← Back to Legal Documentation

Privacy Policy

Effective Date: October 15, 2025 Last Updated: October 23, 2025 Version: 2.1

---

Introduction

StreetZones (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application StreetZones (the “App”).

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

If you do not agree with our policies and practices, please do not use our App.

---

1. Information We Collect

1.1 Personal Information

Account Registration Required: To use StreetZones, you must create an account. During registration, we collect:

• ✅ Name: Your full name for account identification
• ✅ Username: Your unique username for community interactions
• ✅ Email Address: For account verification, password recovery, and important service notifications
• ✅ Password: Securely hashed and stored for account authentication

We do NOT collect:

• ❌ Phone number
• ❌ Mailing address
• ❌ Payment information
• ❌ Social security number

1.2 Location Data

When You Use the App:

• Current Location: We access your device's GPS location to:
  • Tag parking zone submissions with coordinates
  • Calculate distance to enforcement alerts
  • Filter push notifications by proximity (geofencing)

Important Privacy Safeguards:

• ✅ Location is NEVER tracked in the background
• ✅ No location history is stored on our servers
• ✅ No movement patterns are tracked
• ✅ Geofencing filtering happens ON YOUR DEVICE (not server-side)
• ✅ Only the distance between you and an alert is calculated, NOT your absolute GPS coordinates

1.3 Camera and Photo Library

When You Capture Zone Signs:

• We access your device's camera to photograph parking zone signs
• Photos are uploaded to our servers for OCR (Optical Character Recognition) processing
• You can review and delete photos before submission
• We access your photo library only to save captured photos (if you choose)

1.4 Push Notification Data

When You Enable Notifications:

• We collect your Expo Push Token to send enforcement alerts
• We store your notification preferences (alert radius (in miles), work hours, weekends)
• We track notification delivery metrics (displayed vs dismissed) for analytics

1.5 Usage Data

Automatically Collected:

• Device Information (collected via Expo SDK framework):
  • Device ID: Anonymous identifier from Expo Constants (used for analytics session tracking only)
  • Platform: iOS or Android operating system
  • App Version: Current version number (e.g., "1.0.0")
  • Build Number: Internal build identifier (e.g., "39")
  • OS Version: Operating system version (e.g., "iOS 17.5")
  • Expo SDK Version: Framework version for compatibility tracking
  • Note: Device ID is an anonymous identifier that cannot be linked back to you personally. It is NOT an advertising identifier (IDFA/AAID).
• Analytics Events: App opens, feature usage, OCR success rates
• Error Logs: Crash reports and error diagnostics (anonymous)

NOT Collected:

• ❌ Browsing history
• ❌ Contacts
• ❌ Microphone audio
• ❌ Persistent identifiers (IDFA/AAID) for advertising
• ❌ Financial information

---

2. How We Use Your Information

2.1 To Provide Core Functionality

• Account Management: Create and authenticate your account, enable password recovery, and send service notifications
• Zone Number Lookup: Match GPS coordinates to parking zone boundaries
• Enforcement Alerts: Send real-time notifications about nearby enforcement activity
• OCR Processing: Extract zone numbers from photographed signs
• Community Verification: Allow users to verify enforcement reports and attribute contributions to your username

2.2 To Improve the App

• Analytics: Understand feature usage and optimize user experience
• Bug Fixes: Identify and resolve technical issues
• Performance Monitoring: Ensure fast response times and reliability

2.3 To Ensure Safety and Compliance

• Fraud Prevention: Detect and prevent abuse of the reporting system
• Spam Prevention: Filter duplicate or false enforcement reports
• Quality Control: Validate zone data accuracy

2.4 Geofenced Notifications (Option 5)

Privacy-First Architecture:

1. Server broadcasts enforcement alert to ALL users
2. Notification arrives on YOUR DEVICE with alert GPS coordinates
3. YOUR DEVICE calculates distance using the Haversine formula
4. YOUR DEVICE decides to show or dismiss based on YOUR radius preference
5. Your location NEVER leaves your device during this process

---

3. How We Share Your Information

3.1 We DO NOT Sell Your Data

❌ We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Third-Party Service Providers

We use the following trusted third-party services to operate our App:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Database and authentication	Name, username, email address, hashed passwords, user ID, zone submissions, enforcement reports, notification preferences	Supabase Privacy
PostHog	Analytics and product insights	Device ID, usage events, feature interactions	PostHog Privacy
Google Cloud Vision API	OCR (zone sign text detection)	Photos of parking zone signs	Google Privacy
Expo Push Service	Push notification delivery	Push tokens, notification content	Expo Privacy
Expo SDK	Mobile app framework	Device ID, app version, build number, platform type, SDK version	Expo Privacy

All third-party services are GDPR and CCPA compliant.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

3.4 Business Transfers

If StreetZones is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

---

4. Data Security

4.1 How We Protect Your Data

Technical Safeguards:

• ✅ Password Security: All passwords are securely hashed using industry-standard bcrypt algorithm before storage. We never store plain-text passwords.
• ✅ Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS 1.3
• ✅ Encryption at Rest: Database is encrypted with AES-256
• ✅ Access Controls: Role-based access controls (RBAC) for admin users
• ✅ Regular Backups: Daily encrypted backups stored in secure cloud infrastructure

Organizational Safeguards:

• ✅ Minimal data collection (privacy by design)
• ✅ Data minimization (we only keep what's necessary)
• ✅ Regular security audits
• ✅ Employee training on data protection

4.2 Data Retention

Data Type	Retention Period
Account Credentials	Until account deletion (name, username, email, hashed password)
Enforcement Reports	30 minutes (auto-expiry)
Zone Submissions	Indefinitely (community database)
Analytics Events	30 days
Push Tokens	Deactivated after 30 days inactive, deleted after 90 days
Photos (OCR Queue)	30 days, then deleted

Note on Photo Cleanup: Photo cleanup is performed manually on a regular basis to maintain the 30-day retention policy. If you need immediate photo deletion, please contact privacy@streetzones.app and we will process your request within 7 business days.

4.3 No Absolute Security

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

---

5. Your Privacy Rights

5.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

1. Right to Access: Request a copy of your data
2. Right to Rectification: Correct inaccurate data
3. Right to Erasure (“Right to be Forgotten”): Delete your data
4. Right to Restrict Processing: Limit how we use your data
5. Right to Data Portability: Receive your data in a portable format
6. Right to Object: Opt-out of certain data processing
7. Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at: privacy@streetzones.app (placeholder email)

5.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

1. Right to Know: What personal information we collect, use, and share
2. Right to Delete: Request deletion of your personal information
3. Right to Opt-Out: Opt-out of the "sale" of personal information (we don't sell data)
4. Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at: privacy@streetzones.app

5.3 How to Delete Your Data

Option 1: In-App Account Deletion

1. Open Settings → Account
2. Tap "Delete My Account"
3. Enter your password to confirm
4. Confirm deletion

Option 2: Email Request

1. Email privacy@streetzones.app with your registered email address
2. We will verify your identity and delete your account within 30 days

What Gets Deleted:

• ✅ Your account credentials (name, username, email, password)
• ✅ Your enforcement reports
• ✅ Your notification preferences
• ✅ Your analytics data
• ✅ Your push tokens

What Remains (Anonymized):

• ✅ Zone submissions (anonymized, no user link)
• ✅ Community verification data (aggregated)

---

6. Age Restrictions and Intended Use

6.1 Minimum Age

You must be at least 16 years old to use StreetZones.

6.2 Intended Users

StreetZones is designed for licensed drivers and their passengers (age 16+).

We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and you are aware that your child under 16 has provided us with personal information, please contact us at privacy@streetzones.app so we can delete it immediately.

6.3 Safety Disclaimer

CRITICAL SAFETY NOTICE: Never use this app while operating a vehicle.

• ❌ Drivers must pull over safely before interacting with the app
• ✅ Passengers may use the app to assist the driver
• ✅ This app is for parking enforcement awareness, not real-time navigation while driving

6.4 Legal Representation

By creating an account, you represent and warrant that you are either:

1. A licensed driver in your jurisdiction, OR
2. A passenger (age 16 or older) assisting a licensed driver

StreetZones assumes no liability for violations of minimum driving age laws in your jurisdiction.

---

7. International Data Transfers

Primary Data Storage: United States (Supabase US region)

If you are accessing the App from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the App, you consent to such transfers.

EU Users: Data transfers comply with GDPR through:

• Standard Contractual Clauses (SCCs)
• Adequate safeguards as recognized by the European Commission

---

8. Third-Party Links

The App may contain links to third-party websites or services (e.g., Chicago parking payment portals). We are not responsible for the privacy practices of these third parties. Please review their privacy policies.

---

9. Push Notification Privacy

9.1 What We Send

• Enforcement alert type (boot crew, ticket writer, etc.)
• Distance from you (calculated on YOUR device)
• Zone number (if applicable)
• Timestamp

9.2 What We DON’T Send

• ❌ Your exact GPS coordinates
• ❌ Your movement history
• ❌ Personal information
• ❌ Marketing or promotional content

9.3 How to Disable

• iOS: Settings → StreetZones → Notifications → OFF
• Android: Settings → Apps → StreetZones → Notifications → OFF

---

10. Analytics and Tracking

10.1 What We Track

PostHog Analytics:

• App opens/closes
• Feature usage (zone lookups, enforcement reports, camera scans)
• Screen views
• OCR success rates
• Geofence notification metrics (displayed vs dismissed)

What We DON'T Track:

• ❌ Advertising identifiers (IDFA/AAID)
• ❌ Cross-app tracking
• ❌ Third-party advertising
• ❌ Personally identifiable information

10.2 How to Opt-Out

Currently, analytics are essential for app functionality and quality assurance. Future versions may include an opt-out option.

---

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date
• Sending an in-app notification (for significant changes)

Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

---

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@streetzones.app
Website: https://streetzones.app
App Version: 1.0.0 (Build 39)

For Data Protection Officer (DPO) inquiries: dpo@streetzones.app

---

13. Legal Basis for Processing (GDPR)

For EU users, we process your data based on:

1. Consent: You provided consent for push notifications, camera access, location access
2. Legitimate Interest: Analytics for app improvement, fraud prevention
3. Contractual Necessity: To provide the core service (zone lookups, enforcement alerts)

---

14. Compliance Summary

StreetZones is compliant with:

• ✅ GDPR (General Data Protection Regulation) - Europe
• ✅ CCPA (California Consumer Privacy Act) - California
• ✅ COPPA (Children’s Online Privacy Protection Act) - USA
• ✅ Apple App Store Guidelines
• ✅ Google Play Store Guidelines

---

Last reviewed and approved: October 23, 2025

Version 2.1 Changes: Updated age restrictions from 13+ to 16+ with driving disclaimers. Added safety warnings for drivers and legal representation requirements.

Version 2.0 Changes: Updated to reflect account-based authentication system (name, username, email, password collection). Replaced anonymous device-based system with required account registration.

This Privacy Policy was prepared in consultation with privacy best practices for mobile apps and GDPR/CCPA compliance frameworks.