Privacy Policy
Last updated: May 11, 2026
This policy explains what data Vetrol collects, why we collect it, and how we protect it. We take your privacy seriously.
1. Who we are
Vetrol ("Vetrol", "we", "our", "us") is a fuel management technology company. We operate the Vetrol platform β a fuel authorization, settlement, and reporting system for businesses that manage vehicle fleets.
We are incorporated and operate in different countries. Our platform is subject to the applicable country's Data Protection Act.
For any privacy-related matters, you can reach our data protection contact at: [email protected]
2. Data we collect
We collect data in three categories depending on your relationship with Vetrol:
2.1 Business account data
When an organization signs up for Vetrol, we collect: company name, registration number, industry, billing address, administrator contact details, and payment information (processed by our payment processors β Vetrol does not store card numbers).
2.2 Fleet & operational data
When you use Vetrol to manage your fleet, we collect: vehicle registration numbers, smart tag identifiers, fueling transaction records (timestamp, volume, station, vehicle, value), approval/rejection events, and fleet rules configured by your administrators.
2.3 Website visitor data
When you visit vetrol.io, we collect: IP address, browser information, pages visited, time on page, referral source, and any information voluntarily submitted through our contact form.
3. How we use your data
- Service delivery: Processing fuel authorization requests, maintaining transaction records, and generating reports and invoices.
- Account management: Creating and managing your organization's account, authenticating users, and communicating service updates.
- Fraud prevention: Detecting anomalous transaction patterns, investigating potential abuse, and protecting platform integrity.
- Customer support: Responding to inquiries, troubleshooting issues, and improving service quality.
- Product improvement: Analyzing aggregated, anonymized usage patterns to improve platform features.
- Legal compliance: Meeting our obligations under applicable laws and responding to lawful regulatory requests.
4. Legal basis for processing
- Contract performance: Processing is necessary to provide the Vetrol service under your agreement with us.
- Legitimate interests: We process certain data to improve our platform and prevent fraud, where these interests are not overridden by your privacy rights.
- Legal obligation: Where we are required by law to process or retain certain data.
- Consent: For marketing communications and non-essential cookies, where you have provided explicit consent.
5. Data sharing
We do not sell your data. We share data only in the following limited circumstances:
- Fuel station partners: Transaction data is shared with the relevant station to confirm and settle fueling events. Stations only receive data relating to transactions at their location.
- Service providers: We use third-party services for cloud infrastructure, payment processing, email, and analytics. These providers are contractually bound to handle data only as directed by Vetrol.
- Legal requirements: We may disclose data when required by court order, regulation, or lawful governmental request.
- Business transfers: In the event of a merger or acquisition, your data may be transferred to the successor entity, with prior notice provided.
6. Data retention
We retain data for as long as necessary to fulfil the purposes described in this policy, or as required by law:
- Transaction records are retained for a minimum of 7 years to comply with financial record-keeping requirements.
- Account data is retained for the duration of your contract and 2 years thereafter.
- Website visitor data is retained for up to 12 months in anonymized form.
Upon account termination, we will delete or anonymize personal data within 90 days, except where legally required.
7. Security
Protecting your data is central to how we build Vetrol. Our measures include:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Access controls with role-based permissions and multi-factor authentication
- Regular security assessments and penetration testing
- Cryptographically secured smart tag authentication that prevents cloning
- Comprehensive audit logging of all data access and administrative actions
In the event of a data breach, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.
8. Your rights
Depending on your jurisdiction, you may have the following rights:
Right to access
Request a copy of the personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete data.
Right to erasure
Request deletion of your data, subject to legal requirements.
Right to portability
Receive your data in a structured, machine-readable format.
Right to restrict processing
Request that we limit how we use your data in certain circumstances.
Right to object
Object to processing based on legitimate interests, including direct marketing.
To exercise any of these rights, contact [email protected]. We will respond within 30 days.
10. International data transfers
Vetrol operates across multiple countries. Your data may be processed in different jurisdictions. Where data is transferred internationally, we ensure appropriate safeguards including Standard Contractual Clauses and transfers only to countries with adequate data protection laws.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. Continued use of Vetrol after changes are posted constitutes acceptance of the updated policy.
12. Contact us
For any questions, concerns, or data requests relating to this Privacy Policy: