Privacy Policy

StorageFinder (storagefinder.co), operated by TruckPark Pty Ltd (ABN 55 695 402 423), Brisbane, Queensland, Australia ("we", "us", "our") operates an online marketplace that connects storage space hosts with vehicle and equipment owners seeking secure parking and storage in United Kingdom and internationally.

We are committed to protecting your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), as retained in UK law by the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018. We have implemented practices, procedures, and systems to ensure we manage your personal information in accordance with applicable law and this Privacy Policy.

This Privacy Policy explains how we collect, hold, use, and disclose your personal information when you use our website and services at storagefinder.co and associated domains.

By using StorageFinder, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described in this policy.

Under the UK GDPR, we are committed to collecting only the personal data that is necessary for the purposes described in this policy (data minimisation principle, Article 5(1)(c)). We process your personal data on the following lawful bases (Article 6): performance of a contract (providing our marketplace services to you), legitimate interests (improving the platform, preventing fraud, and maintaining security), legal obligation (tax, regulatory, and anti-money-laundering compliance), and consent (marketing communications, which you may withdraw at any time). We are required to identify you in order to provide our services, process payments, and maintain the integrity of our marketplace.

Under the UK GDPR, we process your personal data only for specified, explicit, and legitimate purposes. We collect your information for the following purposes:

• To create and manage your account
• To facilitate bookings between hosts and storers
• To process payments and payouts securely
• To verify user identity and prevent fraud
• To enable communication between users
• To provide customer support and resolve disputes
• To improve our services, including search relevance and user experience
• To send transactional notifications (booking confirmations, payment receipts, messages)
• To send marketing communications (only with your consent, and you can opt out at any time)
• To comply with legal obligations

Under the UK GDPR, we will only share your personal data where we have a lawful basis to do so (Article 6). We apply appropriate safeguards when sharing data with third parties.

We may disclose your personal information to:

• Other users: hosts see storer names, vehicle details, and booking dates; storers see host names and listing details
• Payment processors: Stripe, for processing payments, payouts, and identity verification
• Service providers: hosting providers, email services, analytics tools, and AI services that assist with platform functionality
• Law enforcement or regulators: where required by applicable law, by court order, or to protect the safety of our users

We will never sell your personal information to third parties for marketing purposes.

Some of your personal information may be disclosed to overseas recipients or processed outside United Kingdom:

• Stripe: payment data and identity verification documents may be processed in the United States. Stripe implements appropriate safeguards for international transfers from the UK, including the International Data Transfer Addendum to the EU Standard Contractual Clauses (UK Addendum) or the International Data Transfer Agreement (IDTA), as approved by the ICO.
• Supabase: our database and authentication infrastructure is hosted on AWS, primarily in the ap-southeast-2 (Sydney, Australia) region. Transfers of personal data from the UK to Australia are made subject to appropriate safeguards under the UK GDPR, including the International Data Transfer Agreement (IDTA) or International Data Transfer Addendum (UK Addendum), as Australia does not currently hold a UK adequacy decision.
• Google Gemini AI: listing description text (not personal information such as addresses, names, or contact details) may be processed by Google's AI services for generating and improving listing descriptions. Google processes this data in accordance with their Cloud Data Processing Addendum. Users can opt out by writing their listing descriptions manually.

We take reasonable steps to ensure that international recipients of your personal data apply protections consistent with UK GDPR requirements. Where required, we rely on the International Data Transfer Agreement (IDTA), the International Data Transfer Addendum to EU Standard Contractual Clauses (UK Addendum), or other transfer mechanisms approved by the ICO.

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up to date, complete, and relevant.

You can update your personal information at any time through your account settings. We encourage you to keep your details current to ensure smooth communication and accurate bookings.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with password hashing and optional multi-factor authentication
• Role-based access controls limiting internal access to personal information
• Regular security reviews and monitoring of our systems
• Payment card data handled exclusively by PCI-DSS compliant payment processor (Stripe)

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• Account data: retained for the life of the account plus 6 years (HMRC record-keeping requirements)
• Booking and payment records: as required by applicable tax law
• Messages: 3 years after booking completion
• Analytics data: 26 months

When personal information is no longer needed for any purpose for which it may be used or disclosed, and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify it.

Under the UK GDPR, we are required to notify the Information Commissioner's Office (ICO) of personal data breaches within 72 hours of becoming aware of them, where feasible, unless the breach is unlikely to result in a risk to individuals' rights and freedoms. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. We maintain a data breach response plan and will take all reasonable steps to contain and remediate any breach promptly.

Under the UK GDPR, you have the following data protection rights:

• Access: request a copy of the personal data we hold about you (Subject Access Request, Article 15). We will respond within one calendar month.
• Rectification: request correction of inaccurate or incomplete personal data (Article 16).
• Erasure: request deletion of your personal data where there is no compelling reason for us to continue processing it, also known as the 'right to be forgotten' (Article 17).
• Data portability: request a copy of your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract (Article 20).
• Restriction: request that we restrict processing of your personal data in certain circumstances, for example while a dispute is resolved (Article 18).
• Objection: object to our processing of your personal data where we rely on legitimate interests as our lawful basis (Article 21).

You can manage much of your information directly through your account settings. For formal requests, please contact us at hello@storagefinder.co.

We may refuse or limit your request in circumstances permitted under the UK GDPR, such as where fulfilling the request would adversely affect the rights of others or conflict with our legal obligations. We will provide written reasons if we decline.

If you believe we have mishandled your personal information, please contact our Privacy Officer at hello@storagefinder.co.

If you believe we have not handled your personal data in accordance with the UK GDPR or the Data Protection Act 2018, you may contact us first. We aim to resolve complaints promptly. If you are not satisfied, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We use cookies and similar tracking technologies to improve your experience on our platform. These include:

• Essential cookies: required for core functionality such as authentication, session management, and security
• Analytics cookies: help us understand how users interact with our platform so we can improve our services
• Preference cookies: remember your settings and preferences (such as search filters and location)

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent some features from functioning correctly.

Our marketing communications comply with the Privacy and Electronic Communications Regulations 2003 (PECR), which requires us to obtain your prior opt-in consent before sending you electronic direct marketing communications. We will only send commercial electronic messages with your consent. Every marketing email includes a functional unsubscribe link, and we will process unsubscribe requests promptly.

You can manage your email preferences at any time through your account settings at Settings > Notifications.

Our platform integrates with the following third-party services, each with their own privacy policies:

• Stripe: payment processing, payout management, and identity verification. Stripe's privacy policy is available at stripe.com/gb/privacy
• Google Maps Platform: map display, geocoding, and address autocomplete for displaying listing locations. Google's privacy policy is available at policies.google.com/privacy
• Google Gemini AI: used to assist with generating listing descriptions. Only listing text is submitted - personal information is not sent. Content submitted for AI processing is subject to Google's Privacy Policy
• Supabase: database hosting, authentication, and file storage. Supabase's privacy policy is available at supabase.com/privacy

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or platform features. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify registered users via email for significant changes
• Display a prominent notice on our platform when appropriate

Your continued use of StorageFinder after changes are published constitutes your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:

Privacy Officer
StorageFinder (storagefinder.co), operated by TruckPark Pty Ltd (ABN 55 695 402 423), Brisbane, Queensland, Australia
Email: hello@storagefinder.co