Zum Inhalt
ParkRadar App-IconParkRadar
So funktioniert'sFeaturesDatenschutzApp Store

Privacy Policy for ParkRadar

English · Deutsch

Last updated: June 7, 2026

also information for data subjects pursuant to Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR)

Table of contents

  1. 1. General information
  2. 2. General data processing information
  3. 3. Usage data on the website
  4. 4. Specific information about the ParkRadar mobile app
    1. 4.1 Device-based app access
    2. 4.2 Location data
    3. 4.3 Parking positions and vehicles
    4. 4.4 Parking rule hints and community features
    5. 4.5 Push notifications
    6. 4.6 Premium features, in-app purchases and subscriptions
    7. 4.7 Support, contact and privacy requests
  5. 5. Specific information about services and data sources used
    1. 5.1 Hosting and backend infrastructure
    2. 5.2 Apple MapKit
    3. 5.3 Google Maps SDK for Android
    4. 5.4 OpenStreetMap / Overpass
    5. 5.5 Berlin Open Data / WFS
    6. 5.6 Expo Push, APNs and FCM
    7. 5.7 RevenueCat, Apple App Store and Google Play
  6. 6. No advertising and no analytics in the MVP
  7. 7. Cookies and local storage
  8. 8. Data deletion and account deletion
  9. 9. Customer and prospect data
  10. 10. Supplier and business partner data
  11. 11. Recruitment process
  12. 12. Security of processing
  13. 13. Obligation to provide personal data
  14. 14. Automated decision-making
  15. 15. Rights of data subjects
  16. 16. Right to lodge a complaint with a supervisory authority
  17. 17. Changes to this privacy policy

1. General information

Information about the controller

The controller responsible for data processing in connection with the "ParkRadar" mobile application, the website, and related services is:

Cefuya UG (haftungsbeschränkt)
Waitzstraße 3
10629 Berlin
Deutschland

Email: info@parkradar.io
Privacy contact: privacy@parkradar.io
Website/domain: parkradar.io

No data protection officer has currently been appointed unless there is a legal obligation to appoint one. Privacy requests can be sent to privacy@parkradar.io or via our contact page.

2. General data processing information

We process personal data only to the extent necessary to provide the app, the website, ParkRadar features, to perform contracts, to ensure service security, to comply with legal obligations, or on the basis of consent.

Personal data means any information relating to an identified or identifiable natural person. This may include, in particular, device identifiers, pseudonymous user IDs, location data, push tokens, usage data, payment or subscription information, and technical log data.

Processing purposes

Processing is carried out in particular for the following purposes:

  • providing the app and its core features,
  • displaying maps, parking zones, parking meter locations, and parking rule hints,
  • creating, confirming, strengthening, and disputing parking rule hints,
  • marking saved parking positions,
  • managing vehicles within the app,
  • providing push notifications,
  • abuse prevention, rate limits, trust system, and technical security,
  • providing and managing optional premium features,
  • handling support, privacy, and deletion requests,
  • fulfilling legal obligations.

Legal bases

Depending on the processing activity, personal data is processed on the basis of:

  • Art. 6(1)(b) GDPR, where processing is necessary to provide app features or perform a contract,
  • Art. 6(1)(a) GDPR, where consent has been granted, especially for optional permissions such as location, push notifications, or future analytics features,
  • Art. 6(1)(f) GDPR, where processing is necessary for technical security, abuse prevention, error analysis, quality assurance, or safeguarding legitimate interests,
  • Art. 6(1)(c) GDPR, where legal retention or documentation obligations apply.

Categories of recipients

Recipients of personal data may include:

  • internal responsible departments,
  • technical service providers and processors,
  • hosting and infrastructure providers,
  • push service providers,
  • map services and data sources,
  • app store and payment providers,
  • subscription management providers,
  • public authorities where legal obligations apply,
  • other recipients where consent exists or where transfer is legally permissible.

Third-country transfers

Where providers outside the European Union (EU) or the European Economic Area (EEA) are used, personal data is transferred only if there is an appropriate legal basis. This may include, in particular, an adequacy decision, standard contractual clauses, or explicit consent.

For certain services, especially app stores, push services, map services, or subscription management services, processing outside the EU/EEA cannot be fully excluded.

Duration of data storage

We store personal data only as long as necessary for the respective purposes or as long as statutory retention obligations exist.

Where specific retention periods are technically implemented, the following principles apply in particular:

  • App access and device data is generally stored as long as app access exists or as long as necessary for security and abuse prevention.
  • Parking positions and vehicle data are stored as long as the user uses this feature or until the data is deleted.
  • Community hints and related technical data may be stored for display, quality assurance, abuse prevention, and traceability.
  • Audit, security, and abuse logs may be stored longer where necessary for service security, legal defense, or fulfillment of legal obligations.
  • Billing and tax-relevant data may be stored in accordance with statutory retention periods.

Where planned automatic deletion or anonymization periods are not yet fully implemented technically, they are not guaranteed as binding commitments. Users may request deletion of their data via the app feature or by email to privacy@parkradar.io.

3. Usage data on the website

When you access our website parkradar.io, your internet browser transmits data to our web server for technical reasons.

The following data may in particular be processed:

  • date and time of the request,
  • requested page or file,
  • referrer URL,
  • access status,
  • browser used,
  • operating system used,
  • IP address,
  • amount of data transferred,
  • technical device and connection information.

This data is processed to deliver the website, ensure technical security, defend against attacks, analyze errors, and ensure stable operation.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and functional provision of our website.

Server log data is stored only as long as necessary for the above purposes and is then deleted or anonymized unless longer storage is required to investigate security incidents or due to legal obligations.

4. Specific information about the ParkRadar mobile app

4.1 Device-based app access

ParkRadar uses pseudonymous or anonymous device-based app access. Traditional registration with email address and password is not mandatory for basic use.

Affected data may include in particular:

  • pseudonymous user ID,
  • device identifier,
  • installation identifier,
  • technical app identifier,
  • JWT or technical access tokens,
  • operating system,
  • app version,
  • device model,
  • language settings,
  • technical usage and security data.

Purpose of processing: Provision of app access, assignment of app features to a device, abuse prevention, rate limits, trust system, technical security, and error analysis.

Legal basis: Art. 6(1)(b) GDPR, insofar as processing is necessary to provide the app; Art. 6(1)(f) GDPR, insofar as processing is necessary for security, abuse prevention, and stability.

Storage duration: Data is stored as long as app access exists or as long as processing is necessary for security, abuse prevention, traceability, or legal purposes. Users can initiate deletion via the app or by request to privacy@parkradar.io.

4.2 Location data

ParkRadar processes location data where necessary for certain app features and where the user has granted the corresponding location permission.

As a rule, the app uses location access while using the app ("When In Use"). Continuous background tracking or a permanent GPS movement history is not part of the MVP unless explicitly implemented otherwise technically.

Affected data may include in particular:

  • current device location,
  • GPS coordinates for specific actions,
  • location accuracy,
  • time of location determination,
  • H3 grid cells,
  • location buckets,
  • distance buckets,
  • technical location checks.

Purpose of processing: Displaying your location on the map, creating a parking rule hint, confirming, strengthening, or disputing a hint, marking a parking position, assigning a parked vehicle to hint areas, push notifications within the selected radius, abuse prevention, and plausibility checks of reports.

Legal basis: Art. 6(1)(a) GDPR where the user consents to location access; Art. 6(1)(b) GDPR where location data is necessary to provide explicitly requested app features; Art. 6(1)(f) GDPR for security and abuse checks.

Users can change or revoke location permission at any time via their device settings. Without location access, certain features, especially reporting, confirming, disputing, marking parking spots, or location-based push hints, may not be usable or may be usable only to a limited extent.

4.3 Parking positions and vehicles

Users can create vehicles in ParkRadar and mark a parking position.

Affected data may include in particular:

  • vehicle name assigned by the user,
  • stored parking position,
  • time of marking,
  • technical assignment to app installation,
  • H3 or location bucket,
  • push-relevant distance to hint areas.

Purpose of processing: Finding the parked vehicle again, displaying your own parking position, notifying about relevant parking rule hints in the surrounding area, and managing the vehicle feature.

Legal basis: Art. 6(1)(b) GDPR insofar as processing is necessary to provide the vehicle and parking position feature; Art. 6(1)(a) GDPR insofar as location permissions are required.

Users should not use real license plate numbers, names of other persons, or other personal data as vehicle names. The parking position is not publicly visible and is not shown to other users.

4.4 Parking rule hints and community features

ParkRadar allows users to create anonymous parking rule hints and to confirm, strengthen, or dispute existing hints.

Affected data may include in particular:

  • pseudonymous user ID,
  • time of report,
  • location or location area,
  • H3 cell or hint area,
  • technical accuracy data,
  • confirmation, strengthening, or dispute,
  • structured dispute reasons,
  • trust score,
  • rate limits,
  • abuse or false-report indicators,
  • moderation status,
  • technical log data.

Purpose of processing: Creation and display of parking rule hints, evaluation of hint reliability, protection against false reports and abuse, quality assurance of community features, technical security, moderation, and traceability.

Legal basis: Art. 6(1)(b) GDPR insofar as processing is necessary to provide the community feature; Art. 6(1)(f) GDPR for abuse prevention, security, and quality assurance.

ParkRadar is not intended to capture individual persons, public authority employees, inspectors, vehicles, or license plates. Users must not report such personal data via ParkRadar.

4.5 Push notifications

ParkRadar may provide push notifications, in particular when a saved vehicle is located near a parking rule hint area or when other relevant notices exist.

Affected data may include in particular:

  • push token,
  • device identifier,
  • operating system,
  • app version,
  • notification settings,
  • selected notification radius,
  • status of push consent,
  • technical delivery information.

Purpose of processing: Delivery of push notifications, management of push settings, notifications regarding parking rule hints in connection with stored parking positions, and technical delivery via push service providers.

Legal basis: Art. 6(1)(a) GDPR where the user permits push notifications; Art. 6(1)(b) GDPR where push is part of the requested app feature.

Users can disable push notifications at any time in the app or in the device system settings. Expo Push Services, Apple Push Notification Service (APNs), and Firebase Cloud Messaging (FCM) may be used for technical delivery.

4.6 Premium features, in-app purchases and subscriptions

ParkRadar may offer optional premium features as paid subscriptions. Processing is handled via the respective app stores and, where applicable, a subscription management service provider.

Affected data may include in particular:

  • app store purchase status,
  • product ID,
  • subscription status,
  • entitlements,
  • transaction and renewal status,
  • technical user or device identifier,
  • country or store region,
  • time of purchase, renewal, cancellation, or expiry,
  • information on free trial periods or promotions.

As a rule, ParkRadar does not process full payment data such as credit card numbers. Payment is made via Apple App Store or Google Play Store.

Purpose of processing: Provision of premium features, verification of subscription status, activation or revocation of premium benefits, billing and proof of in-app purchases, support for subscription issues, abuse prevention (e.g. one store subscription per person and user account, one active device at a time).

Legal basis: Art. 6(1)(b) GDPR for performance of the premium contract; Art. 6(1)(c) GDPR for legal documentation or retention obligations; Art. 6(1)(f) GDPR for abuse prevention and support.

Recipients may include, in particular, Apple, Google, and RevenueCat where these services are technically integrated.

4.7 Support, contact and privacy requests

When users contact us, we process the data transmitted in this context.

Affected data may include in particular:

  • name, if provided,
  • email address,
  • content of the request,
  • technical information about the device or app,
  • screenshots or attachments, where submitted,
  • time of contact,
  • processing status.

Purpose of processing: Handling support requests, processing privacy requests, processing deletion requests, error analysis, and documentation of communication.

Legal basis: Art. 6(1)(b) GDPR for contract-related requests; Art. 6(1)(c) GDPR for privacy-related or statutory requests; Art. 6(1)(f) GDPR for handling general requests and documentation.

5. Specific information about services and data sources used

5.1 Hosting and backend infrastructure

ParkRadar uses its own backend systems to provide app features.

Components used may include in particular:

  • Node.js / Express backend,
  • PostgreSQL / PostGIS,
  • Redis,
  • Prisma,
  • API at https://api.parkradar.io,
  • hosting at Hetzner within the European Union.

Purpose of processing: Operating the app, storing app-related data, providing parking rule hints, managing push, user, location, and premium features, technical security, and abuse prevention.

Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR.

Where required, data processing agreements pursuant to Art. 28 GDPR are concluded with processors used.

5.2 Apple MapKit

On iOS devices, ParkRadar may use Apple MapKit for map display.

The provider is Apple Distribution International Ltd. or the relevant Apple entity. When the map feature is used, technical data, location data, and map usage data may be transmitted to Apple insofar as this is necessary to display the map.

Legal basis: Art. 6(1)(b) GDPR for provision of the map feature; Art. 6(1)(a) GDPR insofar as location data is used based on consent. Apple's privacy information applies additionally to data processing by Apple.

5.3 Google Maps SDK for Android

On Android devices, ParkRadar may use Google Maps SDK for map display. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When using the map feature, technical data, location data, and map usage data may be transmitted to Google insofar as this is necessary to display the map.

Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(a) GDPR insofar as location data is used based on consent. Google may also process data outside the European Union.

5.4 OpenStreetMap / Overpass

ParkRadar may use data from OpenStreetMap and Overpass to display parking meter locations or other map information. Where requests are made server-side via ParkRadar, direct personal reference toward these services is avoided as far as possible.

Purpose of processing: Displaying parking meter locations, improving map context, and providing parking-related information.

Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR.

5.5 Berlin Open Data / WFS

ParkRadar may use open data sources, in particular Berlin Open Data or WFS services, to display parking zones, tariffs, or other parking-related information. As a rule, users' personal data is not transmitted to Berlin Open Data for this purpose where integration is carried out server-side or without personal user queries.

Official sources (selection):

  • Berlin Open Data
  • Paid parking zones (WFS)
  • Scheduled events / no-stopping zones (WFS)
  • VIZ Berlin (roadworks & closures)

Overview and disclaimer: Data sources

Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR.

5.6 Expo Push, APNs and FCM

For push notifications, ParkRadar may use Expo Push Services as well as the operating system providers' push services: Apple Push Notification Service (APNs) for iOS, Firebase Cloud Messaging (FCM) for Android.

Legal basis: Art. 6(1)(a) GDPR, Art. 6(1)(b) GDPR. Push notifications can be disabled at any time.

5.7 RevenueCat, Apple App Store and Google Play

To manage premium subscriptions and in-app purchases, ParkRadar may use RevenueCat as well as Apple's and Google's payment and app store systems.

Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. Apple's, Google's, and RevenueCat's privacy information additionally applies to payment processing.

6. No advertising and no analytics in the MVP

According to the current status, ParkRadar does not use advertising SDKs or external analytics tools such as Firebase Analytics, Google Analytics, or Mixpanel in the MVP.

If analytics functions, statistical functions, advertising, or marketing tracking are used in the future, this will be done only in accordance with legal requirements and, where necessary, on the basis of prior consent.

Any potentially planned aggregated analytics feature is disabled by default unless explicitly activated.

7. Cookies and local storage

The website may use technically necessary cookies or comparable storage technologies where this is required to provide the website.

The app may use local storage technologies, for example:

  • language settings,
  • dark mode,
  • push settings,
  • vehicle names,
  • local parking positions,
  • app configuration,
  • technical tokens.

Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR; for non-essential storage, Art. 6(1)(a) GDPR.

8. Data deletion and account deletion

Users can initiate data or account deletion in the app where this feature is provided. Alternatively, deletion can be requested by email at privacy@parkradar.io.

Step-by-step in the app: "Delete data" guide.

Depending on the technical implementation, the following data in particular may be deleted or anonymized:

  • device-based user access,
  • vehicles,
  • parking positions,
  • push tokens,
  • app settings,
  • associated usage data,
  • community data, insofar as no security, documentation, or abuse-prevention reasons prevent deletion.

Certain data may continue to be stored where this is necessary for statutory retention obligations, billing and documentation for premium subscriptions, abuse prevention, security logs, legal defense, or traceability of violations of terms of use.

Uninstalling the app does not automatically result in complete deletion of data stored on servers and does not terminate any ongoing app store subscription.

9. Customer and prospect data

Where users, customers, prospects, or business partners contact us, we process the data transmitted in this context (name, email, company, phone number, request content, contract or project data, communication data).

Legal basis: Art. 6(1)(b), (f), and (c) GDPR. Storage until the purpose is fulfilled, unless statutory retention periods prevent deletion.

10. Supplier and business partner data

Processing of contact, contract, invoice, and payment data of suppliers and business partners for the purposes of contract initiation, procurement, service provider management, and payment processing.

Legal basis: Art. 6(1)(b), (c), and (f) GDPR. Commercial and tax-relevant records may generally be retained for up to 10 years.

11. Recruitment process

Where applications are submitted to us, we process the personal data contained in them (application documents, contact data, resume/CV, certificates, qualifications).

Legal basis: Art. 6(1)(b) GDPR, Section 26 BDSG, Art. 6(1)(a) GDPR where consent to longer storage has been provided. Deletion takes place after completion of the process unless consent or legal reasons prevent deletion.

12. Security of processing

We take technical and organizational measures to protect personal data against loss, abuse, unauthorized access, alteration, or disclosure - including encrypted transmission, access restrictions, rate limits, abuse detection, and hosting within the EU where possible.

Despite appropriate protective measures, absolute security cannot be guaranteed.

13. Obligation to provide personal data

Providing certain data is necessary for using specific app features - for example, without location access there are no location-based reports, without push permission there are no push notifications, without a technical device identifier there is no pseudonymous app access, and without subscription status there is no premium activation.

Where data is processed on the basis of consent, provision is voluntary. Any consent given can be revoked at any time with effect for the future.

14. Automated decision-making

Automated decision-making within the meaning of Art. 22 GDPR does not take place. Technical quality assurance systems (trust scores, rate limits, plausibility checks) do not result in a legal or similarly significant automated decision within the meaning of Art. 22 GDPR.

15. Rights of data subjects

Under the statutory requirements, data subjects have the following rights:

  • right of access pursuant to Art. 15 GDPR,
  • right to rectification pursuant to Art. 16 GDPR,
  • right to erasure pursuant to Art. 17 GDPR,
  • right to restriction of processing pursuant to Art. 18 GDPR,
  • right to data portability pursuant to Art. 20 GDPR,
  • right to object pursuant to Art. 21 GDPR,
  • right to withdraw consent pursuant to Art. 7(3) GDPR.

To exercise these rights: privacy@parkradar.io or by post to the address stated above.

The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before withdrawal.

16. Right to lodge a complaint with a supervisory authority

Data subjects have the right to lodge a complaint with a data protection supervisory authority. The authority responsible may in particular be the authority of the federal state where the controller has its seat.

For Berlin:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Germany

17. Changes to this privacy policy

We may amend this privacy policy where this is necessary due to technical changes, new features, changed data processing, legal requirements, or organizational changes.

The current version is available in the app and/or on the website at /en/privacy/. Users will be informed appropriately of material changes where required by law.

ParkRadar App-IconParkRadar
DatenschutzImpressumAGBKontakt
© 2026 ParkRadar