Privacy Policy

Account Information

• Email address
• Display name (optional)
• Password (hashed with bcryptjs, never stored in plain text)
• Apple ID (if using Apple Sign-In)
• Google ID (if using Google Sign-In, pending future activation)
• Full name (optional, used on tax documents and PDF exports)
• Account creation date and login history
• Avatar selection (user-chosen vehicle illustration, never a photo)

Location Data

• GPS coordinates and altitude
• Real-time location during active shifts (with your explicit permission)
• Significant location changes outside shifts for drive detection
• Location history for route replay and trip reconstruction
• GPS quality metadata (percentage of high-accuracy fixes, outliers dropped, road map-matching success - used internally to improve trip accuracy, not sold or shared)

Location tracking requires you to grant background location permissions on your device. See Section 4 for full details on how we use this data.

Vehicle Information

• Make and model
• Year of manufacture
• Fuel type (petrol, diesel, electric, hybrid)
• Registration plate (used for DVLA lookup to confirm vehicle details)
• Miles per gallon (MPG) or efficiency rating

Trip and Shift Data

• Shift start and end times
• Trip start and end coordinates
• Trip addresses and route information
• Distance travelled in miles (calculated via OSRM road routing and Haversine formula)
• Trip classification (business or personal)
• GPS breadcrumbs and precise location history
• Trip notes and comments you add
• Platform tags (Uber, Deliveroo, Amazon Flex, etc.)

Earnings and Financial Data

• Earnings from gig platforms (manually entered)
• CSV import of earnings data with platform auto-detection
• Open Banking data via Plaid (premium users only) for automatic transaction import
• Payment method information (card details are processed by Stripe or Apple; we never store them)
• Stripe customer ID and subscription ID (web purchases)
• Apple original transaction ID and appAccountToken (your UUID passed to Apple for linking IAP to your account)

Fuel and Maintenance Data

• Fuel fill-up records (litres, cost, date)
• Fuel station name and location
• Odometer readings

Usage and Device Data

• Device type and operating system
• App version and build number
• Feature usage analytics (anonymous)
• Session information (login/logout times)
• Error logs and crash reports
• Diagnostic telemetry (drive detection status, GPS permission status, app configuration, last 50 detection events)

Driving Analytics Data

• Route patterns derived from trip start/end coordinates (clustered within 500m)
• Shift duration and earnings correlations
• Fuel cost calculations per vehicle
• Commute timing patterns between saved locations
• Day-of-week earnings distributions

Saved Locations & Geofencing

• Named GPS coordinates (home, work, depot, custom)
• Geofence entry/exit events for automatic trip detection
• Geofence radius settings (default 150m)
• Departure anchor coordinates (temporary, your last stationary position, stored locally on device only)

Bluetooth Data

• Vehicle Bluetooth device names (user-configured, not scanned)
• Bluetooth pairing state used solely to confirm trip starts - no audio, contacts, or other Bluetooth data is accessed

Receipt Data (On-Device OCR)

• Receipt images are processed using Apple Vision framework (on-device only)
• Receipt images are never sent to our servers or any cloud service
• Extracted text (merchant name, amount, date) may be stored locally and synced to your account for earnings tracking

Privacy note: Receipt OCR runs entirely on your device. The images themselves never leave your phone.

Accountant Portal Data

• If you grant an accountant read-only access, they can view: trips, mileage deductions, HMRC calculations, earnings, and fuel logs
• Accountants do not need a MileClear account; they access via a token-based API
• You control access: generate, view, and revoke accountant tokens at any time in Settings
• Accountants cannot modify, delete, or export your data

Your accountant is your chosen third party, not a sub-processor of MileClear. You are responsible for their privacy and data handling.

Local-Only Data (never synced to our servers)

• Dashboard alert dismiss timestamps (24-hour cooldown)
• Work schedule preferences (days and hours)
• Layout customisation preferences
• Notification preference toggles

Essential Service Functions

• Creating and managing your account
• Authenticating you at login (email, Apple, or Google)
• Tracking mileage and trips in real-time
• Calculating HMRC-compliant tax deductions (45p/mile for cars up to 10,000 miles, 25p/mile thereafter; 24p/mile for motorbikes)
• Generating export files for tax reporting (PDF, CSV) and accounting software (Xero, FreeAgent, QuickBooks)
• Sharing trip data with accountants via token-based access if you grant permission

Premium Features

• Earnings tracking and automatic import via Open Banking (Plaid)
• Advanced analytics and performance metrics
• HMRC export functionality
• Unlimited saved locations (free tier capped at 2)

Gamification and Engagement

• Tracking achievements and badges
• Calculating gamification stats (safety score, efficiency, consistency)
• Displaying leaderboards and milestones

Billing and Subscriptions

• Processing subscription payments via Stripe (web) or Apple In-App Purchase (iOS)
• Validating Apple IAP receipts and transaction IDs with Apple's App Store Server API
• Managing premium feature access
• Handling refunds and cancellations
• Sending billing notifications and receipts

Communication

• Responding to support inquiries
• Sending account notifications (login alerts, password reset, verification)
• Service updates and maintenance notices
• Feature announcements (only with your consent)

Analytics and Improvement

• Analysing app usage patterns to improve service quality
• Debugging technical issues and improving app stability
• Understanding user behaviour for feature development
• Generating anonymised analytics and reports
• Generating driving analytics (route patterns, shift efficiency, fuel cost breakdowns)
• Providing smart dashboard alerts based on your driving patterns
• Sending scheduled push notifications (weekly summaries, streak reminders, tax deadline alerts)
• Detecting trip starts via Bluetooth vehicle pairing and geofence triggers

Legal and Safety

• Complying with legal obligations and court orders
• Detecting and preventing fraud or abuse
• Enforcing our Terms of Service and other agreements

Consent (Article 6(1)(a))

We rely on your explicit consent for:

• Background location tracking during active shifts
• Significant location change detection outside shifts
• Sending marketing communications or newsletters (opt-in)
• Using Open Banking (Plaid) to import earnings data
• Granting accountants read-only access to your data via token

You can withdraw consent at any time by disabling location permissions on your device settings, unsubscribing from communications, or revoking accountant access in Settings.

Contract (Article 6(1)(b))

We process data necessary to fulfil our contract with you:

• Account creation and authentication
• Trip tracking and mileage calculation
• Billing and subscription management
• Providing support services

Legitimate Interest (Article 6(1)(f))

We process data where we have a legitimate business interest:

• Analytics and service improvement (understanding usage patterns)
• Fraud detection and abuse prevention
• App stability, debugging and drive detection improvement (error logs, diagnostic telemetry, event logs)
• Security monitoring and protection against unauthorised access
• Vehicle registration lookup via DVLA API to confirm you own the vehicles you register

We conduct balancing tests to ensure our interests do not override your privacy rights. You have the right to object to this processing.

Diagnostic Telemetry

To improve drive detection and troubleshoot issues, MileClear collects non-sensitive diagnostic data on each app startup and each time the app comes to the foreground (rate-limited to once per 24 hours):

• Drive detection status and GPS permission states (granted/denied)
• Notification permission state (granted/denied)
• Background task status (running/stopped)
• App version, build number, platform, and OS version
• Detection event log (last 50 events with timestamps and types only - no coordinates)
• App configuration settings (speed threshold, quiet hours, auto-recording status)

We do not collect GPS coordinates, location names, Bluetooth device names, or any personally identifying location data in diagnostics. This data is tied to your account for debugging purposes only.

Legal Obligation (Article 6(1)(c))

We process data to comply with UK laws:

• Tax reporting and HMRC compliance
• Responding to lawful government requests or court orders

How We Collect Location Data

• During Active Shifts: When you start a shift, we continuously record GPS coordinates at intervals (approximately every 50 metres or 10 seconds) to track your route and calculate distance. This requires your explicit permission via the “Allow Background Location” prompt on your device.
• Drive Detection: When shifts are inactive, we monitor for significant location changes (speed > 15mph) to detect if you're driving. GPS readings with poor accuracy (> 50m) are automatically filtered out to prevent false detections from indoor signal drift. Two or more consecutive high-speed readings are required before detection triggers. This uses low-power location services and requires background location permission.
• Departure Anchor: A temporary 200-metre geofence is placed around your last known stationary position. When you physically leave this area, drive detection is activated. This geofence operates at the OS level and can detect movement even if the app has been closed.
• Automatic Trip Recording: When driving is detected outside an active shift, MileClear may silently record GPS coordinates and automatically save a trip when a stop is detected (5+ minutes idle). These auto-recorded trips are stored as “unclassified” for your review.
• Stop Detection: We identify stops and trip boundaries by detecting when movement drops below 2.2 mph for more than 5 minutes during automatic recording, or when speed equals 0 for more than 2 minutes during active shifts.
• Road Routing: For distance accuracy, we send GPS traces to OSRM (OpenStreetMap Routing Machine), a public open-source service, for map-matching. This improves trip distance accuracy but means location traces pass through OSRM's servers. OSRM does not store your data long-term.

Your Control Over Location Data

• Mobile Settings: You can disable background location at any time in Settings > Privacy > Location on iOS or Settings > Apps > Permissions > Location on Android. The app will continue to work but cannot track trips.
• In-App Controls: You can pause tracking at any time by ending your shift. Location recording stops immediately.
• Deletion: You can delete individual trips or all location history from within the app. See Section 8 (Your Rights) for account deletion.

Storage and Privacy

• Location data is stored locally on your phone first (SQLite) before syncing to our secure server
• Offline-first design means tracking works even without internet
• GPS breadcrumbs enable trip replay and route verification for tax purposes
• Data is encrypted in transit (HTTPS) and at rest on our UK servers
• Only you and authorised app support staff can view your location data

Geofencing and Automatic Trip Detection

Saved locations can trigger automatic trip detection when you enter or leave a geofenced area. Additionally, a temporary “departure anchor” geofence (200m radius) is placed around your last stationary position to reliably detect when you start moving. Geofencing uses the same location permissions already granted for trip tracking. Geofence monitoring runs at the OS level in the background, which means it can function even when the app is not actively running.

Privacy Implications

We understand location data is highly sensitive and reveals personal habits, travel patterns, and private locations. Therefore:

• We never share raw location data with third parties (including your employers, Uber, Deliveroo, etc.)
• We only extract aggregate metrics: distance, duration, start/end points, and route summary
• Location data is never used for marketing or sold to advertisers
• We do not build detailed movement profiles or timelines of your personal activities

Essential Service Providers (Data Processors)

Stripe (Payment Processing - Web)

PCI DSS Level 1 compliant. We share: Stripe customer ID, subscription status, and transaction records. Card details are entered directly into Stripe's secure forms - we never see them.

Apple (In-App Purchase - iOS)

iOS subscriptions are processed by Apple via the App Store. We share: transaction ID and receipt data for validation with Apple's App Store Server API. Payment details are managed entirely by Apple - we never see them. We also pass your MileClear UUID to Apple as the appAccountToken for webhook linking.

Plaid (Open Banking)

Premium users only. Plaid Financial Ltd is FCA-authorised to provide Open Banking services in the UK. We share: a request to connect your bank account for earnings auto-import. Plaid acts as the intermediary - they do not store your bank login, only aggregated transaction data. Access tokens are encrypted at rest on our servers.

DVLA (Vehicle Registration Lookup)

We share: your vehicle registration plate to confirm make, model, fuel type, and CO2 emissions. Results are cached for 24 hours. DVLA does not store your lookup requests beyond processing.

OSRM (OpenStreetMap Routing Machine - Road Distance)

Public open-source routing service. We share: GPS coordinate traces from your trips for map-matching to improve distance accuracy. OSRM is stateless and does not store your traces long-term. No personal data is linked to these traces.

UK Government Fuel Finder API

We share: your device's approximate location (lat/lng) to retrieve nearby fuel station prices. No personally identifiable data is shared. Fuel Finder is the official UK government mandatory fuel price reporting API.

Brevo (Email SMTP)

We share: your email address for sending account verification codes, password reset links, welcome emails, and waitlist confirmations. Brevo is a GDPR-compliant email service provider based in France.

Expo Push Service (Push Notifications)

Push token and notification content only, used to deliver scheduled notifications (weekly summaries, streak reminders, tax deadline alerts).

Apple & Google (Authentication)

Sign-in only. We share: email address (sometimes) and sign-in request. We verify the token on our servers; Apple/Google do not see your other data. (Google Sign-In is currently paused pending future activation.)

Your Chosen Third Parties (Not Sub-Processors)

Accountants (Token-Based Read-Only Access)

If you grant an accountant access via a token in Settings, they can view your trips, mileage deductions, HMRC calculations, earnings, and fuel logs. They cannot modify or export your data. You fully control access: generate, view, and revoke tokens anytime. Your accountant is your chosen representative, not a sub-processor of MileClear. You are responsible for their privacy practices and data handling.

Legal Obligations

We may disclose your data if required by law (court order, government request, law enforcement) or to protect our legal rights. Such disclosures are made only where legally required and accompanied by appropriate safeguards.

What We Never Do

• Never sell personal data to advertisers, brokers, or third-party marketers
• Never share data with gig platforms (Uber, Deliveroo, etc.) without your explicit request
• Never share data with employers, tax authorities, or HMRC automatically
• Never use location data for targeted advertising
• Never build profiles for other companies

Data Processing Agreements

All third-party processors sign Data Processing Agreements (DPAs) under UK GDPR Article 28, guaranteeing:

• Processing only on our documented instructions
• Appropriate technical and organisational security measures
• Confidentiality and staff training requirements
• Sub-processor notifications and approvals

Trip Merging and Local Data

• Trip merging permanently combines 2-20 trips into one record. Original individual trip records are deleted and cannot be recovered.
• Local-only data (work schedule, alert dismissals, layout preferences) is stored on your device and deleted when you uninstall the app

Backups

MileClear maintains encrypted backups on UK servers. Upon account deletion, backups are purged within 30 days of deletion request.

Right of Access (Article 15)

You can request a copy of all your personal data. We provide it in a structured, portable format (JSON export).

How to request: Use the “Download My Data” button in Settings within the MileClear app, or email support@mileclear.com. We respond within 30 days.

Right of Rectification (Article 16)

You can correct or update inaccurate data (e.g., vehicle details, display name).

How to request: Edit your profile directly in the app (Settings > Account Info). For data you cannot edit, email support@mileclear.com.

Right of Erasure (“Right to Be Forgotten”) (Article 17)

You can delete your account and associated data (subject to legal obligations).

How to request: Click “Delete Account” in Settings > Account > Danger Zone, or email support@mileclear.com.

Exceptions: We may retain anonymised data and records required by tax law (7 years) or court order.

Right to Restrict Processing (Article 18)

You can ask us to limit how we use your data (e.g., stop analytics but keep account).

How to request: Email support@mileclear.com with details of what should be restricted.

Right to Data Portability (Article 20)

You can export your data in a machine-readable format to switch to another service.

How to request: Use “Download My Data” in Settings. We provide JSON format including trips, vehicles, earnings, and achievements.

Right to Object (Article 21)

You can object to processing based on legitimate interest (analytics, fraud detection).

How to request: Email support@mileclear.com stating which processing you object to.

Note: Objecting to essential processing (trip tracking, billing) may prevent the service from functioning.

Right Not to Be Subject to Automated Decision Making (Article 22)

You have the right to human review if we make decisions using only automated processing with legal effects.

Currently, we do not use fully automated decision-making. Decisions about premium access are made manually or with human oversight.

Authentication Tokens (Essential)

• Type: Stored in localStorage on web (mc_access_token, mc_refresh_token) and Expo SecureStore (encrypted keychain) on mobile
• Purpose: Keeping you logged in
• Expiry: 15 min (access token), 30 days (refresh token)
• Required: Yes, for service to function
• Consent: No additional consent needed (implied by Terms of Service)

Local Storage (Web App)

• What: Browser localStorage for UI preferences (theme, sidebar state, password storage state)
• Data stored: Non-personal (no PII, email, or location)
• Expires: Never (user can clear manually)

Third-Party Analytics

We do not use Google Analytics, Mixpanel, or similar cookie-based tracking on our website. No analytics cookies present.

Mobile App Storage

• SQLite database: Offline trip data, encrypted in Expo SecureStore
• User preferences: App settings stored locally
• No cookies: Mobile apps don't use HTTP cookies

Cookie Controls

You can delete cookies and local storage anytime via browser settings (Settings > Privacy > Clear Browsing Data). Doing so will log you out.

MileClear is not intended for users under 16 years old. We do not knowingly collect personal information from children under 16.

If you are under 16, please do not use MileClear. Parents/guardians who believe their child has provided information to us should contact support@mileclear.com immediately.

Note: For UK users between 16 and 18, parental or guardian consent is recommended (though not legally mandatory under UK GDPR). We do not specifically target under-18s. COPPA (US Children's Online Privacy Protection Act) does not apply to UK services, but we extend similar protections as best practice.

Technical Security

• Encryption in Transit: HTTPS/TLS 1.3 for all data transfers
• Encryption at Rest: MySQL database encryption and secure key storage
• Password Security: Bcrypt hashing (12 salt rounds), never plain text
• Token Security: JWT with signed secrets, 15-min expiry
• Mobile Storage: Expo SecureStore (encrypted keychain) for tokens and sensitive data
• Password Change: You can change your password anytime from Settings without requiring email verification

Infrastructure Security

• Hosting: UK-based server (Pixelish, 85.234.151.224) for data residency compliance
• SSL Certificates: Let's Encrypt via cPanel AutoSSL
• Firewall & Access: cPanel security, restricted shell access, no public SSH
• Rate Limiting: 5 login attempts per 15 minutes per IP (brute-force protection)
• Security Headers: Strict CSP, HSTS, and other standard security headers

Organisational Security

• Staff access is restricted to those who need it (principle of least privilege)
• No passwords or sensitive data hardcoded in source code
• Environment variables securely managed
• Regular security reviews and updates

Data Breaches

If we discover a security breach affecting your data, we will:

• Notify you within 72 hours (UK GDPR requirement)
• Provide details of affected data and our response
• Recommend steps you can take to protect yourself

Notification will be sent to your email on file and posted on our website.

Primary Storage: All user data is stored on UK-based servers (Pixelish, England) and does not leave the UK by default.

Third-Party Processors: Some third-party services may process data outside the UK:

• Stripe (USA): Subject to Data Processing Agreement and Standard Contractual Clauses (SCCs)
• Plaid (USA): Registered in EU/UK as Plaid Financial Ltd. Subject to DPA and SCCs
• Apple (USA): Authentication verification and In-App Purchase transaction validation. Subject to Apple's Data Processing Agreement
• Google (USA): Limited data transfer for authentication verification only (pending future activation)
• Brevo (France): Email service, GDPR-compliant EU processor

All international transfers comply with UK GDPR Article 46 (SCCs) and Data Protection Act 2018 Chapter 5. We have reviewed these services' security certifications and compliance frameworks.

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on mileclear.com
• Updating the “Last Updated” date (at the top of this document)
• Sending you an email notification (for significant changes)
• Requesting your explicit consent (if required by law)

Continued use of MileClear after changes constitutes acceptance of the updated policy.

MileClear uses automated processing to generate driving analytics, smart alerts, and trip classification suggestions. These are informational only and do not make decisions that produce legal or similarly significant effects. You can dismiss any automated insight from your dashboard.

For Privacy Inquiries

Please include details of your request (access, deletion, objection, etc.).

Response Time

We aim to respond to all data requests within 30 days (UK GDPR requirement). Complex requests may take longer; we will inform you.

Data Protection Authority

If you believe we have violated your privacy rights, you can lodge a complaint with the ICO free of charge.

Legal Disclaimer

This is a template privacy policy for informational purposes. It provides an overview of MileClear's data practices and UK GDPR compliance framework. While drafted to reflect current practices, specific implementation details and third-party integrations may vary. This policy does not constitute legal advice.

For legal advice tailored to your specific situation or for advice on data processing, consult with a qualified attorney specialising in UK data protection law.