Follow Us

My Wishlist
My Cart
Hotline: 03 300 500 700
  • Home
  • GT App - Privacy Policy
Privacy Policy — GT Rewards
GT
GT Rewards

Privacy Policy

How GT Rewards collects, uses, and protects your data

General Traffic Ltd Effective: 1 June 2025

1 Introduction

General Traffic Ltd ("we", "us", "our") operates the GT Rewards mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App.

By downloading, installing, or using GT Rewards, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2 Information We Collect

2.1 Information you provide directly

  • Account registration: Your name, email address, and account number (assigned by General Traffic) when you create a GT Rewards account.
  • Authentication credentials: Password (stored in hashed form on our servers; never stored in plaintext).
  • Support requests: Information you provide when contacting us through the in-app support ticket system, including message content and attachments.
  • Notification preferences: Your choices regarding push notification and email notification delivery.

2.2 Information collected automatically

  • Device information: Device type (iOS or Android), operating system version, and whether the device is a physical device or emulator.
  • App version: The version and build number of the GT Rewards app you are using.
  • Usage analytics: Screen views, feature interactions (e.g., viewing items, adding to cart, redeeming points), and general app engagement events. These events are tracked in aggregate and do not contain personally identifiable information.
  • Crash and error data: Stack traces, error messages, and app state at the time of a crash or unhandled exception. All personally identifiable information (emails, phone numbers, tokens) is automatically redacted before transmission.
  • Push notification tokens: A device-specific token used to deliver push notifications. This token is not tied to your personal identity and changes if you reinstall the app.

2.3 Biometric data

If you enable biometric login (Face ID, Touch ID, or fingerprint), your biometric data is processed entirely on your device by the operating system. We never receive, store, or transmit biometric data. Only an encrypted reference to your login credentials is stored locally in your device's secure enclave (iOS Keychain / Android Keystore).

2.4 Information we do NOT collect

  • We do not access your device location, contacts, camera, microphone, photos, or files.
  • We do not collect payment card numbers or bank account details through the App.
  • We do not use advertising identifiers (IDFA/GAID) or participate in ad networks.

3 How We Use Your Information

Purpose Data Used
Account management and authentication Name, email, account number, password
Points tracking, redemption, and transaction history Account number, transaction data
Sending push notifications (order updates, offers, security alerts) Push token, notification preferences
App performance monitoring and crash diagnostics Device info, app version, sanitised crash data
Usage analytics to improve the app experience Anonymised screen views and interaction events
Customer support Name, email, account number, support ticket content
Biometric quick login Encrypted credential reference (device-local only)

4 Third-Party Services

GT Rewards integrates with the following third-party services to operate. Each service receives only the minimum data required for its function:

Service Provider Purpose Data Shared
Firebase Analytics Google LLC Usage analytics and screen tracking Internal account ID (not email), anonymised events
Firebase Cloud Messaging (FCM) Google LLC Push notification delivery Device push token
Sentry Functional Software, Inc. Crash reporting and error monitoring Internal account ID, sanitised stack traces, device/app version
Expo Push Notification Service 650 Industries, Inc. Push notification token management and delivery Device push token, platform type
Expo Application Services (EAS) 650 Industries, Inc. Over-the-air app updates App version, runtime version

PII protection: Before any data is sent to Firebase Analytics or Sentry, our app automatically strips email addresses, phone numbers, authentication tokens, and numeric sequences longer than 8 digits. Only your internal account ID (not your email or name) is used for user identification.

Each third-party service is governed by its own privacy policy:

5 Data Storage and Security

5.1 Server-side storage

Your account data (name, email, account number, hashed password, points balance, and transaction history) is stored on our secure servers. All communication between the App and our servers is encrypted using HTTPS (TLS 1.2+).

5.2 On-device storage

  • Secure storage (encrypted): Authentication tokens, biometric credentials, and session data are stored in the device's platform-level secure enclave (iOS Keychain / Android Keystore) using Expo SecureStore.
  • App-local storage (unencrypted, app-sandboxed): Notification preferences and non-sensitive cache data are stored using AsyncStorage, which is accessible only to the GT Rewards app.

5.3 Security measures

  • All API requests require Bearer token authentication (except public endpoints like this privacy policy).
  • Tokens are automatically refreshed and old tokens are invalidated on each rotation.
  • Push notification device tokens are unregistered on logout to prevent stale notifications.
  • All local credentials and tokens are wiped on logout and account deletion.

6 Data Retention

  • Account data: Retained for as long as your account is active. After account deletion, your account is deactivated and personal data is scheduled for permanent erasure within 30 days.
  • Transaction history: Retained for the duration of your account and for up to 7 years after account closure for regulatory and audit purposes.
  • Analytics data: Firebase Analytics data is retained according to Google's default retention settings (14 months). Event data is anonymised and cannot be traced back to individual users.
  • Crash reports: Sentry crash data is retained for 90 days, after which it is automatically purged. Sample rate is set to 20% of transactions.
  • On-device data: All locally stored data (tokens, preferences, caches) is deleted immediately upon logout or account deletion.

7 Push Notifications

GT Rewards uses push notifications to inform you about order updates, points activity, promotions, and security alerts. Notifications are delivered via:

  • Apple Push Notification service (APNs) on iOS devices
  • Firebase Cloud Messaging (FCM) on Android devices
  • Expo Push Notification Service for token management and delivery routing

You can manage your notification preferences at any time within the App under Account > Notification Preferences. You may also disable push notifications entirely through your device's system settings. If you disable notifications, you may miss time-sensitive information about your orders and points.

8 Your Rights

You have the right to:

  • Access your data: View the personal information we hold about you through the App (Account section) or by contacting us.
  • Correct your data: Update your name directly within the App under Account > Profile. For email changes, contact our support team.
  • Delete your account: Permanently delete your account and associated data from within the App under Account > Delete Account. Account deletion deactivates your account immediately and schedules permanent data erasure.
  • Withdraw consent: Disable analytics tracking, push notifications, or biometric login at any time through the App's settings or your device settings.
  • Data portability: Request an export of your personal data by contacting us at the address below.
  • Lodge a complaint: You may contact the UK Information Commissioner's Office (ICO) if you have concerns about how your data is handled.

9 Account Deletion

You can delete your GT Rewards account at any time directly from the App:

  1. Open the App and navigate to the Account tab.
  2. Scroll down to Delete Account.
  3. Confirm the deletion when prompted.

When you delete your account:

  • Your account is immediately deactivated on our servers.
  • Your push notification device registration is removed so you stop receiving notifications.
  • All locally stored data (authentication tokens, cached preferences, biometric credentials) is permanently erased from your device.
  • Your analytics user ID is cleared from Firebase Analytics and Sentry.
  • Your personal data is scheduled for permanent deletion from our servers within 30 days.

Note: Account deletion is irreversible. Any unredeemed points will be forfeited. Transaction records may be retained for up to 7 years for regulatory compliance.

10 Children's Privacy

GT Rewards is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Effective Date" at the top of this page.
  • We will notify you via push notification or in-app notice if the changes are significant.
  • The updated policy will be available both within the App and at this URL.

Your continued use of the App after any changes constitutes your acceptance of the updated policy.

12 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company Information
General Traffic Ltd, Rutland Mill, Adelaide Street, Bolton, BL3 3NY
appsupport@generaltraffic.co.uk
03 300 500 700
© 2025 General Traffic Ltd. All rights reserved.