Drivko Privacy Policy

1. Who we are

Drivko is operated by Ryan Cortinas, sole trader, trading as Drivko.

We're the "data controller" under UK data protection law — meaning we decide why and how your information gets used.

• Email: privacy@drivko.co.uk
• ICO registration number: [TO BE INSERTED ONCE REGISTERED]

We don't currently publish a postal address. Email is the fastest way to reach us, and the only contact channel we monitor. If you need to reach us about anything in this policy, including exercising any of the rights below, email privacy@drivko.co.uk and we'll get back to you within 5 working days.

When Drivko incorporates as a limited company in the future, this policy will be updated and we'll ask you to read and agree to the new version inside the app.

2. The information we collect

When you sign up

• Your email address (via Auth0, our sign-in provider)
• Your name (whatever you provided to Auth0 — typically the name on your Apple / Google / email account)
• Your postcode (so we can show you locally relevant fuel prices and renewal information)

When you enable multi-factor authentication (MFA)

If you choose to enable multi-factor authentication for your account, we collect additional information depending on the method you pick:

• Authenticator app (TOTP) — we register a cryptographic secret with your chosen app (Google Authenticator, 1Password, Authy, etc.). No personal information is shared — just a secret that lets us verify 6-digit codes you enter from the app.
• Auth0 Guardian — our authentication provider (Auth0) registers your device for push notifications. No personal information is shared with Drivko directly; Auth0 handles the push delivery.
• Email MFA — we send a verification code to the email address you already registered. We don't collect a new email for this.

We do not currently offer SMS-based MFA. If we add it in the future, this policy will be updated and you'll be asked to read the new version inside the app.

Why we collect this: to provide secure access to your Drivko account. This is part of the service you signed up for — UK GDPR Article 6(1)(b), "performance of a contract".

Auth0's role: Auth0 acts as a data processor on our behalf for authentication. Drivko remains the data controller responsible for your information. Auth0's own privacy practices: auth0.com/privacy

Your control: you can disable MFA or change your method at any time via Profile → Security. If you lose access to your device, email privacy@drivko.co.uk for recovery.

When you add a car

• Your vehicle registration (number plate)
• Public DVLA / DVSA records linked to that registration — fuel type, engine size, CO₂ emissions, MOT history, tax status, year of manufacture, colour. This is information the UK government already publishes about every UK-registered vehicle.
• Anything you choose to add manually — insurance renewal date, next service date, custom model name

When you log a fill-up

• The amount you spent and how many litres you bought
• Your odometer reading
• The forecourt name (if you tell us, or if we detected it for you)
• Any notes you add

When you scan a receipt (Receipt OCR)

If you choose to attach a fuel or service receipt to a fill-up, we read the receipt to extract:

• Forecourt name and date
• Fuel grade and price-per-litre
• Total amount paid and litres
• VAT details (if you're a Drivko Club Premium subscriber and use receipt scanning to capture VAT for HMRC purposes)

What we do with this:

• Your personal record — we use the extracted details to populate your fill-up entry so you don't have to type it twice. The receipt image itself is discarded after extraction unless you're a Drivko Club Premium subscriber. The text data extracted from the receipt stays on your fill-up record permanently because it's part of your fuel log.
• Drivko Club Premium subscribers (future paid tier) — when this launches, Premium subscribers will optionally have receipt images stored against their fill-ups (in our R2 bucket) for HMRC retention purposes (7 years for VAT-registered traders) and to power VAT reports. Free users never have their receipt images stored.
• Improving our fuel price database — the price-per-litre and forecourt details we read from receipts also help us validate and update the prices we hold in our own database. The data we use for this is anonymised at extraction — we keep "Sainsbury's Thanet, E10, 147.9p, 6 May 2026" but we don't keep "Ryan Cortinas paid that price". Your individual receipts are never visible to other users or to anyone outside Drivko.
• In a future product, this anonymised price data may be shared with petrol forecourt operators as competitive pricing intelligence. The data they would see is the same kind of information that's already publicly displayed on a pump label. No personal information about you, your car, or your individual fill-ups would ever be included. This product doesn't exist yet at v1 launch; when we ship it, this policy will be updated.

When you use Fuel Finder or Smart Fill-Up

• Your location at that moment, used to find the forecourt nearest to you. The location is sent to our backend only — we look up prices in our own database and return the results. Your location is never sent to gov.uk Fuel Finder or any third party. We don't store these location queries — they're used to answer a single question and then discarded.

When you visit a forecourt (Forecourt Mode)

Forecourt Mode is an opt-in feature, off by default. If you enable it in Settings, Drivko uses your phone's OS-level geofence to detect when you arrive at a UK forecourt. When that happens, we record:

• The forecourt's Drivko station_id — a 5-digit identifier we assign internally (not GPS coordinates, not a street address)
• A timestamp — when you arrived
• Your account ID

What we don't record:

• Your precise GPS location
• Your route to or from the forecourt
• Anything about what happened while you were there (unless you choose to log a fill-up)

How long we keep it: 30 days by default, then automatically deleted. You can shorten this in Settings.

Why we collect this:

• To match your fill-up logs to the forecourt you were at, so you don't have to type it in
• To prompt you about fill-ups you may have forgotten to log ("Did you fill up at Sainsbury's Thanet on Tuesday?")
• To cross-check error reports you submit (if you report a price was wrong at a forecourt, we can confirm you were there)
• To produce anonymised footfall statistics — these are de-identified at source and used in our future B2B Insights product (see Section 4)

Lawful basis:

• Art. 6(1)(b) (Performance of a contract) — for the forecourt-matching and inferred-fill-up features, which are the reason you turned the feature on.
• Art. 6(1)(f) (Legitimate interest) — for cross-checking error reports and producing anonymised footfall statistics. We've completed a Legitimate Interests Assessment for both: the data is minimal (a station_id, not GPS), short-lived (30 days), and the anonymised statistics can never be re-identified to you.

Your control:

• Toggle Forecourt Mode off at any time in Settings → Privacy. The feature stops working immediately.
• View your visit history in Settings → Privacy → Visits.
• Delete individual visits, or clear all visit history, with one tap.
• Revoke OS-level location permission for Drivko entirely — this disables Forecourt Mode AND Fuel Finder.

When you submit an error report

If you spot incorrect data about a forecourt (wrong brand, wrong price, wrong opening times, etc.) and use the "Report an issue" feature, we collect:

• The forecourt the report is about (its Drivko station_id)
• What's wrong (the category you picked + any notes you typed)
• Your account ID, so we can come back to you if we need clarification
• Photos you choose to attach as evidence (e.g. a photo of the pump display, the price sign, or your receipt). Photos are optional.

Where photos are stored: in our Cloudflare R2 bucket, on UK / EU infrastructure. They're visible to Drivko admin staff (currently just Ryan) when triaging the report. They're never published publicly.

How long we keep it: reports and any attached photos are kept until the issue is resolved + 6 months for audit purposes, then deleted.

Privacy guidance for photos:

• Try to capture only what supports your report (pump display, price sign, your own receipt).
• Avoid including faces, other people's number plates, or other identifying details.
• If you accidentally include any, email privacy@drivko.co.uk and we'll redact or delete the photo.

Lawful basis: Art. 6(1)(b) (Performance of a contract — the reporting feature you used) and Art. 6(1)(c) (Legal obligation — the gov.uk Fuel Finder API terms of use require us to forward verified error reports to gov.uk's official reporting form).

How Drivko's fuel data relates to gov.uk

Drivko ingests fuel-price and forecourt data from the gov.uk Fuel Finder open feed every 30 minutes. We hold this data in our own database alongside two layers of Drivko-specific information:

1. Our internal station_id — a 5-digit identifier we assign to every forecourt so we can link data across our systems. The government's own node_id is still stored alongside it; we never alter the government's data.
2. Drivko-verified corrections — where a user error report has been confirmed, we apply that correction internally and forward it to gov.uk via their official web form. Until gov.uk updates their feed, Drivko shows the corrected version with a "Drivko verified" tag plus a timestamp.

For prices specifically: if a user reports a price is wrong and we verify the report, the corrected price will be shown in the app — clearly labelled as "Drivko verified" with a timestamp — for as long as the gov.uk feed still has the stale figure. Once gov.uk's feed catches up, we fall straight back to the official price.

We do not permanently override gov.uk's price data. Forecourts must refresh their gov.uk prices within 30 minutes of any change, so any genuine discrepancy resolves itself quickly through the feed.

When we make predictions (MOT failure forecasting and similar)

Drivko v1.x will include features that predict when a car is likely to need attention — for example, an MOT defect that started as an "advisory" two years ago and a "minor" last year may be likely to become a "major fail" at this year's test. These predictions are derived from:

• Your car's public MOT history
• Your fill-up data (mileage and frequency)
• Aggregate patterns across all Drivko users, anonymised

What these predictions are not:

• They are not automated decisions that have legal or significant effects on you. Drivko's predictions are advisory.
• They are not shared with insurers, MOT centres, or anyone else.
• They are not factored into any pricing, offer eligibility, or account decision.

Your control:

• Mark any predicted issue as "Fixed" if you've already had it sorted — it'll stop showing.
• Dispute a prediction by emailing privacy@drivko.co.uk.
• Opt out of receiving predictive suggestions entirely in Settings.

This feature isn't in v1 at launch — it ships in v1.x. When it does, this policy will be updated.

What we don't collect

• We don't access your contacts, photos (other than ones you explicitly attach to an error report), microphone, or any other apps on your phone
• We don't read your text messages or emails
• We don't track your driving — we have no way to know how fast you drove, where you went, or when. We only know what you log
• Background location: by default, Drivko only checks your location when the app is open. If you turn on Forecourt Mode, we use an OS-level geofence — a single trigger when you arrive at a known forecourt — not continuous tracking

3. Why we use your information (lawful basis)

Under UK GDPR, we have to have a specific legal reason to use your information. Different parts of Drivko rely on different reasons:

To deliver the service you signed up for ("performance of a contract")

This covers most of what we do:

• Storing your account so you can sign back in
• Storing your cars and fill-ups so you can see them later
• Sending you renewal reminders for MOT, tax, insurance, and service
• Showing you nearby fuel prices when you ask
• Computing your MPG, cost-per-mile, and other insights

To meet our legal obligations ("legal obligation")

• Keeping records that HMRC requires (only relevant if you become a paid Drivko Club Premium subscriber in future)
• Responding to lawful requests from UK regulators

To run the business sensibly ("legitimate interest")

• Detecting fraudulent or abusive use of the app
• Understanding which features people use, so we know what to improve
• Improving the security of our systems

Where you've given us permission ("consent")

• Sending you marketing communications (off by default — you'd have to opt in)
• Sharing anonymised aggregate statistics with third parties
• Showing you offers from petrol retail partners through our future Retailer Offers system

You can withdraw any of these consents at any time without affecting your use of the rest of the app.

4. Who we share your information with

We use a small number of trusted suppliers to run Drivko. We only share what they need to do their job, and never for marketing or onward sale.

All of these are bound by data-processing contracts requiring them to handle your information in line with UK GDPR. They cannot use your data for their own purposes.

Affiliate partners

Drivko earns revenue partly through affiliate links to other services that drivers find useful — MOT bookings, servicing, insurance, breakdown cover, and similar. Affiliate links are routed through AWIN, the affiliate network we use to track which clicks turn into bookings.

How it works:

• You tap a partner offer in Drivko
• The link opens in your phone's browser and routes through AWIN's tracking redirect
• AWIN sees the click and assigns it an anonymous identifier
• If you go on to book or buy from the partner, AWIN attributes the click to Drivko and pays us a small commission
• AWIN does NOT see your name, email, postcode, or car details unless you choose to share them on the partner's site

In some cases, we may pre-fill a quote form for you (e.g. taking you to an insurance comparison site with your registration and postcode already populated). When this happens, we tell you exactly what's being passed before you tap the link, you can edit any pre-filled field on the partner's site, and once you're on the partner's site, their privacy policy applies.

What we don't do

• We don't sell information that identifies you. No advertiser, insurer, marketer, or other partner will ever receive your name, email, address, full registration, fill-up history, or anything else that points to you personally.
• We don't share data with ad networks. Drivko does not include Google AdMob, Facebook Audience Network, or any third-party advertising SDK.
• We don't share who you are with petrol retailers. When the future Retailer Offers system launches, retailers can target offers based on attributes but they never see who you are.
• We don't pass your data to insurers unless you specifically opt in to a quote-comparison feature.
• The analytics and crash-reporting we do use are de-identified. PostHog and Sentry receive an anonymous device identifier and the event or stack trace — never your email, name, postcode, fill-up details, or anything that points to you personally.

5. Where your information is stored

Drivko's primary backend runs on Cloudflare's UK and EU edge infrastructure. Some of our suppliers (Auth0, SendGrid, PostHog, Sentry) operate internationally — your data may be processed in countries outside the UK, including the United States.

When this happens, we rely on UK adequacy decisions or Standard Contractual Clauses approved by the ICO to make sure your data is protected to UK standards.

6. How long we keep your information

• Account information: for as long as you have an account. If you delete your account, we delete your information within 30 days, except where we're legally required to keep certain records longer.
• Fill-up records: same as your account.
• Forecourt-visit records (Forecourt Mode): 30 days, then automatically deleted.
• Error reports and any attached photos: kept until the issue is resolved + 6 months for audit, then deleted.
• Anonymised analytics and footfall statistics: kept indefinitely in aggregated form.
• Crash reports: 90 days, then deleted.
• Backups: up to 30 days after deletion, after which backups are overwritten.

7. Your rights

UK GDPR gives you eight rights over your information. You can exercise any of them by emailing privacy@drivko.co.uk.

1. The right to be informed — what this policy is for
2. The right of access — ask us for a copy of everything we hold about you
3. The right to rectification — correct anything that's wrong
4. The right to erasure ("right to be forgotten") — ask us to delete your information
5. The right to restrict processing — ask us to pause using your information while a complaint is sorted out
6. The right to data portability — get your information in a portable format so you can take it elsewhere
7. The right to object — object to us using your information for any of the "legitimate interest" purposes above
8. Rights related to automated decisions — Drivko doesn't make automated decisions that have legal or significant effects on you, but if that ever changed, you'd have the right to challenge them

We respond to all rights requests within 30 days.

8. Marketing

We don't send marketing emails or push notifications by default.

If you opt in to marketing, we'll send you occasional emails about new Drivko features, partner offers, or news that's relevant to UK drivers. You can opt out at any time via the unsubscribe link, your Profile toggle, or emailing privacy@drivko.co.uk.

Opting out of marketing doesn't affect transactional messages — things like renewal reminders or account security alerts.

9. Cookies and similar technologies

The Drivko mobile app doesn't use cookies (cookies are a web concept). It does use:

• Local storage on your phone — to remember you're signed in and to cache things like your last-seen forecourt list, so the app works fast even when offline
• Analytics events (via PostHog) — to count things like "how many people opened Fuel Finder this week". Events are tied to an anonymous device identifier — never your email, name, postcode, or fill-up details.
• Crash and error reports (via Sentry) — to catch bugs and fix them. Reports include a stack trace and an anonymous device identifier.

The Drivko website (drivko.co.uk) uses minimal cookies for basic site functionality only. We don't use advertising or tracking cookies.

10. Children

Drivko is designed for UK drivers, who must be at least 17 to hold a provisional driving licence. We don't knowingly collect information from anyone under 17.

If you're a parent or guardian and you believe your child has signed up to Drivko without your permission, please email privacy@drivko.co.uk and we'll delete the account.

11. Security

We protect your information with:

• Encryption in transit — all communication between the Drivko app and our servers is encrypted using TLS
• Encryption at rest — your data is encrypted on disk in our database
• Authentication via Auth0 — sign-in is handled by an industry-standard identity provider
• Limited access — only Ryan, as the sole trader running Drivko, has access to the production database
• Regular updates — we patch security vulnerabilities as soon as they're disclosed

No system is perfectly secure. If we ever discover a breach that affects your personal information, we'll notify you and the ICO within 72 hours, as UK GDPR requires.

12. Changes to this policy

What's new in version 1.1 (11 May 2026): added sections covering Forecourt Mode (opt-in geofence-based visit detection), the in-app forecourt error reporting feature, how Drivko's internal station_id namespace relates to gov.uk's node_id, and a preview of the v1.x MOT-failure prediction feature. Clarified that "Drivko verified" price corrections show in the app while the gov.uk feed is still stale. Added AWS, PostHog and Sentry to the supplier table.

We'll change this policy as Drivko evolves. When we do, we'll bump the version number, show you the new policy inside the app, and ask you to confirm you've read it. For significant changes we'll require fresh consent before you can keep using Drivko.

13. Complaints

If you think we've handled your information badly, email privacy@drivko.co.uk first — most issues we can sort out quickly.

If we can't resolve it, you have the right to complain to the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Getting in touch

For anything in this policy, including exercising any of the rights in section 7:

Email: privacy@drivko.co.uk

We aim to reply within 5 working days. For formal rights requests under UK GDPR, our response time is 30 days at the latest.

This policy is written in plain English in line with the ICO's guidance on transparency. If anything's unclear, please tell us — we'd rather rewrite a paragraph than leave you guessing.