GDPR & Privacy

Privacy Policy

Version 1.0 — Last updated: 2026-04-10 · SpotBuddy (in formation)

Definitions

Personal data means information that can directly or indirectly be linked to an identifiable person. Processing means actions such as collection, storage, use, sharing and deletion.

SpotBuddy is designed with data protection in mind. We aim to limit collection to what is needed to run the service, communicate with users and fulfil our legal obligations.

Data controller

SpotBuddy (in formation) is the data controller for the processing of personal data described in this policy.

During the formation period we can be reached at privacy@spotbuddy.se and hej@spotbuddy.se. This policy will be updated with full company details once registration is complete.

Data we may process

Contact details: name, email address and phone number you provide to us, for example when registering or signing up to the waitlist.

Account and profile data: information you add to your profile, such as language, booking preferences and communication settings.

Vehicle and space data: registration number, parking space details, availability, price and any access instructions.

Booking and payment data: booking dates, times, amounts, status, payout information and other information needed to manage bookings and payments.

Technical information: IP address, browser, device, logs and similar data needed for operation, security and troubleshooting.

Location data: if you explicitly permit it, we may use approximate or precise location to show relevant spaces near you. Consent is obtained via the browser's built-in permission dialog and/or an in-app setting, and you can withdraw it at any time in your device's location settings.

To provide the service: we process data to create accounts, display listings, manage bookings and provide support. Legal basis: contract or pre-contractual measures.

To manage the waitlist: we process your email address to send information about the launch and related SpotBuddy updates. Legal basis: legitimate interest or your consent, depending on context.

To process payments and payouts: we process necessary data to take payment, pay out funds and document transactions. Legal basis: contract and legal obligation.

For security and fraud prevention: we use logs, verification data and technical information to protect the service and other users. Legal basis: legitimate interest.

For accounting, reporting and legal requirements: certain data must be retained to fulfil accounting and other legal obligations. Legal basis: legal obligation.

For processing based on legitimate interest, we have carried out a balancing test in which we have assessed that our interest does not override the rights of the data subject. You can request more information about our balancing test by contacting privacy@spotbuddy.se.

Recipients and data processors

We may share data with providers who help us run the service, such as providers for hosting, operations, email, notifications, verification and payments.

Stripe is used for payment-related features. SpotBuddy does not store full card details.

We do not sell personal data to advertising networks. If we use external service providers, we do so under contract and only for purposes compatible with this policy.

We maintain an internal register of processing activities in accordance with Article 30 of GDPR. You can request a summary of the categories of data processors we use by contacting privacy@spotbuddy.se.

Transfers outside the EU/EEA

Some providers may process personal data outside the EU/EEA. If this occurs, we will use appropriate safeguards, such as the EU Commission's standard contractual clauses or another lawful transfer mechanism.

Retention periods

We retain personal data for as long as necessary for the purposes above or as long as we are required to retain it by law.

Waitlist and contact enquiries: normally retained until launch has taken place or until you ask us to delete your data.

Account and booking data: retained for as long as the account is active and thereafter as long as needed for support, disputes, security, accounting or legal obligations.

Accounting records: may be retained for the period required under accounting legislation.

Technical logs and IP addresses: normally retained for a maximum of 90 days for operations, security and troubleshooting, after which they are deleted or anonymised.

Cookies and similar technology

We use only necessary cookies and similar technology to keep the service secure, remember settings and make the website work. No tracking or analytics cookies are in use at present.

If we introduce analytics tools or other non-essential cookies in the future, we will update this policy and display a cookie banner that gives you the opportunity to give or withhold consent before such cookies are set.

Your rights

Under GDPR you have, among other things, the right to request access to your data, rectification, erasure, restriction, data portability and to object to certain processing.

You can also withdraw consent where processing is based on consent.

Contact us at privacy@spotbuddy.se if you wish to exercise your rights. We aim to respond without undue delay and within the time required by law.

Security and contact

We work with reasonable technical and organisational security measures to protect the data we process. However, no solution is entirely risk-free and we therefore cannot guarantee absolute security.

For questions about this policy or our processing of personal data, contact privacy@spotbuddy.se.

If you believe we are processing your data incorrectly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

© 2026 SpotBuddy (in formation) · Terms of service · Contact

Get more from
your parking.

Rent out and earn, or find parking with a neighbor without the usual hassle. Launching in Malmö, Göteborg and Stockholm.

Learn more and register your board →
Get launch updates, early access, and pilot info. No weekly emails. Privacy policy · Terms of service