Privacy Policy
Last Updated: 16 May 2026
This Privacy Policy explains how PROJECT EVA LTD (company number to be confirmed in your records) ("EVA", "Energy Vehicle Alliance", "we", "us" or "our") collects, uses, stores, shares and protects personal information when you use:
- the EVA mobile application (iOS and, where available, other platforms);
- our website at https://energyvehiclealliance.com and related pages;
- in-app support, email support and other customer-service channels; and
- any other products or services that link to this Privacy Policy,
together, the "Service".
Please read this Privacy Policy carefully. By creating an account, registering as a host or driver, or otherwise using the Service, you acknowledge that you have read this Privacy Policy. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
This Privacy Policy should be read together with our Terms and Conditions.
1. Who We Are (Data Controller)
For the purposes of UK GDPR and applicable data-protection law, the data controller is:
PROJECT EVA LTD
Email (privacy & general): contact@energyvehiclealliance.com
Support email: support@energyvehiclealliance.com
Website: https://energyvehiclealliance.com
If you have questions about this Privacy Policy or how we handle your personal information, contact us using the details above.
2. Scope and Roles
EVA operates a peer-to-peer marketplace that connects:
- Drivers — individuals who search for, book and pay to use EV charging facilities listed on the platform; and
- Hosts — individuals (or, where applicable, businesses) who list chargers, set availability and pricing, and provide access to charging at their premises.
Depending on how you use the Service, we process your information as a platform operator. When you book or host through EVA, certain information is also shared between drivers and hosts so that bookings can be completed. Hosts and drivers may act as independent controllers of information they receive about each other for the purpose of fulfilling a booking (for example, a host processing your name and vehicle registration to grant access).
This Privacy Policy describes EVA's processing only. It does not govern how other users handle information they receive from you outside EVA's control.
3. Information We Collect
We collect personal information in the ways described below. "Personal information" means information that identifies you or can reasonably be linked to you.
3.1 Information you provide directly
| Category | Examples | Typical use |
|---|---|---|
| Account & identity | Name, email address, phone number (if provided), password or authentication credentials, profile photo, user role (driver, host, or both), date of registration | Account creation, login, profile display, security |
| Driver profile & garage | Vehicle make, model, year, battery or range details (if provided), licence plate / registration number, default vehicle selection | Booking context, compatibility guidance, host identification at arrival |
| Host profile & listings | Charger name, address and coordinates, photos, plug/connector types, charging speed, pricing (e.g. per hour), minimum session cost, availability calendar, access mode (instant book / manual approval), tethered cable flag, structured setup fields, custom and generated arrival instructions | Discovery, booking, payouts, safety |
| Bookings & charging | Selected dates/times, booking status, payment status, session start/end, check-in data, pricing breakdown, cancellation records, refund requests | Fulfilment, support, disputes, accounting |
| Payments & payouts | Billing contact details; Stripe customer or Connect account identifiers; payout bank details (held by Stripe, not full card numbers by EVA) | Payments to EVA, payouts to hosts, refunds, fraud prevention |
| Communications | In-app messages between drivers and hosts, support tickets, feedback, complaints, dispute descriptions | Customer support, dispute handling |
| Reviews & ratings | Star ratings, written reviews, review targets (driver or host) | Trust, quality, platform integrity |
| Marketplace (if enabled) | Listing titles, descriptions, photos, prices, messages relating to marketplace items | Marketplace feature operation |
| Legal & compliance | Copies of correspondence, identity or verification information if we request it for fraud, safety or regulatory reasons | Compliance, enforcement |
We do not intentionally collect special category data (such as health data). Please do not submit sensitive personal information in free-text fields, assistant chat, or messages unless necessary.
3.2 Information collected automatically
| Category | Examples | Typical use |
|---|---|---|
| Location | GPS/coarse location (with your permission), map centre points, search areas, navigation origin/destination, distance to chargers | Map, search, filters, navigation, booking context |
| Device & app | Device model, OS version, app version, language, time zone, unique device identifiers where available, crash logs, performance diagnostics | Reliability, debugging, security |
| Usage & analytics | Screens viewed, buttons tapped, search/filter parameters, booking funnel steps, feature flags, session duration | Product improvement, fraud detection |
| Notifications | Push notification tokens (e.g. Apple APNS), notification delivery status | Booking alerts, messages, reminders |
| Security & logs | IP address, login timestamps, failed login attempts, API request metadata, abuse signals | Authentication, fraud prevention, incident response |
3.3 Information from third parties
We may receive information from:
- Payment providers (e.g. Stripe) — payment success/failure, dispute/chargeback data, Connect onboarding status, payout events;
- Authentication & database providers (e.g. Supabase) — account identifiers, session tokens;
- Map & navigation providers (e.g. Mapbox, and where enabled ChargeTrip or similar routing APIs) — map tiles, geocoding, routes, public charging station metadata;
- Sign-in providers (e.g. Apple Sign In, Google Sign In if enabled) — name, email, provider user ID as permitted by you;
- Cloud infrastructure (e.g. hosting, CDN, edge workers) — technical logs;
- AI / assistant infrastructure (e.g. LLM providers or proxies such as Groq, Cloudflare Workers) — prompts and responses when you use the in-app assistant;
- Other users — reviews, messages, booking-related information they provide about you.
4. How We Use Personal Information
We use personal information for the following purposes:
- Providing the Service — registering accounts; displaying chargers; processing bookings; enabling payments and host payouts; messaging; notifications; navigation; active charging flows; marketplace (if enabled).
- Safety & integrity — verifying identities where appropriate; detecting fraud, abuse, off-platform payment circumvention, fake listings, and policy violations; enforcing our Terms.
- Support & disputes — responding to enquiries; investigating complaints; facilitating refunds or adjustments where we choose to assist.
- Improvement & analytics — understanding how features are used; fixing bugs; developing new functionality; A/B testing where permitted.
- Legal & compliance — tax, accounting, anti-money-laundering where applicable, responding to lawful requests, establishing or defending legal claims.
- Communications — service emails (booking confirmations, password reset), push notifications, and—with consent where required—marketing about EVA.
We do not sell your personal information to third parties for their independent marketing.
5. Legal Bases for Processing (UK / EEA Users)
Where UK GDPR or similar laws apply, we rely on one or more of the following legal bases:
| Purpose | Legal basis |
|---|---|
| Account, bookings, payments, core app features | Contract — necessary to perform our agreement with you |
| Fraud prevention, security, service improvement, analytics (proportionate) | Legitimate interests — balanced against your rights |
| Optional marketing, non-essential cookies (website), certain permissions | Consent — you may withdraw at any time |
| Tax, accounting, regulatory requests, legal claims | Legal obligation or legitimate interests |
| Vital interests (rare, e.g. emergency) | Vital interests |
You may object to processing based on legitimate interests where applicable. Contact us to exercise your rights (Section 12).
6. How We Share Personal Information
6.1 Between drivers and hosts
When you make or accept a booking, we share information reasonably necessary to complete the session, such as:
- names and profile photos (if shown);
- booking date, time, duration and status;
- charger location, access instructions and photos;
- driver vehicle and registration plate (where collected);
- messages sent through the in-app inbox;
- reviews after completion.
Hosts should only use driver information for booking fulfilment and related communication. Drivers should only use host information for the same purposes.
6.2 Service providers (processors)
We use trusted third parties who process personal information on our instructions, including:
| Provider type | Examples of role |
|---|---|
| Payments & payouts | Stripe — card payments, Stripe Connect host payouts, refunds, disputes |
| Database & auth | Supabase — user accounts, data storage, authentication |
| Maps & navigation | Mapbox — maps, geocoding, turn-by-turn navigation |
| Routing / public charger data | ChargeTrip or similar (where enabled) — route planning, public station supplements |
| Push notifications | Apple (APNS) and platform notification services |
| Hosting & security | Cloudflare and similar — edge functions, proxies, DDoS protection |
| AI assistant | Groq or other LLM providers / Cloudflare Workers — processing assistant prompts when you use EVA chat |
| Email delivery providers for transactional and support email | |
| Analytics / crash reporting | Tools that help us diagnose crashes and performance (as configured) |
These providers are contractually required to protect information and use it only for specified purposes. Their own privacy policies also apply.
6.3 Other disclosures
We may disclose information:
- to professional advisers (lawyers, accountants, insurers) under confidentiality;
- to law enforcement, regulators or courts when required by law or to protect rights and safety;
- in connection with a merger, acquisition, financing or sale of assets (with appropriate safeguards);
- with your direction or consent.
7. Location Data
Location is important to EVA. With your permission we may collect precise location to:
- show nearby chargers and distances;
- centre the map on your position;
- support navigation to a booked charger;
- improve search and filter results;
- provide context to the EVA assistant (e.g. "chargers near me").
You can disable location in your device settings; some features may not work without it. We do not continuously track your location in the background unless a feature you enable explicitly requires it and you grant permission.
8. Payments
- Drivers: Payment card details are entered and processed by Stripe. EVA does not store full card numbers on its servers.
- Hosts: Payout bank details are collected and verified through Stripe Connect. Standard payouts are scheduled automatically (currently on a recurring basis with a short delay after funds become available—see in-app host help). Instant payouts may be available for a separate fee shown in Stripe.
- Stripe may process information for fraud prevention, identity verification, tax reporting and regulatory compliance under its own terms: https://stripe.com/gb/privacy.
9. AI Assistant, Navigation and Automated Features
9.1 EVA Assistant
If you use the in-app EVA assistant, we may process:
- your messages and conversation history (within retention limits);
- contextual data such as focused charger ID, map location, booking window summaries, and navigation state where relevant;
- tool outputs (e.g. nearby chargers, booking validation) to generate replies.
Do not share passwords, full payment card numbers, or unnecessary sensitive data in assistant chat. Assistant responses may be inaccurate; always verify booking, pricing and safety information in the app before acting.
Processing may involve third-party AI infrastructure. Prompts may be logged for abuse prevention, quality improvement and support.
9.2 Navigation and routing
Navigation features may send origin, destination and route requests to map/routing providers. Route suggestions are for convenience only; follow road laws and your own judgement.
9.3 Automated decisions
We do not make solely automated decisions with legal or similarly significant effects without human involvement. Fraud and safety systems may flag accounts for human review.
10. Marketing and Communications
- Transactional: We may send booking confirmations, reminders, security alerts and service announcements without separate marketing consent where permitted by law.
- Push notifications: You can manage these in device settings and in-app preferences where available.
- Marketing: We will only send promotional emails or messages where we have a lawful basis (e.g. consent or soft opt-in where applicable). You can opt out via unsubscribe links or by contacting us.
11. Cookies and Similar Technologies (Website)
Our website may use cookies and similar technologies for functionality, security and analytics. When required, we will request consent via a cookie banner or settings. You can control cookies through your browser. This Privacy Policy applies to website use alongside any cookie notice we publish.
12. Your Rights and Choices
Depending on your location, you may have rights including:
| Right | Summary |
|---|---|
| Access | Request a copy of personal information we hold about you |
| Rectification | Ask us to correct inaccurate information |
| Erasure | Ask us to delete information in certain circumstances |
| Restriction | Ask us to limit processing in certain circumstances |
| Portability | Receive certain data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw consent | Where processing is based on consent |
| Complaint | Lodge a complaint with a supervisory authority |
Account deletion: You may request deletion via Settings → Delete Account in the app (subject to completing or cancelling active bookings). Deletion may not remove all records immediately where retention is required by law or for disputes.
To exercise rights: email contact@energyvehiclealliance.com with your request. We may need to verify your identity. We will respond within applicable time limits (typically one month under UK GDPR).
13. Data Retention
We retain personal information only as long as necessary for the purposes described in this policy, including:
| Data type | Typical retention |
|---|---|
| Account profile | While account is active, then deleted or anonymised after deletion request (subject to legal holds) |
| Bookings & payments | Duration required for fulfilment, tax, accounting and dispute periods (often several years for financial records) |
| Messages | While account active and for a reasonable period thereafter for disputes |
| Reviews | May remain visible after account deletion in anonymised or pseudonymised form where permitted |
| Security logs | As needed for security investigations (often limited months) |
| Assistant logs | Short to medium term unless needed for abuse investigation |
When information is no longer required, we delete or anonymise it where practicable.
14. International Transfers
Our service providers may process information in the United Kingdom, European Economic Area, United States and other countries. Where transfers occur outside the UK/EEA without an adequacy decision, we implement appropriate safeguards (such as UK International Data Transfer Agreement, EU Standard Contractual Clauses, or provider certifications) as required by law.
15. Security
We implement technical and organisational measures including:
- encryption in transit (HTTPS/TLS);
- authentication and access controls;
- row-level security and database policies where applicable;
- monitoring for suspicious activity;
- limited staff access on a need-to-know basis.
No system is completely secure. Please use a strong password and keep your device secure. Report suspected unauthorised access to contact@energyvehiclealliance.com promptly.
16. Children
The Service is not intended for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will take appropriate steps to delete it.
17. Beta and Development Features
From time to time we may offer beta, pilot or experimental features. These may be less stable and may process data in ways described in this policy or in supplementary in-app notices. Feedback you provide may be used to improve the Service.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top indicates the latest revision. Material changes will be notified through the app, by email or by posting on our website. Continued use after changes take effect constitutes acknowledgment where permitted by law.
19. Contact Us
PROJECT EVA LTD
Privacy & data requests: contact@energyvehiclealliance.com
Support: support@energyvehiclealliance.com
Website: https://energyvehiclealliance.com
This Privacy Policy applies to all users of the EVA Service. It is a legal document; nothing here constitutes legal advice to you. If you need advice on your own obligations (e.g. as a host), consult a qualified professional.