Privacy Policy

This Privacy Policy explains how Vancouver Paid Parking ("we", "us", "our") collects, uses, and shares personal information when you use our website and related services (the "Service"). The Service is an interactive map of paid street-parking zones in Vancouver, British Columbia, Canada, with an optional paid Premium subscription.

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). If you are a resident of the EU/UK, this policy is also intended to meet the disclosure requirements of the GDPR/UK GDPR.

1. Information we collect

a. Information you provide

• Account information — when you sign up, we collect your email address and an authentication identifier from our auth provider (Supabase). We do not store your password; it is salted and hashed by Supabase.
• Subscription & payment information — if you subscribe to Premium, payment is processed by Stripe, Inc. We never see or store your full card number, expiry, or CVC. From Stripe we receive a customer identifier, subscription status, billing-period dates, the last four digits of your card, and your billing country. See Stripe's privacy notice at stripe.com/privacy.
• Saved zones (favorites) — zones you choose to save are stored in our database against your user ID.

b. Information collected automatically

• Device & usage data — when you load the Service, our hosting providers (Vercel and Render) automatically log standard request data such as IP address, user agent, referrer, and timestamps. This is used for security, abuse prevention, and basic operational diagnostics.
• Analytics — we use Google Analytics 4 (Google Ireland Limited / Google LLC) to understand which pages are visited, how users arrive at the Service, and aggregate device/browser information. Google may set cookies and collect data including IP address (truncated where possible), referrer, page URL, and a randomly generated client identifier. See Google's privacy notice at policies.google.com/privacy. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.
• Local storage — we store an authentication session token in your browser's localStorage so you stay signed in. We also store non-personal user preferences (e.g., selected day/hour filters, last map view).
• Approximate location — if you click "Find my location", your browser asks for permission and provides a coordinate to the page. The coordinate is used only to center the map and is not transmitted to or stored by us.
• Advertising — free-tier users may be shown ads served by Google AdSense. Google may set cookies and collect data as described in its policies (see "Third parties" below). Premium subscribers do not see ads, and the ad script is not loaded for them.

2. How we use information

• To provide, operate, and maintain the Service.
• To authenticate you and keep you signed in.
• To process subscription payments, renewals, and cancellations through Stripe.
• To save and retrieve your favourite zones.
• To monitor and improve performance and prevent abuse.
• To communicate with you about your account, billing, or material changes to the Service.
• To comply with legal obligations.

Our legal bases (where the GDPR/UK GDPR applies) are: performance of a contract for account and subscription handling; legitimate interests for security, fraud prevention, and basic analytics; and consent for any optional cookies (e.g., personalised advertising), which you may withdraw at any time.

3. Third parties we share information with

We do not sell your personal information. We share limited information with the following service providers strictly to operate the Service:

• Supabase — authentication and database (US/EU regions). supabase.com/privacy
• Stripe — payment processing and subscription management. stripe.com/privacy
• Vercel — static site hosting and edge delivery. vercel.com/legal/privacy-policy
• Render — backend API hosting. render.com/privacy
• Google AdSense — advertising on the free tier. Google's use of advertising cookies is described at policies.google.com/technologies/ads and you may opt out of personalised advertising at adssettings.google.com.
• Google Analytics 4 — site analytics for all visitors. policies.google.com/privacy

We may also disclose information if required by law, to enforce our Terms, or to protect the rights, property, or safety of our users or others.

4. International data transfers

Our service providers are located in Canada, the United States, and the European Union. When information is transferred outside your country of residence, those providers contractually commit to comparable safeguards (for example, Stripe and Google use Standard Contractual Clauses for transfers from the EU/UK to the US).

5. Data retention

• Account data is kept for as long as your account is active. When you delete your account (by contacting us), we remove your profile, favourites, and authentication record.
• Subscription and payment records are retained by Stripe in accordance with their retention policies and applicable accounting/tax law (typically seven years in Canada).
• Server access logs are retained for a short operational window by Vercel and Render.

6. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated personal information.
• Withdraw consent (e.g., for personalised ads).
• Request a portable copy of your data.
• Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your local data-protection authority.

To exercise any of these rights, contact us using the form linked in Section 10. We will respond within 30 days.

7. Security

All traffic to the Service is encrypted in transit using TLS. Payment-card data is handled exclusively by Stripe, a PCI Service Provider Level 1. Database access is restricted by row-level security so that one user cannot read another user's records. No system is perfectly secure, however — please use a strong, unique password and tell us promptly if you suspect unauthorised access to your account.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective date" at the top of this page indicates when it was last revised. For material changes we will provide reasonable notice (for example, by email or an in-product notice) before the change takes effect.

10. Contact us

If you have questions or requests about this Privacy Policy or your personal information, please use our contact form.