Back

Privacy Policy

Effective date: 1 June 2025  ·  Last updated: 1 June 2025

This policy explains how Kerbie collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Kerbie is operated by Razart Hasaj, trading as Kerbie, a sole trader based in the United Kingdom.

ICO Registration Number: ZC164069

For all data protection enquiries, contact us at: privacy@kerbie.app

2. Minimum Age Requirement

Kerbie is a parking management app intended for drivers. You must be at least 17 years of age to create an account and use this service, in line with the UK minimum driving age.

We do not knowingly collect personal data from individuals under 17. If we become aware that a user is under 17, we will delete their account and all associated data without delay.

In compliance with the UK Children's Code (Age Appropriate Design Code), we apply privacy-by-default settings for all users and do not use personal data for profiling or targeted advertising.

3. What Personal Data We Collect

Account data:

  • Email address
  • Hashed password (we never store your password in plain text)

Location data:

  • Your current location (used to find nearby parking)
  • Destination coordinates (used to calculate parking routes)
  • Parking session coordinates

Parking session data:

  • Location name, start and end times, duration
  • Session history

Sign scan images:

  • Photos of parking signs you upload for AI analysis
  • AI-generated interpretation of the sign

Payment data:

  • Payment details are processed securely by Stripe. We do not store your card details.

Enforcement reports:

  • Location and description of warden activity you report

Feedback:

  • Star ratings, category, and message content submitted via our feedback form

Device data:

  • Push notification token (FCM), used to send parking expiry alerts to your device

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

  • Contract (Article 6(1)(b)): Processing necessary to provide the Kerbie service, including account creation, parking sessions, and sign scanning.
  • Legitimate interests (Article 6(1)(f)): Improving our service, detecting fraud, and ensuring platform security.
  • Consent (Article 6(1)(a)): Push notifications — you may withdraw consent at any time via your device settings.
  • Legal obligation (Article 6(1)(c)): Compliance with applicable UK laws and regulatory requirements.

5. How We Use Your Data

  • To create and manage your Kerbie account
  • To provide parking session management and expiry alerts
  • To analyse parking sign images using AI
  • To process your Premium subscription payments via Stripe
  • To generate PCN appeal letters (Premium feature)
  • To display nearby parking enforcement activity
  • To respond to your feedback and improve the service
  • To send transactional emails (password resets, receipts)
  • To comply with legal obligations

6. AI Processing Disclosure

When you scan a parking sign, the image is sent to Anthropic (Claude AI) and/or Google Cloud Vision for analysis. This processing occurs in real time.

Images are used solely for the purpose of interpreting the parking sign and are not used to train AI models. Images are not stored by Kerbie beyond the session in which they are uploaded, unless you have an active parking session associated with the scan.

By using the sign scanner, you consent to your image being processed by these third-party AI services. You may choose not to use this feature if you do not consent.

7. Location Data

Location data is considered sensitive personal data and is handled with care. We collect your location only when you actively use features that require it (e.g., finding parking or starting a session).

Location data from parking sessions is retained for 12 months and then automatically deleted.

We do not sell or share your location data with advertisers or data brokers.

8. Who We Share Your Data With

We share your data only with the third-party service providers necessary to operate Kerbie:

ProviderPurposeCountrySafeguard
StripePayment processingUSA / EEASCCs + Adequacy
AnthropicAI sign analysisUSAStandard Contractual Clauses
Google CloudImage analysisUSA / EEASCCs + Adequacy
RailwayServer hosting & databaseUSAStandard Contractual Clauses
VercelFrontend hostingUSAStandard Contractual Clauses
ResendTransactional email deliveryUSAStandard Contractual Clauses
Firebase (Google)Push notificationsUSA / EEASCCs + Adequacy

We do not sell your personal data to any third party.

9. International Data Transfers

Some of our service providers are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, or transfers to countries with an adequacy decision.

10. Data Retention

Data TypeRetention Period
Account dataUntil account deletion
Parking sessions12 months from session end
Sign scan imagesSession duration only (not stored long-term)
Payment records7 years (UK legal requirement)
Feedback2 years
Enforcement reports30 days
Password reset tokens1 hour from generation

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data ("right to be forgotten")
  • Right to restriction — ask us to limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — for any processing based on consent (e.g. push notifications)

To exercise any of these rights, contact us at privacy@kerbie.app. We will respond within 30 days.

You can also delete your account directly in the app via Profile → Delete Account, which removes all your personal data immediately.

12. Cookies & Tracking

Kerbie uses only technically necessary session tokens stored in your browser's local storage to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

Push notifications require explicit consent from your device operating system and can be withdrawn at any time via your device settings.

13. Data Security

We take the security of your personal data seriously:

  • All data is encrypted in transit using TLS (HTTPS)
  • Passwords are hashed using bcrypt with a cost factor of 12
  • Database access is restricted to authorised services only
  • Authentication uses signed JWT tokens with a 7-day expiry
  • Our infrastructure is hosted on Railway with regular security updates

If you believe your account has been compromised, contact us immediately at privacy@kerbie.app.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and, where changes are significant, notify you by email.

Your continued use of Kerbie after any changes constitutes your acceptance of the updated policy.

15. How to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK's data protection regulator:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at privacy@kerbie.app.

© 2026 Razart Hasaj trading as Kerbie. All rights reserved.

Questions? privacy@kerbie.app