Legal

Privacy Policy

Effective date: 8 April 2026

Carity is operated by Carity trading as Airhop Labs Limited of 3rd Floor, 86–90 Paul Street, London, EC2A 4NE ("Carity", "we", "us", or "our").

This Privacy Policy explains how we collect, use, store, and share information when you use the Carity iOS app, our app backend, and related support or operational services.

1. What Carity Does

Carity helps drivers access fuel and forecourt search features, save favourites, create fuel-price alerts, manage vehicle reminder information, receive push notifications, and access premium features where available.

Carity uses a secure backend so the app can:

  • verify device trust using Apple App Attest;
  • store app preferences and reminder settings;
  • mirror App Store entitlement state for app and support visibility;
  • deliver push notifications;
  • provide controlled access to selected upstream fuel and station data; and
  • support internal operational tools used to troubleshoot devices, feature access, and notification delivery.

2. Information We Collect

Depending on how you use Carity, we may collect and process the following categories of information.

A. Device and security information

  • app-generated device identifier;
  • App Attest key identifiers and related trust metadata;
  • cryptographic public-key material used to verify trusted app access;
  • bearer-token and trust-state metadata;
  • revocation and last-seen timestamps;
  • abuse-prevention and rate-limit data.

We use this information to protect the service against replay, abuse, unauthorized automation, and misuse.

B. Push notification information

  • Apple Push Notification service (APNS) token for your device;
  • notification delivery status and related operational records.

We use this information to send you alerts, reminders, and service notifications you have enabled.

C. App preferences and user-configured content

  • favourite stations or saved places;
  • fuel-price alerts, thresholds, search radius, and location inputs such as postcode-based alert settings;
  • feature-flag assignments relevant to your device;
  • app state returned through authenticated bootstrap or sync flows.

D. Vehicle and garage information

If you use garage or reminder features, we may process:

  • registration number;
  • vehicle nickname, make, model, colour, fuel type, and year of manufacture;
  • MOT expiry date, tax due date, and service due date;
  • reminder preferences and reminder-delivery history;
  • DVLA-enriched vehicle fields where you ask us to perform a lookup.

E. Payment and subscription mirror data

Apple is the payment processor and store of record. Carity does not replace Apple billing records. However, Carity may receive and store mirrored payment and entitlement information from the app, including:

  • App Store product identifiers;
  • entitlement key and status;
  • store environment;
  • transaction identifiers and original transaction identifiers;
  • purchase, expiry, revocation, and effective-end timestamps;
  • purchase-event metadata, and where relevant amount/currency information supplied by the app.

This helps us show premium state consistently in the app and support tooling.

F. Search and external-query information

When you use search or connected data features, we may process request data needed to fulfill the feature, such as:

  • station or route-search parameters;
  • postcode or geographic search inputs;
  • vehicle-registration lookup input where you request DVLA enrichment.

G. Admin, support, and operational records

We maintain internal operational records such as:

  • admin-user audit logs;
  • internal troubleshooting records;
  • push-job and delivery records;
  • security and service logs.

These records are used for security, fraud prevention, support, reliability, and accountability.

3. How We Use Information

We use personal data and device-linked data to:

  • provide the Carity app and its features;
  • establish and maintain trusted app access;
  • return your saved state across sessions on the same trusted device;
  • deliver push alerts and vehicle reminders you enable;
  • mirror premium entitlement state;
  • perform support and troubleshooting;
  • monitor reliability, detect misuse, and enforce rate limits;
  • improve service performance and product operations; and
  • comply with legal obligations and protect our rights.

4. Our Legal Bases

Where UK GDPR or EU GDPR applies, we generally rely on one or more of the following legal bases:

  • performance of a contract, where processing is needed to provide the app and its requested features;
  • legitimate interests, including service security, fraud prevention, abuse detection, operational monitoring, product improvement, and support;
  • consent, where required for push notifications or other optional processing; and
  • compliance with legal obligations.

5. Who We Share Information With

We may share relevant information with the following categories of recipients:

  • Apple, including Apple App Attest, Apple Push Notification service, and the App Store ecosystem;
  • Cloudflare, which supports our worker runtime, storage, caching, and access controls;
  • upstream fuel and station-data providers used to return forecourt information through Carity;
  • DVLA-connected services where you request vehicle lookup features;
  • professional advisers, auditors, insurers, or legal authorities where reasonably necessary; and
  • service providers who help us host, secure, maintain, or support the service.

We do not publish your private garage, entitlement, alert, or APNS-token data publicly.

6. How Carity Relates to the App Backend and Operator Tooling

Carity uses a backend and related internal operator tooling to support the app.

  • Our backend handles trusted app traffic.
  • Some app state — such as entitlement visibility, notification status, favourites, alerts, or device-support details — may be visible to authorised operators for support, troubleshooting, or operational reasons.

Operator tooling is not a public user account area.

7. Data Retention

We keep information for as long as reasonably necessary for the purposes described in this Privacy Policy, including security, support, legal, and operational needs.

In practice:

  • short-lived challenge and cache material may be retained only briefly;
  • device, alert, favourite, garage, entitlement, and delivery records may be retained while the feature remains active or while needed for support, fraud prevention, and service integrity;
  • audit, security, and operational logs may be retained for investigation, accountability, and system protection;
  • some records may persist for a reasonable period after app removal or inactivity unless and until deleted under our retention practices or a valid deletion request.

8. International Transfers

Our providers may process data in the United Kingdom, European Economic Area, United States, or other jurisdictions where they operate. Where required, we use reasonable measures intended to protect transferred data.

9. Your Rights

Depending on your location, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent for certain processing.

Because Carity is device-based and may not use a traditional named account, we may need enough information to identify your device or request safely before acting on it.

See our data-rights page: carity.co.uk/legal/support-and-data-rights

10. Security

We use technical and organisational measures intended to protect the service, including device-trust controls, authenticated API access, internal access restrictions, rate limiting, and operational audit trails.

No system can be guaranteed to be 100% secure, and you should also keep your device and Apple account secure.

11. Children's Privacy

Carity is not directed to children under 13, and we do not knowingly design the service for unsupervised use by children. If you believe a child has provided personal data to us inappropriately, contact us so we can review the issue.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version at this page and update the effective date above.

13. Contact

For privacy questions or requests, contact:

If you are in the UK or EEA and remain unhappy with our response, you may also have the right to complain to your local data-protection authority.