK data protection law, Ovidiu Ungureanu
is the <strong>data controller</strong> for personal data collected through this service.
</p>
<p>
We are registered with the UK Information Commissioner's Office (ICO).
Our registration number is <strong>[PLACEHOLDER: ICO registration number ZAxxxxxxx]</strong>.
</p>
<p>
If you have any questions about this policy or how we handle your personal data, contact us at
<a href="mailto:[PLACEHOLDER: hello@fuelalert.co.uk]" class="text-accent underline">[PLACEHOLDER: hello@fuelalert.co.uk]</a>.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">2. What data we collect</h2>
<h3 class="font-semibold text-zinc-900">Account data</h3>
<p>Your email address, a hashed password, and the date you created your account.</p>
<h3 class="font-semibold text-zinc-900">Location data</h3>
<p>
Postcodes or place names you search for. With your permission, your device's precise
location to find nearby stations. Derived approximate location used to query our database.
</p>
<h3 class="font-semibold text-zinc-900">Payment data</h3>
<p>
Payment card details are collected and processed by <strong>Stripe</strong>, our payment
processor. FuelAlert does not see, store, or otherwise have access to your card numbers.
We retain only your Stripe customer ID and subscription metadata (plan, billing cycle,
renewal date).
</p>
<h3 class="font-semibold text-zinc-900">Usage data</h3>
<p>
Features you use, queries you make, and alerts you configure used to deliver the
service and improve it.
</p>
<h3 class="font-semibold text-zinc-900">Technical data</h3>
<p>
IP address, browser type and version, device type, and operating system used for
security, fraud prevention, and basic analytics.
</p>
<h3 class="font-semibold text-zinc-900">Marketing preferences</h3>
<p>Only collected if you opt in to marketing communications.</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">3. Lawful basis for processing</h2>
<p>We process your personal data under the following bases of UK GDPR Article 6:</p>
<ul class="list-disc space-y-1 pl-6">
<li><strong>Account creation and service delivery</strong> &mdash; contract (Art. 6(1)(b)).</li>
<li><strong>Payment processing</strong> &mdash; contract (Art. 6(1)(b)).</li>
<li><strong>Security and fraud prevention</strong> &mdash; legitimate interests (Art. 6(1)(f)).</li>
<li><strong>Analytics and product improvement</strong> &mdash; legitimate interests, with opt-out via our cookie banner where applicable.</li>
<li><strong>Marketing emails</strong> &mdash; consent (Art. 6(1)(a)). You can withdraw consent at any time.</li>
</ul>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">4. How we use your data</h2>
<ul class="list-disc space-y-1 pl-6">
<li>To create and operate your account (contract).</li>
<li>To deliver fuel price information and alerts you have configured (contract).</li>
<li>To process subscription payments via Stripe (contract).</li>
<li>To keep our service secure and prevent abuse (legitimate interests).</li>
<li>To understand which features are used and improve the product (legitimate interests).</li>
<li>To respond to your support enquiries (contract / legitimate interests).</li>
<li>To send marketing emails if you have opted in (consent).</li>
</ul>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">5. Who we share data with</h2>
<p>We use the following processors to deliver the service. We do not sell your data to anyone.</p>
<ul class="list-disc space-y-2 pl-6">
<li>
<strong>Stripe</strong> &mdash; payment processing. Card details, billing address,
and subscription events flow to Stripe. See
<a class="text-accent underline" href="https://stripe.com/privacy" target="_blank" rel="noopener">Stripe's privacy policy</a>.
</li>
<li><strong>[PLACEHOLDER: Hosting provider]</strong> &mdash; infrastructure where our application and database run.</li>
<li><strong>[PLACEHOLDER: Transactional email provider]</strong> &mdash; sends account, billing and alert emails on our behalf.</li>
<li>
<strong>Umami Analytics</strong> &mdash; we run our own self-hosted Umami instance to
collect aggregated, cookieless usage metrics (pages viewed, referrer, country, device
type). No personal data is collected and no analytics data is shared with third
parties.
</li>
<li><strong>[PLACEHOLDER: Notification providers]</strong> &mdash; if you opt in to push, WhatsApp, or SMS alerts, the chosen provider will be named here.</li>
</ul>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">6. International transfers</h2>
<p>
Some of our processors (notably Stripe) operate outside the UK and EEA, including in the
United States. Where personal data is transferred internationally, we rely on appropriate
safeguards under UK GDPR: the UK International Data Transfer Addendum to the EU Standard
Contractual Clauses, or an equivalent mechanism.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">7. How long we keep data</h2>
<ul class="list-disc space-y-1 pl-6">
<li><strong>Active account data:</strong> for as long as your account is open, plus 12 months after closure.</li>
<li><strong>Payment records:</strong> 6 years, to meet HMRC requirements for self-employed traders.</li>
<li><strong>Marketing data:</strong> until you withdraw consent.</li>
<li><strong>Logs and analytics:</strong> a maximum of 24 months.</li>
</ul>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">8. Your rights under UK GDPR</h2>
<p>You have the following rights in relation to your personal data:</p>
<ul class="list-disc space-y-1 pl-6">
<li><strong>Right of access</strong> &mdash; ask for a copy of the data we hold about you.</li>
<li><strong>Right to rectification</strong> &mdash; ask us to correct inaccurate data.</li>
<li><strong>Right to erasure</strong> ("right to be forgotten") &mdash; ask us to delete your data.</li>
<li><strong>Right to restrict processing</strong> &mdash; ask us to pause processing in certain circumstances.</li>
<li><strong>Right to data portability</strong> &mdash; receive your data in a machine-readable format.</li>
<li><strong>Right to object</strong> &mdash; object to processing based on legitimate interests.</li>
<li><strong>Rights related to automated decision-making</strong> &mdash; we do <strong>not</strong> make solely automated decisions with legal or similarly significant effects on you.</li>
<li><strong>Right to withdraw consent</strong> &mdash; where we rely on consent (e.g. marketing).</li>
</ul>
<p>
To exercise any of these rights, email
<a href="mailto:[PLACEHOLDER: hello@fuelalert.co.uk]" class="text-accent underline">[PLACEHOLDER: hello@fuelalert.co.uk]</a>.
We will respond within one month.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">9. Cookies</h2>
<p>
We use a small number of cookies to operate the service. Full details &mdash; including
categories and how to change your choices &mdash; are in our
<a class="text-accent underline" href="{{ route('legal.cookies') }}">Cookie Policy</a>.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">10. Security</h2>
<p>
All traffic between your device and our service is encrypted with HTTPS. Passwords are
stored as one-way hashes &mdash; we never see your plaintext password. Sensitive fields in
our database are protected by access controls, and our infrastructure receives regular
security updates. No system is ever 100% secure; if a breach occurs that affects you, we
will notify you and the ICO as required by law.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">11. Children</h2>
<p>
FuelAlert is not directed at children. We do not knowingly collect data from anyone under
16. If you believe a child has provided us with personal data, contact us and we will
delete it.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">12. Complaints</h2>
<p>
We hope you'll contact us first if you have a complaint, so we can try to put it right.
You also have the right to lodge a complaint with the UK Information Commissioner's Office
at any time.
</p>
<p>
ICO website: <a class="text-accent underline" href="https://ico.org.uk" target="_blank" rel="noopener">ico.org.uk</a>
&middot; ICO helpline: 0303 123 1113.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">13. Changes to this policy</h2>
<p>
We may update this policy from time to time. If we make material changes we will notify
registered users by email. Non-material changes will be shown by an updated "Last updated"
date at the top of this page.
</p>
</section>
<section class="space-y-3">
<h2 class="font-display text-2xl font-bold text-zinc-900">14. Contact</h2>
<p>
For any privacy queries, email
<a href="mailto:[PLACEHOLDER: hello@fuelalert.co.uk]" class="text-accent underline">[PLACEHOLDER: hello@fuelalert.co.uk]</a>.
</p>
</section>
</x-layouts.legal>
Reference in New Issue View Git Blame Copy Permalink