Account deletion

How to request deletion of your Rifuel account and the data associated with it, pursuant to Article 17 of Regulation (EU) 2016/679 («GDPR») and the Google Play and Apple App Store policies.

Last updated · May 7, 2026

This page describes how a Rifuel User may request deletion of their account and of the personal data associated with it. Deletion is available directly from within the app and, alternatively, by written request to the data controller.

1. Overview

Rifuel allows the User to delete their account and the related personal data at any time, in compliance with Article 17 GDPR («right to erasure») and the policies of the distribution stores (Google Play Data safety, Apple App Store Review Guideline 5.1.1(v)). The procedure is free of charge.

2. Requirements

  • have the Rifuel app installed on an iOS or Android device;
  • be signed in with the account you intend to delete;
  • have an active internet connection during the request.

If the User can no longer access the app (lost credentials, lost device, uninstalled app), deletion may be requested by email as described in §4.

3. In-app deletion procedure

The standard deletion procedure is performed directly from the app, through the following steps:

  1. open the Rifuel app on your device;
  2. sign in with the account you wish to delete;
  3. tap the Profile icon in the bottom navigation bar;
  4. scroll to the Account section;
  5. tap Delete account;
  6. carefully read the warning shown in the confirmation dialog and tap Delete account again to proceed permanently.

Once the procedure is complete, the User will be signed out automatically. Deletion is irreversible: the account, vehicles, recorded refuels, and any other associated information cannot be recovered.

4. Request by email (alternative procedure)

If you are unable to access the app, you may request deletion by sending an email to personal@enzocorsiero.com from the address associated with the account, using the subject line «Rifuel account deletion request». The data controller will respond without undue delay and, in any event, within one (1) month of receipt, pursuant to Article 12(3) GDPR.

For security reasons, the data controller may require identity verification before performing the deletion if there are reasonable doubts as to the identity of the requester (Article 12(6) GDPR).

5. Data deleted

On completion of the procedure, the following personal data is permanently deleted from the controller's systems:

  • Account and credentials: email address, unique account identifier (UUID), password hash (if any), session and refresh tokens;
  • Vehicles registered by the User (name, fuel type, tank size, consumption, mileage);
  • Refuels and expenses associated with vehicles (amount, litres, price, station, date, notes);
  • Saved stations and saved trips;
  • Price alerts and the related notifications;
  • Notification preferences and FCM tokens linked to the device;
  • New station submissions and change requests submitted by the User and not yet moderated.

6. Data retained and legal bases

For specific technical, regulatory or public-interest reasons, certain information may persist after deletion, as follows:

  • Already-approved station submissions: content integrated into the public fuel-station database (name, address, brand, coordinates, historical prices, opening hours) remains available indefinitely in a form dissociatedfrom the submitter's identity (Article 17(3)(d) GDPR). Such content can no longer be traced back to the User.
  • Technical and security logs of the hosting providers (Vercel, Supabase), containing IP address and request metadata: retained for security purposes for a maximum of thirty (30) days (Article 6(1)(f) GDPR — legitimate interest).
  • Anonymous and aggregated data: usage statistics not attributable to an identified or identifiable person, retained without time limit for the purpose of improving the Service.
  • Data processed for legal obligations or legal defence: retained for the period required by the applicable law, or until the related decision becomes final (Article 17(3)(b) and (e) GDPR).

7. Execution timing and backups

Deletion of account data and of the personal data listed in §5 is immediate on production systems: it occurs synchronously upon confirmation in the app dialog or, in the case of an email request, within one (1) month.

Automated backup copies maintained by the hosting providers (Supabase, Vercel) may residually contain the deleted data for a maximum of thirty (30) daysfor disaster recovery purposes. After that period, backups are rotated and overwritten in accordance with the providers' standard contracts. While in backups, the data is not accessible to the controller for any purpose other than emergency restore.

8. Effects of deletion

Following deletion:

  • the User will no longer be able to sign in with the deleted credentials;
  • the deleted data cannot be restored, except as set out in §7 and within its limits;
  • any active Premium subscriptions are not automatically refunded: renewals and refunds remain subject to the policies of the store where the purchase was made (Apple App Store or Google Play Store);
  • the User may always create a new account in the future, it being understood that the new account will have no link to the deleted one.

9. Contact

For assistance with the deletion procedure or to exercise other rights under Articles 15-22 GDPR, the User may contact the data controller at: personal@enzocorsiero.com. For full details of purposes, legal bases and retention periods, please refer to the Privacy Policy.