Legal
Privacy Policy
Last updated: June 3, 2026
Fuel Pass IN is a digital fuel rationing platform. We collect only the minimum data required to operate the system. We do not sell, share, or monetise your personal data.
1. Information We Collect
When you use the Fuel Pass IN citizen app, we collect:
- Mobile number — used as your unique identifier and for OTP authentication
- Full name — displayed on your account and fuel receipts
- Vehicle information — registration number, fuel type, and vehicle category
- FCM device token — used to send push notifications for fuel dispensing events
- Fuel transaction records — date, time, litres dispensed, station, and remaining quota
We do not collect location data, contact lists, photos, or any data beyond what is listed above.
2. How We Use Your Information
- To verify your identity via OTP before granting access
- To generate and validate your digital fuel pass QR code
- To track your weekly fuel quota and prevent over-dispensing
- To send push notifications when fuel is dispensed to your vehicle
- To maintain an audit trail for government reporting purposes
3. Data Sharing
Your data is shared only with:
- Authorised pump operators — see your vehicle registration, owner name, and remaining quota when scanning your QR code
- Authorised administrators — access transaction reports for auditing and quota management
- Twilio — your mobile number is sent to Twilio to deliver OTP messages (governed by Twilio's privacy policy)
- Firebase (Google) — your device token is used to deliver push notifications (governed by Google's privacy policy)
We do not sell, rent, or share your data with any third party for marketing or commercial purposes.
4. QR Code Security
Your QR pass is cryptographically signed using HMAC-SHA256 with a unique per-vehicle secret key. Each code expires after 5 minutes, preventing reuse or sharing. The QR payload contains your vehicle ID and a timestamp — it does not contain your name, mobile number, or any sensitive personal information.
5. Data Retention
- Account data — retained while your account is active
- Transaction records — retained for a minimum of 3 years for auditing purposes
- OTP codes — not stored; verified in real-time via Twilio and discarded
- FCM tokens — updated on each app login; old tokens are overwritten
6. Your Rights
You have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate data (e.g. wrong vehicle plate)
- Request deletion of your account and associated data, subject to legal retention requirements
To exercise these rights, contact the system administrator through the Fuel Pass IN platform.
7. Security
Fuel Pass IN uses industry-standard security measures including JWT authentication, HMAC-signed QR codes, TLS encryption in transit, and database-level access controls. All API requests require a valid application key and authenticated session token.
8. Changes to This Policy
We may update this policy as the platform evolves. Significant changes will be communicated via push notification. The "last updated" date at the top of this page reflects the most recent revision.
9. Contact
For privacy-related queries, please contact the system administrator through the Fuel Pass IN admin panel at fuelpass.in/admin.