Fuelink Privacy Policy

Last updated: 19 May 2026

Fuelink (“the app”, “we”) is a personal fuel, trip and vehicle-maintenance tracker. This page explains what we collect, why we collect it, where it is stored, and how you can control or delete it. The data controller is the operator of dnshosting.gr/fuellog-api; contact details are at the bottom.

1. What data we collect

1.1 Account & identity

• Household code — a short random identifier (e.g. FAM-X7K2-9Y4P) generated the first time the app runs. It is the sole credential the app uses; no email or password is required.
• Device record — a per-device id, a label you can edit (e.g. “My phone”), an approval status, and the timestamp of the last successful sync. Used to let the household owner approve, revoke, or list devices that share the same household code.
• User profile — display name, accent colour, and a randomly generated user id local to your household. Stored in the device’s secure store (Keychain on iOS, EncryptedSharedPreferences on Android).
• Recovery code — an optional one-time code the household owner can generate to claim ownership from another device. Hashed before storage; never shown again after creation.

1.2 Fuel & trip data

• Fuel entries — date, amount, litres or kWh, price/L or price/kWh, fuel type, station name, odometer reading (km), optional notes.
• Vehicles — name, plate number, vehicle type, fuel type and an accent colour you choose.
• Trips — date, start/end odometer or GPS-tracked distance, optional purpose label (work / personal / other), optional start and end text addresses, and the recorded GPS polyline if you used the live-tracking mode. GPS is sampled only while a trip is actively recording in the foreground; the app does not access location otherwise.
• Maintenance reminders — service type, last service date and odometer, optional custom interval.

1.3 Receipts (optional, on-demand)

When you tap Scan on a fuel receipt:

• The image is sent over HTTPS to our backend at dnshosting.gr/fuellog-api.
• The backend forwards the image to a third-party AI provider (OpenRouter, which routes the request to Google Gemini) for text extraction.
• The image is processed in memory only. Neither our backend nor OpenRouter persists the image after the response is returned.
• The extracted fields (date, amount, litres, price/L, station, fuel type) are sent back to your device for you to confirm or edit before saving.

If you also attach a receipt photo to a saved entry, the photo file itself is kept on your device only and is not uploaded to our server.

1.4 Billing

If you subscribe to Fuelink Pro (monthly, annual, family or lifetime) the payment is processed by Stripe. Stripe receives the card details directly and we never see them. We store on our server only the resulting Stripe customer id, subscription id, plan, renewal date and trial start date, all tied to your household code, so that the app knows which features to unlock.

1.5 What we do not collect

• No email address or phone number.
• No address book / contacts access.
• No third-party analytics or advertising identifiers.
• No background location and no ambient location pings.
• No social-network sign-in.

2. Where data is stored

The household, devices, vehicles, entries, trips and maintenance records are stored in a MySQL database on our server at dnshosting.gr/fuellog-api, hosted in the European Union. All traffic between the app and the server is encrypted with HTTPS.

Receipt photos that you attach to an entry remain on the device and are not uploaded. Charts, statistics and the carbon-footprint dashboard are computed locally on your device from the data you have entered; no per-user analytics are sent to us.

3. Legal basis (GDPR)

• Performance of the service you requested — the household, entries, vehicles, trips and maintenance records are processed because the app cannot work without them.
• Legitimate interest — rate limiting and basic anti-abuse logging on the backend.
• Contract — billing data when you choose to subscribe to Fuelink Pro.
• Consent — the OCR scan upload only happens when you explicitly tap the Scan button.

4. Retention

• While your household exists, your data is kept indefinitely so that statistics and history remain available.
• When you delete your household (see section 5) the records are removed immediately from the live database. Backups are rotated and purged within 30 days.
• Billing records linked to a Stripe customer may be kept by Stripe under their own retention policy for tax compliance even after household deletion; we keep only the customer id mapping.

5. Your rights

You can exercise the following rights at any time:

• Access & portability — export every fuel entry to CSV or JSON from Settings → Data → Backup options. The export contains everything we store about your fuel and vehicle records.
• Rectification — edit or delete individual entries directly inside the app.
• Erasure — open Settings → Account → Delete account and confirm. This wipes every entry, trip, vehicle, maintenance reminder and the household record itself. Deletion is irreversible.
• Objection & complaint — if you believe we are processing your data unlawfully you can complain to your local data-protection authority. In Greece this is the Hellenic DPA (dpa.gr).

You can also send the household code to fuellog@dnshosting.gr and we will action the request within 30 days.

6. Sharing & third parties

We do not sell your data and we do not share it with advertisers. The third parties that strictly process data on our behalf are:

• OpenRouter — forwards each Scan request to the underlying AI model.
• Google — operates the Gemini model used for receipt OCR.
• Stripe — handles subscription payments. Card details are processed by Stripe and never reach our servers.
• OpenStreetMap and Carto — serve the basemap tiles that appear behind GPS trip previews. They receive only the tile coordinates needed to render the map, no account identifier.

7. Security

• All client ↔ server traffic uses TLS (HTTPS).
• The household code is the only credential and is stored in the platform’s secure store on your device.
• Tokens issued to each device are hashed (SHA-256) before being stored on the backend and are regenerated on recovery / claim flows.
• Webhook traffic from Stripe is verified with HMAC-SHA256 before any household record is changed.

8. Children

Fuelink is not directed at children under 13 and does not knowingly collect data from them. If you are a parent or guardian and become aware that a child has provided us with data, please contact us so that we can delete it.

9. Changes to this policy

Material changes are published on this page with a new “last updated” date. The version visible inside the app always links here, so the document you are reading is the current canonical version.

10. Contact

Questions, complaints, data-export requests or deletion requests: fuellog@dnshosting.gr.

Fuelink is operated by the team at dnshosting.gr. The app is offered free with optional in-app subscriptions for Fuelink Pro.