Privacy Policy
Last updated: 15.05.2026
PretCarburant.ro respects the privacy of its users and is committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR β EU Regulation 2016/679) and applicable national legislation. This policy covers the pretcarburant.ro web platform, the Pret Carburant mobile app for iOS / iPadOS and the Pret Carburant mobile app for Android.
1. Data Controller
The controller of personal data is:
Andrei-Serban Stoian (natural person)
Email: contact@pretcarburant.ro
Web: https://pretcarburant.ro
Personal data is stored on servers located within the European Union (Hetzner Online GmbH, Germany).
2. What Data We Collect
We collect the following categories of data:
a) Voluntarily provided data (web)
- Email address β when subscribing to the price alert service
- Selected cities β for alert personalisation
b) Automatically collected data (web)
- Browsing data β IP address, browser type, operating system, pages visited, visit duration (via Google Analytics, only with consent)
- Cookies β for Platform operation, traffic analysis, and advertising (details in the dedicated section)
- Approximate geolocation data β only when the user activates the "Gas stations nearby" feature and grants browser permission
c) Data collected via the mobile app (iOS and Android)
Common to both platforms:
- Device identifier (device_id) β a randomly generated identifier created on the app's first launch, used for JWT authentication of the anonymous session and to tie personalised alerts to the device. Not correlated with any personally identifiable data in the absence of authentication.
- Advertising identifier β Identifier for Advertisers (IDFA) on iOS or Android Advertising ID (AAID) on Android. Collected by Google AdMob for ad personalisation, only with explicit user consent via App Tracking Transparency (iOS) or Consent Mode (Android). The user can reset or disable this identifier in device settings.
- Geolocation data (optional) β GPS coordinates, only if the user grants "While Using The App" permission for features that need it: nearby stations, turn-by-turn navigation, price reporting (location is attached to the report as proximity proof). Coordinates outside Romania's borders are automatically rejected (geographic zone 43.5β48.3 N, 20.2β30.0 E).
- Technical crash reports β anonymised stack traces collected via Firebase Crashlytics (Google LLC) when the app encounters an unexpected error. Do not contain personally identifiable information.
- Anonymised usage data β aggregated UI events (app launches, screens viewed, session duration) collected via Firebase Analytics (Google LLC) to understand usage patterns. Can be disabled from app settings.
Specific to iOS:
- Push notification token (APNs Device Token) β only if the user enables notifications. Used to send price drop alerts for favourite stations and status updates for the user's own reports. The token is issued by Apple Push Notification service and can be revoked at any time by disabling notifications in system settings.
- Premium subscription status β verified locally via StoreKit based on Apple's cryptographic receipt. We do not use any external subscription processor.
Specific to Android:
- Push notification token (Expo Push Token) β only if the user enables notifications. The token is issued by Expo Application Services (EAS) as an intermediate layer over Firebase Cloud Messaging and can be revoked at any time by disabling notifications.
- Premium subscription status β verified locally via Google Play Billing based on Google Play's signed receipt.
d) Data collected at sign-in (user account)
Authentication is optional and required only for community-contribution features (price reporting, station proposals, cross-device sync). Two methods are accepted:
- Sign in with Apple β we receive from Apple a unique opaque identifier ("Apple subject"), and optionally, if the user chooses to share, the email address (may be the real address or a relay address generated by Apple via Hide My Email) and display name. We fully support Privacy Relay β the user is not required to expose their real email.
- Google Sign-In β we receive from Google a unique identifier ("Google subject"), the associated email address and, optionally, the display name. We do not receive the password, contact list, or any other Google data.
After sign-in, the data above is associated with an internally generated account_id (UUID) and used for:
- Storing favourites, vehicles, alerts, and refuel history, synchronised across devices
- Attaching price reports and station proposals to the user
- Calculating the trust score and contribution points
e) User-Generated Content (UGC)
When an authenticated user submits a community contribution, we collect:
- Price reports β the reported price, fuel type, station identifier, client capture date and time, device coordinates at the time of capture (validated against the station's position), an optional text note (max. 500 characters), and an optional photo
- New station proposals β coordinates, brand, fuel types, optional photo
- Confirmations on other users' reports β agree / disagree, optionally with a photo
Photo handling: after upload, EXIF metadata (including GPS coordinates from EXIF) is extracted for temporal verification and then automatically REMOVED before storage. Final photos stored on the server no longer contain EXIF. They are served exclusively via non-indexable URLs (robots disallowed) to the mobile app and the moderation interface.
We do not collect through the mobile app: contacts, calendar, microphone, call history, SMS, content of other apps, banking data, health or fitness data, or data on race / ethnicity / sexual orientation / religious beliefs / trade union membership / political opinions / genetic or biometric data.
3. Purpose of Data Processing
Data is processed for the following purposes:
- Sending price alerts via email and push (legal basis: consent)
- App operation β authentication, sessions, account sync, navigation, statistics (legal basis: contract performance and legitimate interest)
- Validating price reports through manual moderation and trust score calculation (legal basis: legitimate interest in preventing fraud / spam and providing accurate data)
- Improving the Platform via Firebase Analytics (legal basis: consent at first launch)
- Displaying advertising via Google AdSense (web) and Google AdMob (mobile) (legal basis: consent)
- Technical diagnostics via Firebase Crashlytics (legal basis: legitimate interest β debugging the app)
4. Automated Decisions and Trust Score
Per article 22 GDPR, we inform you that the platform includes an automated user contribution evaluation system:
- Trust score β a score automatically calculated based on the user's report history (accepted vs rejected), starting at 0.500 (50%) and evolving Bayes-style; at score ≥ 0.85 + at least 20 reports, contributions are auto-published without prior moderation
- Anti-abuse filters β geographic proximity checks, temporal windows between reports, price/coordinate validation
- Shadow ban β users who repeatedly break the rules may be marked internally as shadow_banned; their contributions are no longer publicly visible but they receive no notification
Rights under article 22 GDPR: you have the right to challenge any automated decision, obtain human moderator intervention, and express your point of view. Send an email to contact@pretcarburant.ro with the subject "Trust score / automated decision appeal".
5. Sharing Data with Third Parties
We do not sell, rent, or share personal data with third parties, except with the following data processors (per GDPR art. 28):
- Apple Inc. β Sign in with Apple and Apple Push Notification service (iOS). Policy: apple.com/legal/privacy
- Google LLC β Google Sign-In, Firebase Crashlytics, Firebase Analytics, Firebase Cloud Messaging (Android, via Expo), Google Analytics (web), Google AdSense (web), and Google AdMob (mobile). Policy: policies.google.com/privacy
- Apple App Store / Google Play β payment processing for in-app purchases. We do not receive card details. Their policies apply directly to your relationship with Apple / Google.
- Expo Application Services (EAS) β delivery of push notifications to the Android app (on iOS we use APNs directly, without Expo). Receives the Expo Push Token and notification content. Policy: expo.dev/privacy
- Hetzner Online GmbH β server hosting in the European Union (Germany). No access to data content. Policy: hetzner.com/legal/privacy-policy
- Amazon SES / Resend β sending web alert emails
- Competent authorities β only based on a legal request
All processors outside the European Economic Area (mainly the US) operate under EU Standard Contractual Clauses (SCC).
6. Cookies
The web platform uses the following types of cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| pc_theme | Essential | Theme preference (light/dark) | 1 year |
| cookie_consent | Essential | Cookie consent storage | 1 year |
| _ga, _gid | Analytics | Google Analytics β traffic statistics | 2 years / 24h |
| __gads, __gpi | Advertising | Google AdSense β relevant ads | 13 months |
The mobile app does not use cookies. You can manage web cookies through the consent banner or your browser settings.
7. User Rights (GDPR)
In accordance with the GDPR, you have the following rights:
- Right of access β you can request a copy of the personal data we hold
- Right to rectification β you can request correction of inaccurate data
- Right to erasure β you can request deletion of personal data ("right to be forgotten")
- Right to restriction of processing β you can request limitation of data processing
- Right to data portability β you can receive your data in a structured format (JSON)
- Right to object β you can refuse data processing in certain situations
- Right to withdraw consent β at any time, without affecting the lawfulness of prior processing
- Right to challenge automated decisions β human intervention in trust score calculation and moderation (see section 4)
To exercise any right, send an email to contact@pretcarburant.ro. We will respond within a maximum of 30 days.
You also have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) β www.dataprotection.ro.
8. Account and Data Deletion
Direct deletion from the mobile app (recommended):
- Open the app › Settings › Profile › "Delete account"
- Confirm the action β the account is marked deleted immediately (soft delete) and all active sessions are invalidated
- Within a maximum of 30 days, the data is physically deleted from servers via FK cascades (reports, photos, alerts, vehicles, refuel history, badges, trust score, sessions)
- Approved reports that contributed to the public price database may be retained anonymised (without link to the user) as part of historical data, based on legitimate interest
Deletion via email: send a message to contact@pretcarburant.ro with the subject "Account deletion", mentioning the authentication method used (Apple or Google) and the associated email. Deletion is processed within a maximum of 7 business days.
Uninstalling the app alone does not delete the account β accounts are independent of the device. For users who use the app without authentication (device-based only), uninstalling deletes local data, and the device_id remains in the database for another 30 days, after which it is automatically deleted on inactivity.
9. Data Retention
Personal data is retained only for as long as necessary for the purpose of collection:
- Email addresses (web alerts) β until unsubscription + maximum 7 days
- Web browsing data β per Google Analytics policies (26 months)
- Cookies β per durations specified in the table above
- User account (account_id, email, name) β until account deletion by the user + max 30 days for cascading associated data
- Approved price reports β kept until account deletion; after deletion, the report is anonymised (account_id detached) and retained in public history
- Rejected price reports β fully deleted 30 days after rejection
- Report photos (approved) β maximum 12 months from approval
- Report photos (rejected) β maximum 30 days from rejection
- Device ID (anonymous session) β until uninstallation + maximum 30 days of inactivity
- Push notification token β until notifications are disabled or app is uninstalled
- Crash reports (Firebase Crashlytics) β maximum 90 days
- Firebase Analytics data β 14 months (default setting), aggregated thereafter
- Moderation logs (audit) β 12 months, for transparency of decisions
10. Protection of Minors
The app is not intended for users under 16 years of age. Per article 8 GDPR and national legislation, processing personal data of minors under 16 requires parental or legal guardian consent.
We do not knowingly collect data from children. If we learn we have collected data from a minor under 16 without parental consent, we delete it immediately. Parents who suspect their minor has created an account can request deletion by emailing contact@pretcarburant.ro.
11. Data Security
We implement appropriate technical and organisational measures:
- HTTPS / TLS 1.3 mandatory for all endpoints
- JWT token authentication with short expiry + rotation
- Strict Content Security Policy (CSP) with per-request nonce
- CSRF protection and reCAPTCHA on web forms
- Per-IP and per-account rate limiting on sensitive endpoints
- Automatic EXIF metadata stripping before saving photos
- Restricted database access β localhost-only via Flask process
- Encrypted backups, restricted to the Platform administrator
12. Policy Changes
We reserve the right to update this policy. The date of the last update is displayed at the top of the page. For material changes (e.g., adding a new processor or a new data category), we will notify authenticated users via email or in-app. We recommend that you check this page periodically.
13. Contact
For any privacy-related questions or to exercise your GDPR rights:
Email: contact@pretcarburant.ro
Controller: Andrei-Serban Stoian (natural person)
Web: https://pretcarburant.ro
