PetrolPulsePetrolPulse
← Back to Home

Privacy Policy

Last updated: March 9, 2026

1. Introduction

PetrolPulse ("we", "us", or "our") operates the PetrolPulse mobile application, Telegram Bot (@PetrolPulseBot), and website at petrolpulse.app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy in accordance with applicable data protection laws:

  • Sri Lanka — Personal Data Protection Act No. 9 of 2022 (PDPA)
  • India — Digital Personal Data Protection Act, 2023 (DPDPA)
  • Pakistan — Prevention of Electronic Crimes Act, 2016 (PECA)
  • Iraq — Iraqi Constitution (Article 17 — Right to Privacy)
  • Bangladesh — Digital Security Act, 2018
  • Nigeria — Nigeria Data Protection Act (NDPA), 2023

2. Information We Collect

2.1 Information You Provide

  • Account Information: Telegram user ID, username, first name, last name, and language preference.
  • Profile Information: Display name, bio, and profile photo.
  • User-Generated Content: Fuel status reports, posts, chat messages, comments, and votes.
  • Geo-Alert Preferences: Location coordinates and radius settings.

2.2 Information Collected Automatically

  • Location Data: With your explicit consent, GPS coordinates to show nearby fuel stations.
  • Device Information: Device type, OS, browser type, language settings.
  • Usage Data: Pages visited, features used, timestamps.
  • Log Data: IP address, access times, referring URLs.

2.3 Information from Third Parties

  • Telegram: Your Telegram user data as authorized by the platform.
  • Map Services: OpenStreetMap / CartoDB tile services for map rendering.

3. How We Use Your Information

  • Service Provision: To operate and improve PetrolPulse features.
  • Personalization: Display content in your preferred language and location.
  • Communication: Fuel availability alerts and system notifications.
  • Safety & Security: Detect and prevent fraud, abuse, spam.
  • Analytics: Understand usage patterns (aggregated, non-identifying).
  • Legal Compliance: Comply with applicable laws.

4. Legal Basis for Processing

  • Consent: Explicit consent for location permissions, account creation, content submission.
  • Contractual Necessity: Processing to provide the Service.
  • Legitimate Interest: Security, fraud prevention, service improvement.
  • Legal Obligation: Where required by law.

Under India's DPDPA 2023 and Sri Lanka's PDPA 2022, we act as a "Data Fiduciary" / "Controller".

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information:

  • Public Content: Fuel reports and chat messages are visible to other users.
  • Service Providers: Supabase (EU — Stockholm), Vercel, Telegram.
  • Legal Requirements: When required by law or court order.
  • Safety: To protect rights, safety, and property.

6. International Data Transfers

Our servers are in the EU (Stockholm, Sweden). We ensure appropriate safeguards:

  • Data processing agreements with all providers
  • Encryption in transit (TLS/SSL) and at rest
  • Compliance with cross-border transfer requirements

7. Data Retention

  • Account Data: Retained while active. Deleted within 30 days of request.
  • Fuel Reports: Auto-expire after 6 hours. Analytics retained up to 12 months.
  • Chat Messages: Retained for the lifetime of the chat room.
  • Log Data: Retained up to 90 days.

8. Your Rights

Depending on your jurisdiction:

  • Right to access, correct, and delete your data
  • Right to withdraw consent at any time
  • Right to data portability

India (DPDPA 2023): Right to nominate another person. Grievance redressal with Data Protection Board.

Sri Lanka (PDPA 2022): Right to object. Complaint to Data Protection Authority.

Nigeria (NDPA 2023): Right to object to direct marketing. Complaint to NDPC.

9. Data Security

  • HTTPS/TLS encryption for all data transmission
  • Row Level Security (RLS) on all database tables
  • HMAC-SHA256 verification for Telegram authentication
  • Rate limiting to prevent abuse
  • Regular security audits

No method of transmission is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

PetrolPulse is not intended for children under 16 (or 18 in India per DPDPA 2023). We do not knowingly collect data from children.

11. Cookies and Tracking

Our website uses minimal, essential cookies. We do not use third-party advertising cookies or cross-site tracking.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use after changes constitutes acceptance.

13. Contact Us