Privacy Policy

This Privacy Policy explains how ParkAlert ("we", "us", "our") collects, uses, stores and shares your personal data when you use parkalert.uk (the "Service"). We are the data controller for the personal data we process about you.

We comply with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

1. Who we are

ParkAlert is a UK-based service that helps drivers understand parking rules and fine risk at car parks and on-street locations. Contact: hello@parkalert.uk.

2. What data we collect

• Location data — only if you tap "Check where I am now". Used in your browser to find nearby parking and never stored on our servers in identifiable form.
• Search queries — sent to Mapbox to return place suggestions.
• Crowd reports — when you tap "I parked OK" or "I got a ticket", we record the location, the feedback type, and a timestamp. We do not collect your name, email, IP or device ID with these reports.
• Technical data — basic server logs (IP address, browser type, pages visited) for security and abuse prevention, retained for 30 days.
• Cookies — see our Cookie Policy.

3. Why we process it (lawful basis)

• Legitimate interests (Art. 6(1)(f) UK GDPR) — to run the Service, prevent abuse, and improve accuracy of parking information.
• Consent (Art. 6(1)(a)) — for non-essential cookies, location access, and any marketing communications.
• Legal obligation (Art. 6(1)(c)) — to respond to lawful requests from authorities.

4. Who we share it with

• Mapbox — for map tiles and geocoding (US/EU processing; covered by Standard Contractual Clauses).
• Supabase — our backend hosting provider (EU region).
• Affiliate partners (e.g. JustPark, YourParkingSpace, APH, Holiday Extras) — only when you click an affiliate link. They receive referral data per their own privacy policies.
• We do not sell your personal data.

5. International transfers

Where data is transferred outside the UK or EEA, we rely on UK International Data Transfer Agreements or Standard Contractual Clauses as adequacy safeguards.

6. Retention

• Server logs: 30 days.
• Crowd reports: indefinitely (anonymous and aggregated).
• Cookie consent record: 12 months, then re-prompt.

7. Your rights

Under UK GDPR you have the right to:

• Access the data we hold about you.
• Request rectification or erasure.
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time.
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any right, email privacy@parkalert.uk. We respond within one calendar month.

8. Children

The Service is intended for users aged 18 and over (the legal driving age in the UK is 17, but we restrict use of paid affiliate booking and account features to adults). We do not knowingly collect data from anyone under 18.

9. Security

We use TLS encryption in transit, encrypted database storage at rest, and follow OWASP best practices. No system is perfectly secure — report vulnerabilities to security@parkalert.uk.

10. Changes

We may update this policy. Material changes will be notified on the homepage and the "Last updated" date above will change.