Privacy Policy

Last updated: April 4, 2026

1. Introduction

ParkRequest ("we," "us," or "our") operates the parking permit management platform at https://www.parkrequest.com. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our services.

We take the privacy of our users seriously. Because our platform handles personal data including names, email addresses, physical addresses, phone numbers, and vehicle license plate numbers, we are committed to transparent data practices and robust security measures.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and password when you create an account.
  • Property Membership: Unit/apartment number and property association when you join a community.
  • Vehicle Information: Vehicle make, model, color, license plate number, and state of registration.
  • Permit Requests: Guest names, guest vehicle details, and requested parking dates.
  • Communications: Messages sent through our contact or inquiry forms.

2.2 Information Collected Automatically

  • Session Data: We use session cookies to maintain your login state. These are essential for the service to function.
  • Activity Logs: We log certain actions (logins, permit requests, administrative actions) for security and auditing purposes.

3. How We Use Your Information

We use your personal information exclusively for the following purposes:

  • To provide and operate the parking permit management service.
  • To verify your identity and community membership.
  • To process and display parking permit requests to authorized property managers and security personnel.
  • To send transactional emails (account verification, permit confirmations, password resets).
  • To enable property managers to manage their communities effectively.
  • To maintain security and prevent unauthorized access.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3.1 Legal Basis for Processing (GDPR/UK GDPR)

  • Contract Performance: To provide account access, process parking permits, and deliver core platform features.
  • Legitimate Interests: To secure the platform, prevent fraud/abuse, and maintain audit logs for operational integrity.
  • Legal Obligation: To comply with applicable legal, regulatory, and lawful disclosure requirements.
  • Consent: For optional communications or preferences where consent is required by law.

4. Data Visibility & Access

Your data is only accessible to:

  • You: Your own account, vehicle information, and permit history.
  • Property Managers: Managers of properties you belong to can see your name, unit, vehicles, and permits for their property.
  • Security Guards: Guards at your property can see active permit details (guest name, vehicle, dates) for verification purposes.
  • System Administrators: Superadmins have access to all data for operational and support purposes.

License plate numbers and guest information are only displayed to personnel who need them to verify parking authorization.

5. Data Retention

  • Active accounts: Data is retained as long as your account is active.
  • Permit records: Expired permit records are retained for audit purposes and community rule enforcement.
  • Deleted accounts: Upon account deletion request, personal data is removed within 30 days. Anonymized permit records may be retained for property audit trails.

6. Data Security

We implement the following security measures to protect your information:

  • Passwords are hashed using industry-standard bcrypt algorithms and are never stored in plain text.
  • Session tokens are regenerated on login to prevent session fixation attacks.
  • All form submissions are protected by CSRF (Cross-Site Request Forgery) tokens.
  • Input data is validated and sanitized to prevent injection attacks.
  • Database connections use parameterized queries exclusively.
  • Access to sensitive administrative functions requires superadmin authentication.

6.1 Security Incident Response

In the event of a confirmed data breach affecting personal information, we will notify affected community administrators within 72 hours and directly notify affected users whose personal data was compromised. Our full incident response process, including containment procedures and escalation timelines, is documented in our Security Policy.

7. Your Rights

You have the right to:

  • Access: View all personal information we hold about you through your profile and dashboard.
  • Correction: Update your personal information at any time through your profile settings.
  • Deletion: Request deletion of your account and personal data by contacting us.
  • Portability: Download your personal data directly from your profile page in JSON or CSV format.
  • Objection: Object to processing of your personal data for specific purposes.

8. Cookies

We use only essential session cookies required for authentication and application functionality. We do not use tracking cookies, analytics cookies, advertising cookies, or similar non-essential cookies in the current production deployment.

If we introduce any non-essential cookies or third-party tracking technologies in the future, we will update this policy and present the consent controls required by applicable law before those technologies are activated.

8.1 Third-Party Font Delivery

Our website currently loads the Inter font from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When this occurs, your browser may transmit your IP address and browser metadata to Google to retrieve font files. We use this solely for visual rendering and not for behavioral tracking.

9. Children's Privacy

Our service is intended for adults who are authorized residents, property managers, security personnel, or vendor representatives. It is not directed to children under 18, and we do not knowingly collect personal information from minors.

If we learn that a minor has created an account or submitted personal information without appropriate authorization, we will delete or de-identify that information as required by applicable law. Parents or guardians who believe a child has provided us information may contact us at [email protected].

10. Accessibility

We aim to make our platform usable by a broad range of users and continue improving accessibility as the service evolves. For our current accessibility commitment, known limitations, and support contact details, see our Accessibility Statement.

11. California Privacy Rights

Residents of California may have additional privacy rights under California law. Where applicable, those rights and request methods are described in our California Privacy Rights Notice.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: [email protected]