Privacy Policy

StorageFinder (storagefinder.co), operated by TruckPark Pty Ltd (ABN 55 695 402 423), Brisbane, Queensland, Australia ("we", "us", "our") operates an online marketplace that connects storage space hosts with vehicle and equipment owners seeking secure parking and storage in South Africa and internationally.

We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). We have implemented practices, procedures, and systems to ensure we manage your personal information in accordance with applicable law and this Privacy Policy.

This Privacy Policy explains how we collect, hold, use, and disclose your personal information when you use our website and services at storagefinder.co and associated domains.

By using StorageFinder, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described in this policy.

Under POPIA, we process personal information only in accordance with the 8 conditions for lawful processing (sections 8–25 of POPIA). We are committed to collecting only personal information that is adequate, relevant, and not excessive for the purposes described in this policy (section 10 - Processing Limitation). We are required to identify you in order to provide our services, process payments, verify your identity, and maintain the integrity of our marketplace. Anonymous use of our services is not practicable.

Under POPIA, we collect personal information only for a specific, explicitly defined, and lawful purpose related to our functions as a marketplace (POPIA sections 13 and 14). We collect your information for the following purposes:

• To create and manage your account
• To facilitate bookings between hosts and storers
• To process payments and payouts securely
• To verify user identity and prevent fraud
• To enable communication between users
• To provide customer support and resolve disputes
• To improve our services, including search relevance and user experience
• To send transactional notifications (booking confirmations, payment receipts, messages)
• To send marketing communications (only with your consent, and you can opt out at any time)
• To comply with legal obligations

Under POPIA, we may only process personal information where a lawful basis applies (section 11). We will only use or share your personal information as set out below:

We may disclose your personal information to:

• Other users: hosts see storer names, vehicle details, and booking dates; storers see host names and listing details
• Payment processors: Stripe, for processing payments, payouts, and identity verification
• Service providers: hosting providers, email services, analytics tools, and AI services that assist with platform functionality
• Law enforcement or regulators: where required by applicable law, by court order, or to protect the safety of our users

We will never sell your personal information to third parties for marketing purposes.

Some of your personal information may be disclosed to overseas recipients or processed outside South Africa:

• Stripe: payment data and identity verification documents may be processed in the United States and other countries where Stripe operates. Stripe maintains privacy practices that we believe are consistent with the requirements of POPIA section 72
• Supabase: our database and authentication infrastructure is hosted on AWS, primarily in the ap-southeast-2 (Sydney, Australia) region. Transfers of personal information outside South Africa are made subject to the conditions in POPIA section 72, including ensuring that the recipient is subject to a law, binding corporate rules, or binding agreement providing adequate protection.
• Google Gemini AI: listing description text (not personal information such as addresses, names, or contact details) may be processed by Google's AI services for generating and improving listing descriptions. Google processes this data in accordance with their Cloud Data Processing Addendum. Users can opt out by writing their listing descriptions manually.

We take reasonable steps to ensure that all recipients of your personal information outside South Africa apply protections consistent with POPIA's requirements. By using our services, you acknowledge that your personal information may be transferred internationally as described above.

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up to date, complete, and relevant.

You can update your personal information at any time through your account settings. We encourage you to keep your details current to ensure smooth communication and accurate bookings.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with password hashing and optional multi-factor authentication
• Role-based access controls limiting internal access to personal information
• Regular security reviews and monitoring of our systems
• Payment card data handled exclusively by PCI-DSS compliant payment processor (Stripe)

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• Account data: retained for the life of the account plus 5 years (South African Revenue Service record-keeping requirements under the Tax Administration Act 28 of 2011)
• Booking and payment records: as required by applicable tax law
• Messages: 3 years after booking completion
• Analytics data: 26 months

When personal information is no longer needed for any purpose for which it may be used or disclosed, and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify it.

Under POPIA, where there are reasonable grounds to believe that a security compromise involving personal information has occurred, we are required to notify the Information Regulator and affected data subjects as soon as reasonably possible (and in practice within 72 hours of discovery, in line with the Information Regulator's guidance). We maintain an internal data breach response plan and will take all reasonable steps to contain and remediate any compromise promptly.

Under POPIA, you have the following rights as a data subject:

• Access: request confirmation of whether we hold personal information about you and request access to that information. Formal requests may be made in terms of the Promotion of Access to Information Act 2 of 2000 (PAIA). We will respond within 30 days (extendable by a further 30 days in prescribed circumstances).
• Correction or deletion: request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully (POPIA section 24).
• Objection: object, on reasonable grounds, to our processing of your personal information in certain circumstances (POPIA section 11(3)).
• Complaints: lodge a complaint with the Information Regulator if you believe we have interfered with the protection of your personal information (POPIA section 74).

You can manage much of your information directly through your account settings. For formal requests, please contact us at hello@storagefinder.co.

We may decline to grant access to personal information in circumstances permitted under PAIA and POPIA, such as where providing access would involve the unreasonable disclosure of personal information about a third party. We will provide written reasons if we decline.

If you believe we have mishandled your personal information, please contact our Privacy Officer at hello@storagefinder.co.

If you believe we have interfered with the protection of your personal information or breached POPIA, please contact us first. We aim to resolve complaints within 30 days. If you are not satisfied with our response, you may lodge a complaint with the South African supervisory authority:

Information Regulator (South Africa)
Website: www.inforegulator.org.za

We use cookies and similar tracking technologies to improve your experience on our platform. These include:

• Essential cookies: required for core functionality such as authentication, session management, and security
• Analytics cookies: help us understand how users interact with our platform so we can improve our services
• Preference cookies: remember your settings and preferences (such as search filters and location)

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent some features from functioning correctly.

Our marketing communications comply with the POPIA section 69 (direct marketing by electronic communications) and the Electronic Communications and Transactions Act 25 of 2002 (ECTA). We will only send commercial electronic messages with your consent. Every marketing email includes a functional unsubscribe link, and we will process unsubscribe requests promptly.

You can manage your email preferences at any time through your account settings at Settings > Notifications.

Our platform integrates with the following third-party services, each with their own privacy policies:

• Stripe: payment processing, payout management, and identity verification. Stripe's privacy policy is available at stripe.com/privacy
• Google Maps Platform: map display, geocoding, and address autocomplete for displaying listing locations. Google's privacy policy is available at policies.google.com/privacy
• Google Gemini AI: used to assist with generating listing descriptions. Only listing text is submitted - personal information is not sent. Content submitted for AI processing is subject to Google's Privacy Policy
• Supabase: database hosting, authentication, and file storage. Supabase's privacy policy is available at supabase.com/privacy

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or platform features. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify registered users via email for significant changes
• Display a prominent notice on our platform when appropriate

Your continued use of StorageFinder after changes are published constitutes your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:

Privacy Officer
StorageFinder (storagefinder.co), operated by TruckPark Pty Ltd (ABN 55 695 402 423), Brisbane, Queensland, Australia
Email: hello@storagefinder.co