Privacy Policy

Effective Date: April 18, 2026

Kotse ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Kotse mobile application and website (the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Information You Provide

• Account information: Name, email address, phone number, and profile photo.
• Host payout and identity verification: When you become a host, you connect a bank account through Stripe so we can send you payouts. Stripe also collects additional identity information (such as your legal name, date of birth, and the last four digits of your Social Security Number) for tax reporting and anti-fraud compliance. Most of this information is collected progressively by Stripe over time, not all at once upfront, and is stored on Stripe's servers, not ours.
• Listing information: Parking space address, description, photos, pricing, and availability.
• Booking information: Reservation dates, times, vehicle license plate number, and payment details.
• Communications: Messages you send through the in-app messaging system.

Information Collected Automatically

• Device information: Device type, operating system, unique device identifiers, and app version.
• Location data: Kotse requests "When In Use" location permission only. With your permission, we use your device's GPS while the app is in the foreground to sort listings by distance and center the map. We do not track your location in the background. You can change or revoke this permission at any time in your device settings.
• Usage and analytics data: How you interact with the Service, including pages viewed, features used, booking and search outcomes, and error events. We use PostHog (US region) for product analytics. We do not use session replay and we do not share this data for cross-site or cross-app advertising.
• Diagnostic data: If the app crashes, we collect crash reports (stack traces, device model, OS version) through Firebase Crashlytics to diagnose and fix bugs.
• Push notification tokens: If you enable push notifications, we collect your device push token to deliver notifications.

Information from Third Parties

• Authentication providers: If you sign in with Apple or Google, we receive your name and email address from those services. Kotse does not currently support Facebook sign-in.
• Payment processor: Stripe provides us with limited payment information (e.g., last four digits of card number, payment status) to facilitate transactions. We do not store full credit card numbers.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service.
• Process bookings and payments.
• Verify your identity and prevent fraud.
• Send booking confirmations, reminders, and service-related notifications.
• Respond to your inquiries and provide customer support.
• Enforce our Terms of Service and protect the rights and safety of our users.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your information for targeted advertising.

3. How We Share Your Information

We may share your information in the following circumstances:

• Between Hosts and Guests: When a booking is confirmed, we share relevant information between the Host and Guest (e.g., Guest's name and license plate with the Host; Host's name and parking address with the Guest).
• Service providers: We share information with third-party providers that help us operate the Service, including:
  • Stripe and Stripe Connect, payment processing and host payouts (US)
  • Supabase, data storage, authentication, and real-time messaging infrastructure (US)
  • Resend, transactional email delivery (US)
  • Firebase (Google), SMS phone-number verification, push notification delivery, and crash reporting (Crashlytics) (US)
  • Expo, push notification delivery via Expo Push Service and over-the-air app updates (US)
  • PostHog, product analytics; no session replay, no cross-site tracking (US region)
  • Apple, Sign in with Apple authentication (iOS)
  • Google, Google Sign-In authentication, Google Maps, and Google Places (address autocomplete and geocoding)
  Each provider only receives the data needed to perform its function and is contractually required to protect it.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or government request.
• Safety and enforcement: We may share information to protect the rights, property, or safety of Kotse, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we mark it as deleted immediately and apply the following retention rules to the remaining data:

• Transaction records (bookings, payouts, refunds, invoices): retained for up to 7 years as required by tax and accounting laws.
• Profile data (name, email, phone, photo): deleted or anonymized on account deletion, subject to the other retention buckets below.
• Messages: retained for up to 18 months, or longer if tied to an active dispute, investigation, or legal hold.
• Reports and moderation records: retained for as long as needed to enforce our Terms and respond to repeat-offender patterns.
• Push notification tokens: retained until you delete the app, disable notifications, or we detect that a token has expired.
• Analytics and diagnostic data: retained per our providers' defaults (typically 7 years for PostHog events, 90 days for Crashlytics crash reports).

5. Data Security

We implement commercially reasonable security measures to protect your information, including encryption in transit (TLS/SSL), secure authentication, and access controls. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Security incident notification: If we discover a security incident that materially affects your personal information, we will notify you and applicable regulators within the timeframe required by law.

6. Your Rights and Choices

All Users

• Account information: You can update your name, email, phone number, and profile photo in the app settings.
• Location: You can disable location access in your device settings.
• Push notifications: You can manage notification preferences in the app and in your device settings.
• Email notifications: You can manage email preferences in the app under notification settings.
• Account deletion: You can request deletion of your account by contacting us at general@kotse.app.

U.S. State Privacy Rights

Depending on where you live, you may have additional rights under state privacy laws, including the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA). Subject to applicable exceptions, these rights include:

• Right to know / access: Request the categories and specific pieces of personal information we have collected about you.
• Right to correct: Request that we correct inaccurate personal information.
• Right to delete: Request deletion of your personal information.
• Right to portability: Request a copy of your personal information in a portable format.
• Right to opt out of sale / sharing: We do not sell your personal information, and we do not share it for cross-context behavioral advertising. If that ever changes, we will provide an opt-out mechanism.
• Right to limit use of sensitive information: We only use sensitive information (such as precise location) to provide the Service.
• Non-discrimination: We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at general@kotse.app. We will verify your identity before we respond and will reply within the timeframe required by applicable law (45 days in California; similar periods elsewhere, with one-time extensions where permitted). You may also designate an authorized agent to make requests on your behalf.

7. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

9. International Users

The Service is operated in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Effective Date." Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Kotse
Email: general@kotse.app