Privacy Policy

Overview

WayPal ("we", "our", or "us") is a mobile application designed to help drivers track mileage, manage expenses, and access smart driving tools. We are committed to protecting your personal information and being transparent about what data we collect and why.

This Privacy Policy applies to the WayPal mobile application (iOS and Android), the WayPal website, and any related services we provide. By using WayPal, you agree to the collection and use of information described in this policy.

If you do not agree with the terms of this policy, please do not use our services.

Information We Collect

We collect the following categories of information when you use WayPal:

Account Information

• Your name and email address, provided during registration
• A securely hashed password — we never store your password in plain text
• Account creation date and last activity timestamp

Trip & Mileage Data

• Origin and destination addresses or location names you enter manually
• Trip distance (kilometres or miles), date, and purpose
• Trip type (e.g. work start, client visit, personal) and notes you add
• Calculated mileage value based on your configured rate

Vehicle Information

• Vehicle nickname, make, model, year, and licence plate
• Odometer readings (start of year and current/end of year)

Expense Data

• Vendor name, expense category (e.g. fuel, maintenance, parking), and item description
• Amounts (subtotal, fees, tax, and total)
• Payment method and business purpose
• Whether a receipt exists and any associated notes

User Preferences

• Distance unit preference (kilometres or miles)
• Mileage rate per unit
• Display preferences such as theme, text size, and density

Technical & Usage Data

• Device type, operating system, and app version
• IP address and approximate geographic region (for security and fraud prevention only)
• Authentication tokens and session data
• Error logs and crash reports (anonymised)

How We Use Your Data

We use the data we collect for the following purposes:

• Providing the service: Storing your trips, expenses, and vehicle data so you can access and manage them across sessions and devices.
• Generating reports: Producing monthly, yearly, and on-demand summaries of your mileage, expenses, and business-use percentage for your own records.
• Personalisation: Remembering your preferences (units, mileage rate, route templates) to provide a consistent experience.
• Security: Detecting and preventing unauthorised access, fraud, and abuse of our services.
• Communications: Sending transactional emails such as account verification, password resets, and important service notices. We do not send marketing emails without your explicit consent.
• Service improvement: Analysing aggregated, anonymised usage patterns to understand how the app is used and where improvements can be made.
• Legal compliance: Fulfilling our legal obligations and responding to lawful requests from authorities where required.

We do not use your data for advertising purposes. We do not build advertising profiles or share your data with advertising networks.

Data Storage & Security

Your data is stored on secure servers. We implement industry-standard security measures to protect your information from unauthorised access, alteration, disclosure, or destruction.

Security measures we use

• All data in transit is encrypted using TLS (HTTPS)
• Passwords are hashed using bcrypt — your actual password is never stored
• Authentication uses Laravel Sanctum with short-lived session tokens
• Database access is restricted by strict firewall rules and access controls
• Regular backups are taken with encryption at rest

Data retention

We retain your data for as long as your account remains active. If you delete your account, we will permanently delete your personal data within 30 days, except where we are required to retain it for legal or compliance reasons.

Anonymised, aggregated data (e.g. usage statistics that cannot identify you) may be retained indefinitely for service improvement purposes.

Data Sharing

We do not sell your personal data. We do not share your personal information with third parties for their marketing purposes.

We may share data in the following limited circumstances:

• Service providers: We use trusted third-party service providers (such as hosting and email providers) who process data on our behalf. These providers are bound by data processing agreements and may not use your data for any other purpose.
• Legal requirements: We may disclose your information if required to do so by law, court order, or in response to a valid request from a government authority.
• Business transfers: If WayPal is acquired by or merged with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• With your consent: We may share data in any other way with your explicit consent.

Your Rights

You have the following rights regarding your personal data:

• Access: You can request a copy of all personal data we hold about you.
• Correction: You can update or correct inaccurate data directly within the app settings, or by contacting us.
• Deletion: You can request deletion of your account and all associated data at any time. We will process this within 30 days.
• Export: You can export your trips and expenses in CSV format from the Reports section of the app.
• Restriction: You can request that we restrict processing of your data in certain circumstances.
• Portability: You can request your data in a structured, machine-readable format.
• Objection: You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@waypal.app. We will respond within 30 days.

Cookies & Local Storage

The WayPal mobile app uses local device storage (not browser cookies) to store authentication tokens and your display preferences (such as theme and text size). This data stays on your device and is not transmitted to our servers except as part of normal API authentication.

The WayPal website uses a session cookie for CSRF (cross-site request forgery) protection, which is a standard security measure. We do not use tracking cookies, analytics cookies, or third-party advertising cookies on our website.

Third-Party Services

WayPal uses the following third-party services in connection with its operations:

• Hosting infrastructure: Our backend servers are hosted with reputable cloud providers who are bound by strict data processing agreements.
• Transactional email: We use a transactional email provider to send account verification and password reset emails. These providers only receive the email address and message content required to deliver the email.
• Apple App Store / Google Play: App distribution is handled by Apple and Google. Their privacy practices are governed by their own policies.

We do not integrate with social media platforms, advertising networks, or data brokers. Any future integrations will be disclosed in an update to this policy.

Children's Privacy

WayPal is not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children.

If you believe a child has provided us with personal information, please contact us immediately at privacy@waypal.app and we will delete the information promptly.

Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by:

• Updating the "Last updated" date at the top of this page
• Sending a notification to your registered email address
• Displaying a notice in the WayPal app

Your continued use of WayPal after changes become effective constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

• Email: privacy@waypal.app
• General support: hello@waypal.app

We aim to respond to all privacy-related enquiries within 5 business days.