Loading

Privacy Policy

Version 2.0 — Effective June 1, 2026 Parada® by Parada Technologies, Inc.
Parada Technologies, Inc. ("Parada", "we", "us", or "our") respects your privacy and is committed to protecting your personal data in accordance with Republic Act No. 10173 (the Data Privacy Act of 2012, "DPA"), its Implementing Rules and Regulations (IRR), and issuances of the National Privacy Commission (NPC). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you have over it.

1. Introduction

This Privacy Policy applies to your access and use of the Parada website (www.parada.ph), the Parada mobile applications, and related services that link to or reference this Policy (collectively, the "Services").

By creating an account or otherwise using the Services, you confirm that you have read, understood, and agreed to this Privacy Policy. Where consent is the legal basis for processing, your continued use of the Services constitutes your informed and freely given consent to the processing described below, in accordance with Section 3(b) of the DPA.

Read this Policy together with our Terms & Conditions and Parking Space Agreement.

2. Scope & Roles

Under the DPA, Parada acts as a Personal Information Controller (PIC) for personal data collected directly through the Services for the purpose of operating the Parada platform.

Property and Building Management Offices (PMOs), homeowners' associations, building administrators, and authorized security personnel may also act as independent or joint Personal Information Controllers when processing your data under their own residency, parking, or building security policies.

Third-party processors that handle data on Parada's behalf (such as payment, hosting, and email) act as Personal Information Processors (PIPs) and are bound by written agreements to use your data only for the purposes Parada instructs and to apply appropriate safeguards.

3. Information We Collect

We collect personal data that is relevant, necessary, and proportionate to the purposes for which it is processed, consistent with Section 11 of the DPA.

3.1 Information You Provide Directly

  • Account information: full name, email address, mobile number, password (stored hashed), residency information (unit number, building, tower, tenant or unit-owner status, residency expiration dates), and account preferences.
  • Vehicle information: plate number, make, model, color, and vehicle type for the cars you register on your account.
  • Verification documents: images of valid government-issued IDs (front and back), tenant or resident IDs, lease contracts, deeds of sale or contracts to sell, proof of billing, parking-slot assignment records, authorization letters, and other documents used to verify residency and parking-space authority.
  • Parking-space details (Owners): location, garage, parking type and style, photos, access instructions, and rate information for spaces you list.
  • Booking and transaction information: booking records, payment confirmations from our payment partner, refund records, and related communications.
  • Communications: messages exchanged through the in-platform driver↔owner chat, support requests, support-ticket transcripts, and inquiries submitted via contact forms.
  • Reviews and feedback: ratings, written reviews, and survey responses you submit. Publicly displayed reviews may show your first name and last initial together with your role on the platform.
  • Marketing preferences: your opt-in or opt-out status for promotional communications.

3.2 Information Collected Automatically

  • Device and log data: IP address, browser type and version, device identifiers, operating system, time-zone setting, language, and pages or screens viewed.
  • Usage data: features accessed, searches performed, listings viewed, time spent in-app, and actions taken (e.g., bookings created, messages sent).
  • Approximate location: derived from IP for security and fraud-prevention. We do not collect precise GPS location unless you explicitly grant the permission on a mobile device.
  • Cookies and similar technologies: see Section 9 below.

3.3 Information from Third Parties

  • Authentication providers: when you choose to sign in using Google, Facebook, or Apple, we receive your name, email address, profile photo, and a stable user identifier from that provider. Apple users who select "Hide My Email" share only an Apple-issued relay address (e.g., [email protected]); we never see your real Apple ID email.
  • Payment partner: our payment processor (Xendit) shares transaction status, payment method type, and risk signals. Parada does not store full card numbers or CVVs.
  • Property / Building Management Offices: may provide confirmation details regarding residency, tenancy, and parking-space validation, as well as rejection remarks when applicable.
  • Public sources: publicly available registries used for verification, safety, and compliance, where applicable and lawful.
  • Other users: information provided through referrals, messages, reviews, or reports filed about you.

4. Lawful Bases for Processing

We process personal data only when at least one of the lawful bases in Sections 12 and 13 of the DPA applies:

Basis (DPA reference) When we rely on it
Contract
Sec. 12(b)		 To create your account, process bookings, deliver booking confirmations, and provide the core Parada platform you signed up for.
Legal obligation
Sec. 12(c)		 To comply with tax, accounting, anti-fraud, and consumer-protection laws, and to respond to lawful requests from authorities.
Consent
Sec. 12(a) / 13(a)		 For marketing communications, optional features (e.g., precise location), and any processing of sensitive personal information that is not otherwise permitted.
Legitimate interests
Sec. 12(f) 		To detect and prevent fraud, secure the platform, improve our Services through analytics, and pursue legitimate business interests, balanced against your rights and freedoms.
Vital interests / public order
Sec. 12(d) / 13(b)–(c) 		In rare cases — e.g., to protect a person's life, health, or safety, or to respond to a public-order emergency.

5. How We Use Your Data

  • Creating, managing, and authenticating user accounts.
  • Verifying residency, tenancy, and parking-space ownership or authority.
  • Facilitating parking searches, bookings, on-demand requests, extensions, cancellations, and payouts.
  • Coordinating with PMOs and authorized personnel for validation and enforcement of property rules.
  • Providing customer support, resolving disputes, and processing refunds.
  • Sending transactional notifications and service updates (booking confirmations, owner approvals, payment receipts, security alerts, etc.).
  • Sending marketing or promotional communications, only where you have given consent and only until you opt out.
  • Improving and developing platform functionality through analytics, A/B testing, and aggregated reporting.
  • Detecting and preventing fraud, abuse, account takeover, and other unauthorized activity.
  • Enforcing our Terms & Conditions and Parking Space Agreement.
  • Complying with applicable laws, regulations, court orders, and lawful government requests.

6. Sharing & Disclosure of Personal Data

We share personal data only with the following categories of recipients, and only to the extent reasonably necessary:

  • Other users of the platform. When you make a booking, the Owner receives your first name, vehicle details, schedule, and chat messages. When you list a space and accept a booking, the Driver receives your first name, parking-space details, and chat messages. Phone numbers are shared between the parties for the duration of an active booking to facilitate access and on-site coordination.
  • PMOs and building administrators for verification, access control, and enforcement of property and parking rules — but only the data reasonably necessary for those purposes.
  • Payment processors — Xendit and its acquiring partners — for collecting and disbursing payments, refunds, and chargebacks.
  • Infrastructure and service providers who process data on our behalf under written contract: cloud hosting (AWS), object storage (AWS S3), database hosting (MongoDB Atlas), email delivery (GoDaddy), authentication providers (Google, Facebook, Apple), AI-assisted support (Anthropic Claude), and analytics services.
  • Professional advisors such as auditors, lawyers, and accountants, under confidentiality obligations.
  • Affiliates within the Parada Technologies, Inc. group, for the purposes described in this Policy.
  • Government authorities, regulators, or law-enforcement agencies when required by law, regulation, court order, or lawful request — and to the extent reasonably necessary to respond.
  • Successors and acquirers in connection with a merger, acquisition, sale of assets, or business reorganization, under appropriate confidentiality obligations.

We do not sell or rent your personal data to third parties.

7. Resident & Parking-Space Verification

To ensure platform security, prevent misuse, and comply with property rules, Parada requires users to undergo a verification process before they can book or list parking spaces.

Verification requirements

  • Tenant or resident ID issued by the building or PMO.
  • Valid government-issued identification (e.g., Driver's License, Passport, UMID, PhilSys ID).
  • Proof of residency or authority — lease contract, tenancy agreement, deed of sale, contract to sell, or authorization letter from the registered owner.
  • Proof of billing (utility bill, association dues statement) where applicable.
  • Parking-slot assignment or ownership documents (for Owners).

Verification parties

  • Parada collects, reviews, and evaluates submitted information for platform eligibility and compliance.
  • PMOs, building administrators, or authorized security personnel may validate residency, tenancy status, parking-space ownership, or authorization in accordance with property rules.

Only data reasonably necessary for verification and operations is shared with PMOs. Failure to provide required documents may result in delayed approval, restricted access to certain features, or account suspension. Documents that are no longer needed are anonymized or securely deleted in accordance with Section 13.

8. International Data Transfers

Some of our infrastructure providers and authentication partners are based outside the Philippines (for example, in the United States, Singapore, and the European Union). When personal data is transferred outside the Philippines, Parada implements appropriate safeguards — including contractual data-protection clauses with the recipient — so that the data continues to enjoy a comparable level of protection consistent with NPC issuances.

Examples of cross-border processing currently relied on:

  • AWS (Singapore region) for cloud compute and object storage.
  • MongoDB Atlas (Asia-Pacific region) for database hosting.
  • Google, Facebook, and Apple as authentication identity providers.
  • Anthropic (United States) for AI-assisted chatbot support, with no training on your data.

9. Cookies & Tracking Technologies

Parada uses cookies and similar technologies to keep you signed in, remember your preferences, secure the platform against fraud, and measure how the Services are used.

  • Strictly necessary cookies — required for login sessions, CSRF protection, and shopping-cart state. These cannot be disabled without breaking core functionality.
  • Functional cookies — remember non-essential preferences such as recent searches and language.
  • Analytics cookies — help us understand aggregate usage. We do not use these to build advertising profiles.

You can clear or block cookies through your browser settings; doing so may degrade your experience or sign you out of the platform. Parada does not currently use third-party advertising cookies.

10. Automated Processing

Parada uses automated systems for limited purposes such as fraud screening, listing recommendations, search relevance, and AI-assisted customer-support replies through our chatbot. These do not produce legal effects on you or significantly affect you in a similar way without a human in the loop — final decisions about account approval, booking declines, or refunds are reviewed by Parada staff or the relevant counterpart (PMO, Owner, or Driver).

You may contact Parada at any time to request human review of an automated outcome that affects you, as provided under NPC Advisory Opinions interpreting Sections 16 and 34 of the DPA.

11. Children's Privacy

Parada is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children, and identity verification (KYC) requires a valid government-issued ID that confirms age of majority.

If you are a parent or legal guardian and believe your child has created a Parada account or otherwise provided personal data to us, email our Data Protection Officer immediately at [email protected]. Please include in your message:

  • The child's email address or any Parada user ID (e.g., DR-####) you can identify;
  • Proof of your parental or guardian relationship (a brief statement is sufficient at first contact — we will follow up only if further verification is required);
  • Whether you want the account suspended, the data deleted, or both.

Upon a credible parent/guardian request, we will suspend the account within 24 hours and complete deletion of the personal data within the timelines set out in Section 15 and the data-retention schedule in Section 13. Records of the deletion request itself will be retained to evidence our compliance with the DPA.

12. Sensitive Personal Information

Under Section 3(l) of the DPA, certain categories of personal information — such as government-issued ID numbers, marital status, age, religion, health, and similar — are classified as sensitive personal information. Parada collects sensitive personal information only where strictly necessary for verification, compliance, or platform safety, and processes it under one of the lawful bases in Section 13 of the DPA (typically your consent given during sign-up and document upload).

Sensitive personal information is subject to heightened safeguards including encryption at rest, restricted access on a need-to-know basis, and additional audit logging.

13. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, or protect our legitimate interests. Indicative retention periods are:

Category Retention period
Active account data For the life of the account, plus 3 years after closure (or longer where required by tax / accounting laws).
Booking and payment records 10 years from the date of the transaction, in line with the Bureau of Internal Revenue's record-keeping rules under RR 17-2013, as amended.
Verification documents (IDs, lease, proof of billing) Up to 5 years after account closure, unless an active investigation, dispute, or legal claim requires longer retention.
In-platform chat messages Encrypted in storage. Sessions auto-close 24 hours after a booking ends; transcripts retained for up to 12 months for dispute resolution, then deleted.
Marketing-consent records For the duration of your opt-in, plus 2 years after opt-out to evidence compliance.
Server and security logs Up to 12 months, then aggregated or deleted.

When retention is no longer justified, data is securely deleted or anonymized so that it can no longer be linked to an identifiable individual.

14. Data Security

Parada implements reasonable and appropriate organizational, physical, and technical security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with NPC Circular 16-01 (Security of Personal Data in Government Agencies) as adapted for the private sector, and industry standards.

  • Encryption of personal data in transit (TLS 1.2 or higher) and at rest (server-side encryption on storage; AES-256-GCM for chat messages).
  • Role-based access controls and the principle of least privilege.
  • Multi-factor authentication for administrator accounts and CSRF protection on session-based requests.
  • Rate limiting, brute-force protections, and bot detection on authentication endpoints.
  • Regular vulnerability monitoring, dependency updates, and security reviews.
  • Vendor due-diligence for third-party processors who handle personal data on our behalf.

Despite our safeguards, no system is impenetrable. If you suspect that your account has been accessed without authorization, please contact [email protected] immediately.

15. Data-Breach Notification

In the unlikely event of a personal-data breach that is likely to give rise to a real risk of serious harm to affected data subjects, Parada will:

  1. Notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03 (Personal Data Breach Management).
  2. Notify affected data subjects without unreasonable delay, with information on the nature of the breach, the data involved, mitigation measures, and steps the affected user can take to protect themselves.
  3. Investigate, contain, and remediate the breach; document findings; and improve safeguards to prevent recurrence.

16. Your Rights as a Data Subject

Under Sections 16 to 18 of the DPA, you have the following rights with respect to your personal data:

  • Right to be informed about the collection and processing of your personal data — fulfilled in part by this Policy.
  • Right to access the personal data we hold about you and obtain a copy in a reasonable format.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to object to processing, including for direct-marketing purposes.
  • Right to erasure or blocking of data that is incomplete, outdated, false, unlawfully obtained, or no longer necessary for the purposes for which it was collected, subject to legal retention exceptions.
  • Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmit it to another service.
  • Right to damages for inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
  • Right to file a complaint with the National Privacy Commission (see Section 18 below).

To exercise these rights, log in to your account dashboard or email [email protected]. We may need to verify your identity before processing the request. We will respond within a reasonable period and, in any case, no later than the timelines required by the DPA and NPC issuances.

17. Data Protection Officer

Parada has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the DPA, NPC issuances, and this Policy. The DPO is your point of contact for any privacy-related concerns or requests.

  • Email: [email protected]
  • Postal address: Sheridan Towers North, Sheridan Street, Mandaluyong City, 1550, Philippines

18. Complaints to the National Privacy Commission

If you believe your data-privacy rights have been violated and you are not satisfied with Parada's response, you may file a complaint with the National Privacy Commission:

We encourage you to reach out to our DPO first so we have the opportunity to resolve your concern directly.

19. Updates to this Policy

Parada may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material updates will be communicated through reasonable means, such as a notice on the Services or an email to your registered address. The version effective at the time of your interaction governs that interaction.

Tip: The current version and effective date are shown at the top of this page. Where a previous version of this Policy applied to data collected before a change, that earlier version continues to govern that historical collection unless the change is required by law.

20. Contact Information

Questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data?

  • General support: [email protected]
  • Data Protection Officer: [email protected]
  • Business address: Parada Technologies, Inc., Sheridan Towers North, Sheridan Street, Mandaluyong City, 1550, Philippines
  • Telephone: +63 (02) 7273 1125

This Privacy Policy is governed by the laws of the Republic of the Philippines, particularly the Data Privacy Act of 2012 (RA 10173), the Electronic Commerce Act (RA 8792), the Cybercrime Prevention Act of 2012 (RA 10175), and the Consumer Act of the Philippines (RA 7394), together with their respective implementing rules and regulations.