Privacy policy
Last updated: 15 June 2026
Part 1 - Privacy Policy
1. Who we are (Data Controller)
Parkberry is operated by:
Davidovski GmbH Wehntalerstrasse 283A, 8046 Zurich, Switzerland Commercial register no.: CHE-483.604.189 Email: [email protected]
Davidovski GmbH is the data controller for personal data processed through the Parkberry app and website, except where we act as a processor on behalf of hosts (see §10) or where a payment provider acts as its own controller (see §7).
Data protection contact: [email protected]
We are established in Switzerland and process personal data primarily here. We are not currently established in the EU/EEA and have not appointed a representative under Art. 27 GDPR; if and when our activities require one, we will appoint a representative and update this policy. EU/EEA residents can reach us at [email protected].
2. Scope and applicable law
Parkberry is offered in Switzerland and plans to expand internationally. We process personal data in accordance with:
- the Swiss Federal Act on Data Protection (revFADP / nDSG), and
- the EU General Data Protection Regulation (GDPR) where it applies (e.g. when we offer services to people in the EU/EEA).
Where the two frameworks differ, we apply the standard that gives you stronger protection.
3. The data we process and why
We collect only what we need to run a parking and EV-charging marketplace. The table below summarises the main categories.
| # | Data category | Examples | Why we process it (purpose) | Legal basis (GDPR / FADP) |
|---|---|---|---|---|
| 1 | Account & identity | Name, email, phone, password hash, language, role (driver/host) | Create and secure your account; communicate with you | Contract (Art. 6(1)(b) GDPR); legitimate interest in account security |
| 2 | Vehicle profile | Vehicle height/length, EV connector type, licence plate (for ANPR gate access) | Vehicle-fit gate; automatic gate access via plate reading | Contract; consent for ANPR where required |
| 3 | Precise location | GPS position while the app is in use; live location during SOS or arrival handshake | Map-first search of nearby spaces; navigate you to the spot; share your live position during an arrival meet-up or SOS | Contract; consent for live-location sharing; vital interests for SOS (Art. 6(1)(d)) |
| 4 | Booking & access | Spaces booked, times, price, access method (ANPR / printed permit / host meet), live pass + QR, Honored-Spot events | Fulfil bookings; grant access; operate the guarantee | Contract |
| 5 | Payments | Amount, currency, TWINT/card token reference, wallet balance & top-ups, payout details (hosts) | Take payment, issue refunds, pay hosts, prevent fraud | Contract; legal obligation (accounting); legitimate interest (fraud prevention) |
| 6 | Invoices & tax | PDF receipts, Swiss VAT invoices, host turnover | Issue receipts/invoices; meet bookkeeping and VAT duties | Legal obligation (Art. 6(1)(c)) |
| 7 | Identity / KYC | Host verification documents and, where required, ID checks | Verify hosts, meet anti-fraud and (where applicable) financial-compliance duties | Legal obligation; legitimate interest in a trustworthy marketplace |
| 8 | Photos | Host photos of the space; driver-contributed photos | Display listings; document the condition of a space | Contract; legitimate interest |
| 9 | Messages & content | In-app chat between drivers and hosts; reviews, star ratings, tips notes | Enable coordination; two-sided reviews; tipping | Contract; legitimate interest |
| 10 | Translations | Listing and chat text submitted for automatic translation (DE/FR/IT/EN, and additional languages as we expand) | Translate listings and chat across languages | Contract; legitimate interest |
| 11 | Loyalty | Volt Rewards points, tier (Sprout/Volt/Surge/Nova), redemptions | Run the loyalty programme | Contract |
| 12 | Device & technical | Device model, OS, app version, IP address, crash logs, push token | Deliver and secure the app; diagnostics; send notifications | Legitimate interest; consent for notifications where required |
| 13 | Support | Messages to [email protected], SOS events | Help you and keep the community safe | Legitimate interest; vital interests for safety events |
We do not sell your personal data, and we do not use it for third-party advertising.
Special note on sensitive data
We do not seek to collect special-category data (Art. 9 GDPR / Art. 5(c) FADP). Please do not include health, religious, political, or similar information in chat, reviews, or photos. KYC documents may reveal data such as nationality; we process these only as strictly necessary for verification and compliance.
Children
Parkberry is not directed at children. You must be at least 18 (see Terms §2). We do not knowingly process data of minors.
4. Device permissions - what we ask for and why
We request only the permissions our features actually use. You can change these at any time in your device settings; some features may then stop working.
- Location - to find nearby parking and charging spaces, guide you to a booked spot, and (with your consent) share your live location during the arrival handshake or an SOS event. We do not track your location in the background for advertising.
- Camera & Photo Library - so hosts can photograph their space and drivers can contribute photos of a space. We access only the images you choose to upload.
- Notifications - to tell you when a booking is confirmed, when arrival is due, when a payment succeeds, and when the Honored-Spot Guarantee is triggered.
5. Automatic gate access and licence-plate reading (ANPR)
Some spaces grant access by Automatic Number-Plate Recognition (ANPR). Where you choose ANPR access, your licence plate is matched at the gate against your booking to let you in. We process your plate only for the duration and purpose of valid bookings, and we delete or anonymise plate-match logs on the retention schedule in §8. Where a space does not support ANPR, you can use an offline printed permit or a host manual-meet handshake instead.
6. The closed-loop Wallet
Parkberry offers an in-app Wallet holding closed-loop credits that can be spent only inside Parkberry on Parkberry services (parking, charging, tips, and similar). Wallet credits are not legal tender, not a bank deposit, not transferable to third parties, and not redeemable for cash except where mandatory law requires.
To stay within the Swiss unlicensed-payment-means framework, each user's Wallet balance is capped at CHF 3,000. This cap is a regulatory control; we may decline top-ups that would exceed it. Top-up bonuses, when offered, are promotional credit subject to the Terms. We process Wallet data to operate balances, top-ups, bonuses, and spend, and we retain transaction records as required by accounting law (§8).
7. Payments - Stripe and TWINT
Card and TWINT payments are processed by our payment providers, Stripe and TWINT. No raw card data ever touches your device or our servers - it is handled directly by the provider in a PCI-DSS-compliant environment. We receive only a token/reference, the result, and the minimum metadata needed to fulfil and account for your booking.
- Stripe: Stripe Payments Europe, Ltd. / Stripe, Inc. acts as an independent controller for the payment data it processes. See Stripe's privacy policy at https://stripe.com/privacy.
- TWINT: TWINT AG processes TWINT transactions under [its own privacy terms - link].
8. How long we keep data (retention)
We keep personal data only as long as needed for the purpose, then delete or anonymise it.
| Data | Typical retention |
|---|---|
| Account data | While your account is active; deleted or anonymised within 90 days of account closure, subject to legal holds |
| Booking & access records | Duration of booking + 24 months for disputes/guarantee/safety |
| ANPR plate-match logs | Deleted or anonymised within 30 days of the booking unless needed for a dispute |
| Invoices, receipts, accounting & tax records | 10 years (Swiss Code of Obligations art. 958f / VAT law) |
| KYC / verification records | 10 years after the end of the business relationship (anti-money-laundering / financial-compliance law) |
| Chat, reviews, photos | While relevant to the marketplace; reviews may remain visible after account closure in anonymised form |
| Wallet transactions | 10 years (accounting), balance settled on closure |
| Crash logs & technical diagnostics | 90 days |
| Support / SOS records | 24 months (longer where a safety or legal matter is open) |
9. Who we share data with (processors & recipients)
We share personal data only with parties that need it to provide the service, under appropriate contracts. Categories:
- Payment providers - Stripe, TWINT (see §7).
- Cloud hosting & infrastructure - [hosting provider, e.g. AWS / GCP / Exoscale, region], where our NestJS + PostGIS backend runs.
- Communications - [email/SMS/push provider] for transactional messages.
- Translation - [machine-translation provider] for automatic listing/chat translation. We send only the text to be translated.
- AI listing assistant - [AI provider] to generate draft listing descriptions for hosts from host-supplied details. We do not use your private chats to train third-party models.
- Maps - [map/geocoding provider] for the map-first experience.
- Error & analytics - [crash/analytics provider], configured to minimise personal data.
- Other users - hosts and drivers see the limited profile, booking, chat, review, and (for hosts) plate/booking data needed to complete a booking.
- Authorities - where we are legally required, or to protect rights, safety, or prevent fraud.
- Corporate transactions - a successor entity in the event of a merger or sale, under equivalent protection.
A current list of processors is available on request at [email protected].
10. Hosts as controllers
When a host uses Parkberry to manage their own listings, bookings, and guest communications, the host may act as an independent or joint controller for the personal data they handle (e.g. a driver's arrival details). Parkberry provides the platform and acts as the host's processor for those operations. Hosts must use guest data only to fulfil bookings and must comply with applicable data-protection law.
11. International transfers
We aim to host and process personal data in Switzerland or the EU/EEA. Some processors (e.g. Stripe) may process data outside Switzerland/the EEA. Where that happens, we rely on a recognised transfer mechanism, such as:
- an adequacy decision (Swiss FDPIC / European Commission), or
- the EU Standard Contractual Clauses with the Swiss addendum, plus supplementary safeguards where needed.
You can request details of the safeguards for a specific transfer at [email protected].
12. Your rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase data ("right to be forgotten"), subject to legal retention;
- restrict or object to certain processing;
- data portability - receive your data in a portable format;
- withdraw consent at any time (e.g. live-location sharing, notifications), without affecting prior processing;
- lodge a complaint with a supervisory authority.
To exercise any right, contact [email protected]. We respond within the legal timeframe (generally 30 days under GDPR; without undue delay under FADP). We may need to verify your identity first.
Supervisory authorities:
- Switzerland - Federal Data Protection and Information Commissioner (FDPIC), https://www.edoeb.admin.ch.
- EU/EEA - your local data protection authority.
13. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS), encryption at rest for sensitive fields, access controls, tokenised payments (no card data on device/servers), and audit logging. No system is perfectly secure; if a breach affecting your data occurs, we will notify you and the relevant authority as required by law.
14. Changes to this Privacy Policy
We may update this policy. We will post the new version in the app and update the "Last updated" date; for material changes we will give prominent notice and, where required, ask for your consent.
15. Contact
Questions about privacy: [email protected] · Davidovski GmbH, Wehntalerstrasse 283A, 8046 Zurich, Switzerland.