Privacy Policy
Last updated: March 2026
1. Information We Collect
When you create an account, list physical capacity as a provider, or integrate with the reservation API as an operator, we collect information you provide directly: name, email address, phone number, site or property address, payment details (processed by Stripe), and vehicle or fleet identifiers. We also collect usage data such as reservation history, session timestamps, GPS coordinates for anti-spoofing check-in verification, and device/browser information.
2. How We Use Your Information
We use your information to operate the XoomPark platform: enabling providers to list and manage physical capacity, enabling operators to discover, reserve, and occupy that capacity via the reservation API, processing time and energy-metered billing, verifying GPS-based arrivals and departures, sending reservation confirmations and usage record notifications, and improving our infrastructure. We do not sell your personal information to third parties.
3. Data Sharing
We share limited information with: payment processors (Stripe) to facilitate provider payouts and operator billing, insurance providers to process claims, and operators/providers as needed to fulfill reservations (e.g., resource location, access instructions). Provider pricing data and operator reservation data are tenant-isolated — neither side can see the other's data beyond what is necessary to fulfill a session. We may also disclose information when required by law or to protect the safety of our users and platform.
4. Location Data
XoomPark uses GPS and geofencing to run anti-spoofing check-in verification — confirming that a vehicle's reported location matches the reserved resource before opening a usage record. Location data is collected only during active sessions and is used for billing accuracy, insurance verification, and platform security. Provider site addresses are stored to enable operators to discover and search for nearby resources.
5. Data Security
We use industry-standard encryption (TLS in transit, AES-256 at rest) to protect your data. Access to personal information is restricted to authorized personnel. API credentials are transmitted over HTTPS and OAuth 2.0 tokens expire automatically.
6. Data Retention
We retain account information for as long as your account is active. Booking and session records are retained for 7 years for tax, insurance, and legal compliance. You may request deletion of your account and personal data by contacting support.
7. Your Rights
You have the right to access, correct, or delete your personal information. You can update your profile from your dashboard or contact us at privacy@xoompark.com. California residents have additional rights under the CCPA, including the right to opt out of data sales (we do not sell data).
8. Cookies
We use essential cookies for authentication and session management. We use analytics cookies to understand how users interact with our platform. You can manage cookie preferences in your browser settings.
9. Changes to This Policy
We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of XoomPark after changes constitutes acceptance of the updated policy.
10. Contact
For privacy-related questions, contact us at privacy@xoompark.com.