Upostu
Privacy policy
Information on how we process your personal data when you use Upostu.
Last updated: 31 maggio 2026
1. Data Controller
The data controller is Upostu (hereinafter "Upostu", "we"), a platform for smart sharing of parking spaces and geolocated urban services, available at upostu.it.
For any privacy-related request, you may contact us at privacy@upostu.it.
2. What Data We Collect
Depending on how you use Upostu, we may process the following categories of data:
- Account data: first name, last name or display name, email address, provider identifier (Google or Facebook), user role.
- Social login data: if you sign in with Google or Facebook, we receive from the provider the information you authorize (typically name, email, and where available, profile picture). We do not receive your social account password.
- Usage data: map interactions, bookings, published listings, booking-related messages, notification preferences.
- Location data: GPS coordinates when you use features requiring geolocation (for example, parking search and map presence updates).
- Technical data: IP address, device type, operating system, security and diagnostic logs.
3. Why We Use Your Data
We process personal data for the following purposes:
- to create and manage your Upostu account;
- to enable secure sign-in via Google or Facebook;
- to provide map, parking, booking, and notification services;
- to ensure platform security, abuse prevention, and proper operation;
- to comply with legal obligations and respond to authority requests.
The legal bases include contract performance (service provision), consent (where required, for example for specific notifications or optional features), and the controller's legitimate interest (security and service improvement).
4. Sign-In with Google and Facebook
If you choose "Sign in with Google" or "Sign in with Facebook", authentication is handled directly by the selected provider. Upostu receives only the data made available by that provider based on the permissions you granted.
Please also review the privacy policies of Google and Meta (Facebook).
5. Who We Share Data With
We do not sell your personal data. We may share data only with technical service providers that support service delivery (hosting, maps, push notifications, essential analytics), always under confidentiality obligations and, where required, as data processors.
Data may also be disclosed to public authorities when required by law.
6. Data Retention
We retain data for as long as necessary to provide the service and comply with legal obligations. If you delete your account, we will delete or anonymize data within a reasonable timeframe, except where retention is required by applicable law.
7. Your Rights
As a data subject, you may exercise rights under EU Regulation 2016/679 (GDPR), including access, rectification, erasure, restriction, objection, and data portability, where applicable.
To request deletion of your data, please visit the Data Deletion page. You also have the right to lodge a complaint with the competent data protection authority.
8. Security
We adopt appropriate technical and organizational measures to protect data against unauthorized access, loss, or misuse. However, no system is entirely risk-free: please protect your account credentials and promptly report any anomalies.
9. Changes to This Policy
We may update this policy periodically. If significant changes are made, we will notify users through appropriate channels (for example, in-app notice or email). The latest version will always be available on this page.