Last updated: 30 June 2026
Privacy Policy
This Privacy Policy explains how Drivestay collects, uses, and protects your personal data when you use our website and platform at drivestay.eu (the “Platform”). We handle your data in accordance with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”).
1. Who we are
The controller responsible for your personal data is:
Zsolt Stelkovics, trading as Drivestay
The Netherlands
KVK: 42074309
For any privacy-related question or to exercise your rights, contact us at info@drivestay.eu.
2. What this policy covers
Drivestay is a marketplace that connects travellers seeking overnight parking with private hosts offering driveway or parking space. This policy applies to everyone who uses the Platform — whether you are browsing, booking a spot as a guest, listing a spot as a host, or simply joining our waitlist.
3. What data we collect, and when
We collect personal data in stages, and we only ask for what each stage actually requires.
Stage 1 — Joining the waitlist or booking a spot. When you join our waitlist or book a spot as a guest, we collect your name and email address.
Stage 2 — Listing a spot as a host. If you choose to list a parking spot, we additionally collect the address and details of the spot, and any description, photos, or availability information you provide.
Stage 3 — Receiving payments. If you list a spot and wish to receive payments, our payment provider Stripe collects the information required to verify your identity and pay you out, which may include:
- Bank or payout account details
- Identity verification information (for example, a copy of an identity document)
- Your date of birth and address
This identity and payout information is collected and processed directly by Stripe as part of their verification (“Know Your Customer”) and payment services. We receive confirmation of your verification status and the information needed to operate the booking, but we do not store your full identity documents ourselves.
Information collected automatically. When you use the Platform, we (and our processors) automatically collect certain technical data, such as your IP address, browser type, device information, and pages visited. Analytics data is only collected after you give consent through our cookie banner — see Section 8.
4. Why we use your data, and our legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Operating your account and the waitlist | Performance of a contract / steps prior to a contract |
| Processing bookings between guests and hosts | Performance of a contract |
| Verifying host identity and paying out hosts | Performance of a contract; legal obligation |
| Communicating with you about bookings or listings | Performance of a contract |
| Keeping the Platform secure and preventing fraud | Our legitimate interest in a safe platform |
| Analytics and improving the Platform | Your consent |
| Sending you optional updates or marketing | Your consent |
We do not currently collect tax identification numbers or BSN, as we have no legal obligation requiring us to do so. Should this change, we will update this policy and inform affected users before collecting any such data.
5. Who we share your data with
We share personal data only with the service providers (“processors”) we rely on to run the Platform, and only as far as needed. These currently include:
- Stripe — payment processing, host payouts, and identity verification
- Supabase — database, account authentication, and file/photo storage
- Resend — transactional and service emails
- Vercel — website hosting and infrastructure
- Mapbox — interactive maps and location search
- Google (Maps / Street View) — map imagery and optional Street View photos of a listing
- Google Analytics — website analytics (consent-based only)
- GoDaddy — domain and DNS services
Where a processor transfers data outside the European Economic Area (for example, to the United States), that transfer is covered by appropriate safeguards such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses.
When you make a booking, the guest and host receive the information about each other that is necessary to complete and carry out the stay (such as a name and the relevant spot details). We do not sell your personal data to anyone. We may also disclose personal data where we are legally required to do so, or to protect our legal rights.
6. How long we keep your data
We keep your personal data for as long as your account is active or as needed to provide the Platform to you. After that, we retain data only as long as necessary for the purposes described in this policy or to meet legal, accounting, or reporting obligations. Payment and transaction records are kept for the period required by Dutch tax law (currently seven years).
If you ask us to delete your account, we will delete or anonymise your data except where we are required to retain it.
7. Your rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict or object to our processing
- Data portability receive your data in a portable format
- Withdraw consent at any time, where we rely on consent
To exercise any of these rights, email info@drivestay.eu. We will respond within one month.
You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl
8. Cookies and analytics
We use cookies and similar technologies to operate the Platform and, with your consent, to understand how it is used.
Essential cookies are necessary for the Platform to function and do not require consent.
Analytics cookies (Google Analytics) are only placed after you accept them through our cookie banner.
You can change or withdraw your cookie preferences at any time by clicking “Cookie settings” in the footer of our website, which re-opens the cookie banner.
9. Data security
We take appropriate technical and organisational measures to protect your personal data against loss, misuse, and unauthorised access. Sensitive payment and identity data is handled by Stripe under their own security standards (PCI-DSS), and we do not store full card or identity-document details on our own systems.
10. Children
The Platform is not intended for anyone under the age of 18, and we do not knowingly collect personal data from minors.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you directly.
12. Contact
For any question about this policy or your personal data:
Drivestay
info@drivestay.eu
This policy is written in plain English on purpose. If anything is unclear, just email us.