Privacy & Security

GreatSpot Privacy & Security Policy
Last updated: October 10th, 2025

GreatSpot, Inc. (“GreatSpot”, “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal data. This Privacy & Security Policy (the “Policy”) explains how we collect, process, store, and share personal data when you use our website, mobile app, or SMS / communications features (“Services”). If you are located in the European Union or European Economic Area, this Policy also describes your rights under the General Data Protection Regulation (“GDPR”).By using our Services or providing your data, you agree to the practices described herein and consent to processing under these terms.
‍
1. Contact Information
Data Controller: GreatSpot, Inc.
‍Address: 410 Broadway Street Laguna Beach, CA 92651
‍Email for privacy inquiries: privacy@greatspot.io
‍
2. Legal Bases for Processing (GDPR)
‍Under GDPR (Article 6), we rely on one or more of the following lawful bases to process your personal data:
‍Consent (Art. 6(1)(a))For SMS / messaging notifications (marketing, promos) only if you explicitly opt in via checkbox or equivalent.You may withdraw consent at any time (see Section “Your Rights” below).
‍Contract performance / necessity (Art. 6(1)(b))To provide core Services (parking management, payment confirmations, reminders) once you open an account or enter into contract with us.
‍Legal obligation (Art. 6(1)(c))Where we must comply with laws, regulatory requests, or obligations (e.g. accounting, audit, tax).
‍Legitimate interests (Art. 6(1)(f))For fraud prevention, security, analytics, internal operations – only where those interests do not override your rights and freedoms.We will clearly inform you which lawful basis is used when collecting data.
‍
3. What Information We Collect
‍We collect the following personal data (when supplied or automatically captured):
‍Provided by you: name, email address, mailing address, phone number, mobile number, license plate, vehicle data, account credentials (username / password), payment data (card, billing), communication history, support messages
‍Automatically / via technology: IP address, device type, browser, operating system, log data, referral URLs, usage metrics, cookies & tracking identifiers, geolocation data (if you grant permission)
‍Derived / aggregated / anonymized data: usage trends, analytics, insights that do not identify youWe limit collection to what is necessary for the purposes stated (data minimization).
‍
4. How We Use Your Data & Processing Purposes
‍We use your personal data for:
Core service delivery (parking, payments, account management)Sending transactional SMS / email / push notifications (confirmations, reminders, alerts)
Sending promotional / marketing SMS only if you have explicitly opted in
Customer support, communications, and responding to inquiriesFraud detection, abuse monitoring, security enforcement
Analytics, reporting, and improving our Services
Compliance with legal / regulatory obligations
Enforcing our Terms of Service, preventing misuse

We do not use your data for incompatible secondary purposes without separate consent (unless allowed by law).
‍
5. SMS / Messaging & Opt-In (GDPR Specifics)
‍We will only send marketing / promotional SMS messages to users who have explicitly opted in (via unchecked checkbox)
The opt-in language will include:
‍
“I agree to receive SMS notifications (parking confirmations, reminders, traffic alerts, promotions) from GreatSpot. Message & data rates may apply. Reply STOP to unsubscribe.”
‍
After subscription, we will send you a confirmation message, for example:
‍
GreatSpot: You are now subscribed to SMS alerts & updates from GreatSpot. Reply STOP to cancel or HELP for help. Msg & data rates may apply.
‍
You may withdraw consent at any time by replying STOP, via account settings, or by contacting us

We will not send messages to you after withdrawal of consent (except transactional messages required by contract or legal obligations)
‍
Full opt-in details here
‍
6. Sharing, Disclosure & International Transfers
‍We may share your data only with:
‍Service providers / processors (e.g. payment processors, messaging providers, analytics) under contract and limited to required dataAffiliates / partners only when necessary to deliver the service (e.g. parking lot operators)
‍Legal / regulatory authorities when required by law, court orders, investigations
In corporate transactions (e.g. merger, acquisition), with protections for data

If we transfer data outside the EEA, we will ensure appropriate safeguards (e.g. Standard Contractual Clauses (SCC), adequacy decisions, or Binding Corporate Rules) to maintain GDPR-level protections.
‍
7. Data Retention & Deletion
‍We retain your personal data only as long as needed for the purpose(s) for which it was collected, or as required by law
When data is no longer needed, we will delete or anonymize it
If you request deletion or erasure (see “Your Rights”), we will comply unless retention is required (e.g. legal obligations, dispute resolution)
‍
8. Security Measures & Integrity
‍We implement reasonable technical and organizational measures to protect your data:
Encryption in transit (TLS) and at rest (where applicable)
Access controls, role-based permissions, authentication & audit logs
Regular security assessments, penetration testing, monitoring
Limiting internal access to only personnel with a business need
Data pseudonymization or anonymization where feasible

We also maintain incident response procedures and aim to notify you and relevant authorities if a breach occurs in accordance with GDPR requirements.
‍
9. Your Rights (GDPR Data Subject Rights)
‍Under GDPR, you have the following rights regarding your data:
‍Right to be informed – clear, transparent notice of processing
‍Right of access – you may request a copy of the personal data we hold
‍Right to rectification – you can correct inaccurate or incomplete data
‍Right to erasure (“right to be forgotten”) – you may ask us to delete your data (subject to exceptions)
‍Right to restrict processing – you may ask us to limit how we use your data
‍Right to data portability – you may ask for your data in a structured, machine-readable format
‍Right to object – especially to marketing or profiling processing
‍Right to withdraw consent – at any time, especially for SMS marketing
‍Right to lodge a complaint – with your local supervisory authority

To exercise any of these rights, please contact us at privacy@greatspot.io. We will respond within statutory timelines (typically 30 days).
‍
10. Children & Minors
‍Our Services are intended for individuals aged 18 or older

We do not knowingly process personal data of minors under 16 without verified parental consent

If we learn we have collected data from minors without consent, we will delete it promptly
‍
11. Cookies, Tracking & Choice
‍We use cookies, pixels, and similar technologies to collect usage data and enhance your experience
On EU / EEA users, we will present a cookie consent banner / notice and allow users to accept / reject non-essential cookies
You can manage preferences or disable cookies via your browser settings (though some Services may be impaired)
‍
12. Changes to This Policy & Notification
‍We may update this Policy from time to time
We will post the updated version on our Services, with an updated “Last Updated” date
For material changes affecting your rights, we will provide notice (e.g. email or in-app)
‍
13. Contact & Supervisory Authority
‍If you have any questions, requests, or concerns about this Policy or our processing practices:
Email: privacy@greatspot.io
Address: 410 Broadway Street Laguna Beach CA 92651
You may also lodge a complaint with a supervisory authority in your jurisdiction (e.g. CNIL in France, ICO in UK, etc.)