Last updated: 30 June 2026

Privacy Policy

This Privacy Policy explains how Drivestay collects, uses, and protects your personal data when you use our website and platform at drivestay.eu (the “Platform”). We handle your data in accordance with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”).

1. Who we are

The controller responsible for your personal data is:

Zsolt Stelkovics, trading as Drivestay
The Netherlands
KVK: 42074309

For any privacy-related question or to exercise your rights, contact us at info@drivestay.eu.

2. What this policy covers

Drivestay is a marketplace that connects travellers seeking overnight parking with private hosts offering driveway or parking space. This policy applies to everyone who uses the Platform — whether you are browsing, booking a spot as a guest, listing a spot as a host, or simply joining our waitlist.

3. What data we collect, and when

We collect personal data in stages, and we only ask for what each stage actually requires.

Stage 1 — Joining the waitlist or booking a spot. When you join our waitlist or book a spot as a guest, we collect your name and email address.

Stage 2 — Listing a spot as a host. If you choose to list a parking spot, we additionally collect the address and details of the spot, and any description, photos, or availability information you provide.

Stage 3 — Receiving payments. If you list a spot and wish to receive payments, our payment provider Stripe collects the information required to verify your identity and pay you out, which may include:

  • Bank or payout account details
  • Identity verification information (for example, a copy of an identity document)
  • Your date of birth and address

This identity and payout information is collected and processed directly by Stripe as part of their verification (“Know Your Customer”) and payment services. We receive confirmation of your verification status and the information needed to operate the booking, but we do not store your full identity documents ourselves.

Information collected automatically. When you use the Platform, we (and our processors) automatically collect certain technical data, such as your IP address, browser type, device information, and pages visited. Analytics data is only collected after you give consent through our cookie banner — see Section 8.

4. Why we use your data, and our legal basis

PurposeLegal basis (GDPR Art. 6)
Operating your account and the waitlistPerformance of a contract / steps prior to a contract
Processing bookings between guests and hostsPerformance of a contract
Verifying host identity and paying out hostsPerformance of a contract; legal obligation
Communicating with you about bookings or listingsPerformance of a contract
Keeping the Platform secure and preventing fraudOur legitimate interest in a safe platform
Analytics and improving the PlatformYour consent
Sending you optional updates or marketingYour consent

We do not currently collect tax identification numbers or BSN, as we have no legal obligation requiring us to do so. Should this change, we will update this policy and inform affected users before collecting any such data.

5. Who we share your data with

We share personal data only with the service providers (“processors”) we rely on to run the Platform, and only as far as needed. These currently include:

  • Stripe — payment processing, host payouts, and identity verification
  • Supabase — database, account authentication, and file/photo storage
  • Resend — transactional and service emails
  • Vercel — website hosting and infrastructure
  • Mapbox — interactive maps and location search
  • Google (Maps / Street View) — map imagery and optional Street View photos of a listing
  • Google Analytics — website analytics (consent-based only)
  • GoDaddy — domain and DNS services

Where a processor transfers data outside the European Economic Area (for example, to the United States), that transfer is covered by appropriate safeguards such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses.

When you make a booking, the guest and host receive the information about each other that is necessary to complete and carry out the stay (such as a name and the relevant spot details). We do not sell your personal data to anyone. We may also disclose personal data where we are legally required to do so, or to protect our legal rights.

6. How long we keep your data

We keep your personal data for as long as your account is active or as needed to provide the Platform to you. After that, we retain data only as long as necessary for the purposes described in this policy or to meet legal, accounting, or reporting obligations. Payment and transaction records are kept for the period required by Dutch tax law (currently seven years).

If you ask us to delete your account, we will delete or anonymise your data except where we are required to retain it.

7. Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to our processing
  • Data portability receive your data in a portable format
  • Withdraw consent at any time, where we rely on consent

To exercise any of these rights, email info@drivestay.eu. We will respond within one month.

You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens autoriteitpersoonsgegevens.nl

8. Cookies and analytics

We use cookies and similar technologies to operate the Platform and, with your consent, to understand how it is used.

Essential cookies are necessary for the Platform to function and do not require consent.

Analytics cookies (Google Analytics) are only placed after you accept them through our cookie banner.

You can change or withdraw your cookie preferences at any time by clicking “Cookie settings” in the footer of our website, which re-opens the cookie banner.

9. Data security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, and unauthorised access. Sensitive payment and identity data is handled by Stripe under their own security standards (PCI-DSS), and we do not store full card or identity-document details on our own systems.

10. Children

The Platform is not intended for anyone under the age of 18, and we do not knowingly collect personal data from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you directly.

12. Contact

For any question about this policy or your personal data:

Drivestay
info@drivestay.eu

This policy is written in plain English on purpose. If anything is unclear, just email us.

We use Google Analytics to improve our website. No ads, no selling your data. Privacy Policy