Privacy Policy
About Us and What We Do
KaiVis SA ("KaiVis", "we", "us", "our") provides navigation services, recommendations for points of interest and, more generally, ideas on what to do, information on/recommendations for parking spaces through the kaivis.com website and the KaiVis mobile application (together, the "Services").
When you use our Services, you entrust us with your personal data. We take this responsibility seriously and are committed to protecting your data and giving you full control over it.
What You Will Find in This Policy
This policy explains in a clear and transparent manner:
- What personal data we collect and why
- How we use and protect it
- Who we share it with (and what we do NOT share)
- How long we keep it
- What your rights are and how to exercise them
Age Requirements
Acceptance of the Rules
By using the Services, you agree to:
- This Privacy Policy
- The Terms and Conditions of Use
- The Copyright Policy (if applicable)
If you do not agree to these rules, please do not use the Services.
Key Definitions
To make this policy clearer, we use the following terms:
"Personal Data"
Any information that identifies you or can identify you directly or indirectly, including:
- Identification data you provide us with: first name, last name, gender, e-mail address, telephone number, physical address.
- Usage data: location, browsing paths, interactions with points of interest and navigation, preferences and settings
- Technical data: data necessary for account authentication/identification, IP address, browsing/usage data
- Billing data: payment methods, transaction history
"Processing"
Any operation on your data: collection, recording, storage, use, sharing, deletion.
"Local partners"
Bars, restaurants, shops and other commercial activities or local entities where/in whose areas of competence you use our Services
"Aggregated data"
Statistical information that does not allow you to be identified (e.g. "50 total visits this month", "average user age: 28 years", "visits by those who selected preference").
Your Rights at a Glance
You have full control over your data. You can at any time:
Your rights
How to exercise your rights:
- By e-mail: support@kaivis.com (response within 30 days)
Our Privacy Promise
No selling
We do not sell your personal data to third parties for commercial or advertising purposes.
Minimal collection
We only collect data that is necessary to provide you with the service you have requested.
Strong protection
We protect your data with appropriate technical and organisational security measures.
Aggregated sharing only
We may only share aggregated data with business partners (anonymous statistics, not identifying data).
Minimal retention
We only store data for as long as necessary and delete it when it is no longer needed.
Privacy by design
For example, we do not share precise timestamps of your visits with local partners, unless it is necessary to resolve a dispute.
Contact
Questions about this policy or privacy
Email: support@kaivis.com
Address: KaiVis SA, C/o Loomish SA Via Peri 21b, Lugano, Switzerland
Requests regarding your personal data (access, deletion, etc.)
Email: support@kaivis.com
Response time: within 30 days of the request
Reports or complaints
Please contact us at support@kaivis.com, but you have the right to lodge a complaint with the competent supervisory authority:
🇨🇭 Switzerland: Federal Data Protection Commissioner (IFPDT) – www.edoeb.admin.ch
🇮🇹 Italy: Data Protection Authority – www.garanteprivacy.it
Changes to This Policy
We may update this policy periodically to reflect:
- Changes to the Services
- New features
- Regulatory requirements
- Changes in data protection/use
In the event of substantial changes, we will notify you by email when available. If you logged in with SMS authentication, you can add your e-mail in settings -> edit profile. We recommend that you check this page periodically.
Detailed Information
1 What Data We Collect
1.1 Data you provide us directly
To create and manage your account
- Email address (if you use email registration or choose to provide it to us via settings>profile)
- Telephone number (if you use SMS registration or choose to provide it to us via settings>profile)
- Name (to identify you)
- Surname (optional, to help you recover your account)
- Date of birth (to verify minimum age)
- Gender (to help us personalize your experience)
- Address (optional, only to use the resident parking option)
For website users who are not registered with the app:
The website only collects the email address and city provided by users who voluntarily sign up to the waiting list, so that they can be contacted when the service launches. Legal basis: consent (Art. 6.1.a GDPR).
To process payments (if applicable)
- Billing details (e.g. surname, address, company name) if you register your business, when payments are not handled entirely through Google Play Billing, the processing of which is subject to the privacy policy of Google LLC as merchant of record.
- Payment method information, only if payments are not handled through Google Play Billing (through certified third-party providers; the app does not access or store card details).
To personalise your experience
- User preferences
- Feedback, favorites, etc., when available
1.2 Data collected automatically
Service usage data
- Date and time of visits to local partners
- Precise location (based on your consent: only when you have the app active or in the foreground), necessary for the app to function properly
- Navigation paths in the app and searches performed
- Interactions with features (check-ins, viewing points of interest, clicks on points of interest, visits to points of interest)
- Preferences, liked places and saved 'favorites' when available
Technical data
- Device model and operating system
- IP address
- App version
- Logins and activity logs
1.3 Data we do not collect
We do not deliberately collect:
- Sensitive data (ethnic origin, political opinions, biometric data, health data)
2 Why We Collect Your Data
2.1 To provide you with the service
Legal basis: Performance of the contract- Create and manage your account
- Record your interactions with points of interest
- Provide navigation services, including available parking spaces
- Process transactions
- Provide customer support
- Providing navigation and optimal routes
- Displaying real-time parking availability
- Recommend nearby points of interest and events
- Improving recommendations based on the places you visit
Failure to authorise GPS location will severely limit the app's functionality. Location data is not shared with third parties except in aggregate form as specified in this policy.
2.2 To improve the Services
Legal basis: Legitimate interest- Analyse app usage to improve functionality and performance
- Develop new features
- Identify and correct technical errors
- Conduct research and statistical analysis
- Improve recommendations and the experience for all users by analyzing collective usage patterns (e.g. which routes are most used, which points of interest are most popular, parking availability)
Important: Your personal data may be used internally for these improvements, but it is processed to provide a final recommendation – e.g. showing an available parking space or recommending a point of interest or specific event suitable for the end user.
2.3 For security
Legal basis: Legitimate interest / Legal obligation- Preventing fraud and abuse
- Protecting the safety of users and partners
- Complying with legal obligations
- Resolving disputes and enforcing our rights
2.4 For communications
Legal basis: Consent / Legitimate interest- Send you notifications about the service
- Contact you for surveys/feedback
- Inform you about changes to the Terms or Privacy Policy
- Show you personalised marketing communications via Meta and/or Google, if you have given specific consent during onboarding
Consent to personalised marketing is requested via a checkbox that is separate and distinct from acceptance of this Privacy Policy. To withdraw your consent, write to us at support@kaivis.com or disable your Advertising ID from your device settings.
3 With Whom We May Share Your Data
Please refer to the list in point 16 to see who we share your data with
3.1 Local Partners (Local businesses such as shops, bars, local authorities, etc.)
Fundamental principle: Data minimisation
When you visit a local partner using our Services, we only share the information that is strictly necessary with them:
✅ Standard sharing (always)
- User ID (pseudonym, not real name)
- That you viewed or visited their point of interest
- Total count of your visits/views at that partner
- Age range and general preferences (only if necessary for the service)
🚫 We do NOT share by default
- Precise timestamps of visits (only month/general period)
- Your full name, email address or telephone number
- History of visits to other partners
- Payment details
- Your complete travel history
Extended sharing (only when necessary)
In the event of:
- Disputes or disagreements between you and the partner ("I was never there")
- Requests for clarification on specific transactions
- Investigations into fraud or violations of the Terms
- Requests from judicial authorities
We may share additional data necessary for resolution, including:
- Precise timestamps
- Specific transaction details
- Other relevant metadata
3.2 Recommendations and Partner Visibility
KaiVis shows you recommendations for points of interest and events based on:
- Your current location
- Your preferences and visit history
- Ratings and popularity
Boost in recommendations: Some partners may request greater visibility ("boost") in recommendations.
Important:
- We only show you boosts if the venue/event is relevant to you (based on your location and preferences).
- This is not spam: we always respect your preferences
- Boosts only increase priority; they do not create recommendations out of thin air.
- We do not share your personal data with partners who pay for boosts
- Partners who pay for boosts only see aggregate statistics (e.g. '150 people viewed')
3.3 Technical Service Providers
To provide the Services, we use reliable third-party providers, including:
Hosting and cloud infrastructure:
- AWS
- Server location: Germany, European Union
- Service: data storage and management
Payment processing, if applicable:
- E.g.: Google Pay
- Processing: billing and transaction data
- Note: We do not store complete debit/credit card details
Maps and navigation:
- E.g.: Mapbox, TomTom, Foursquare
- Processing: navigation and map data
Communication services:
- Email/push notification providers
- Processing: sending transactional emails and notifications
Analytics and monitoring:
- E.g.: Google
- Processing: aggregated data on app usage and marketing performance
Project management and support:
- E.g.: ClickUp
- Processing: support tickets and internal project management
Freelancers and external consultants:
We use freelancers or specialised consultants/companies for:
- App development and technical maintenance
- Design and user experience services
- Specialist consulting (legal, tax, IT security)
- Marketing and communication activities
These professionals:
- They access personal data only when strictly necessary to perform the requested service
- They are bound by confidentiality agreements (NDAs)
- They are required to process personal data exclusively for the purposes for which we have engaged them
- They operate under our direct supervision and responsibility
All suppliers and external collaborators:
All external suppliers and collaborators:
- Are carefully selected on the basis of security guarantees and GDPR compliance
- They are required to process personal data in compliance with applicable legislation
3.4 Aggregated and Anonymised Data
We may share aggregated statistics that do not allow you to be identified with:
- Business partners (business owners, local authorities)
- Investors
- Researchers
- The public
- Meta or Google with the purpose of optimizing Kaivis' ads campaigns (app engagement and usage data)
Data relating to visits to points of interest and user preferences are shared with the managers of those points of interest or other partners exclusively in aggregate and anonymous form, by age group and on a monthly basis, once a minimum threshold of unique users has been exceeded. Data relating to individual users are never shared.
Examples of shared aggregate data:
- Parking occupancy status (e.g. 'the car park in Via Mario Rossi is available/occupied')
- "Average number of visits per user: 3.5 per month"
- "Prevailing age group of visitors: 25-34 years"
- "Target customers: Alternative, Classical Music between 35 and 40 years old"
- "Total number of people who visited/viewed a location/event"
- "Preferences of users who have interacted with a specific location"
For the purpose of:
- Understand your audience
- Improve services and events
- See the value of the service
- Monitoring parking availability limited to the area of interest
Protective measures applied:
- Operators or third parties do not know who has the app and who does not
- No combination with identifying data
- Automatic masking if the group is too small to guarantee anonymity
Regarding the occupancy status of parking spaces:
The occupancy status of parking spaces refers exclusively to the parking space, not the user. No personal data, even aggregated, is shared in this context.
KaiVis can only collect data to provide analytics to the user, for example by sharing their petrol savings and parking payment costs. In the case of aggregated statistics, these can be produced without any use of personal data.
Furthermore, all recommendations generated by/for the community are based on KaiVis algorithms and data provided by the community. No user has access to the individual data of other users nor can they trace its origin.
Important: Truly aggregated and anonymised data is no longer considered 'personal data' under the GDPR and may be stored and used indefinitely.
Legal basis: The collection of individual data necessary to produce aggregate statistics is based on the legitimate interest of KaiVis (Art. 6.1.f GDPR). The resulting aggregated and anonymised data does not constitute personal data under the GDPR and may be stored and shared without restriction.
3.5 Authorities and Legal Obligations
We may share your personal data when:
- Required by law (warrant, court order)
- It is necessary to enforce our legal rights or in the event of a dispute with our partners
- It is necessary to protect the safety of users, partners or the public
- In the event of investigations into fraud, violations of the Terms or illegal activities
- To comply with legal proceedings or legitimate government requests
3.6 Transfer of Ownership
In the event of a merger, acquisition, sale of assets or bankruptcy, your personal data may be transferred to the new entity, provided that it:
- Commits to complying with this Privacy Policy
- Maintains the same level of data protection
We will inform you of any change of ownership involving your personal data.
Legal basis: Legitimate interest3.7 Who we NEVER share your data with
- Data brokers
- Advertisers for behavioural advertising
- Third-party marketing companies, except in aggregate form
- Social networks (unless you explicitly choose to connect your account).
4 International Data Transfers
Your personal data may be transferred and stored on servers located in:
- Switzerland
- European Union
Transfers to third countries:
Some service providers (e.g. Meta/Facebook, Google, Apple) may transfer data to the United States.
For these transfers, we use the following safeguards:
- European Commission Standard Contractual Clauses (SCC)
- Certifications from providers compliant with the new US-EU frameworks
You can request a copy of the safeguards adopted by writing to: support@kaivis.com
5 How Long We Store Your Data
We retain your personal data for different periods depending on the purpose:
5.1 During the service
Active account:
- For the entire duration of the contractual relationship (as long as you keep your account active)
5.2 After account cancellation
Deletion within one month:
- Identification data (name, e-mail, telephone number)
- Usage data (visits, routes)
- Profile photo and preferences
Security backup:
- Stored for a maximum of 2 months, after which they are permanently deleted
Aggregated and/or anonymised data:
- We may retain an anonymous identifier that cannot be traced back to you for statistical and security purposes
- Anonymized data may be stored indefinitely
5.3 Legal obligations
Tax and accounting data:
- Stored for 10 years (legal obligation under applicable tax legislation)
Security logs:
- Stored for 12 months (fraud prevention, security, investigations)
Records of Terms acceptance:
- Retained for legal compliance purposes (e.g., we maintain records of T&C acceptance for 10 years)
5.4 Inactive accounts
If you do not use your account for 36 consecutive months, we reserve the right to:
- Send you a notice via email or text message (30 days in advance)
- Delete your account and related personal data if you do not respond
You can prevent deletion by simply logging into the app.
6 Data Security
We implement appropriate technical and organisational security measures to protect your personal data, including:
🔧 Technical measures
- Encryption of data in transit (TLS/SSL)
- Encryption of sensitive data at rest
- Secure authentication systems
- Regular backups and disaster recovery systems
- Continuous monitoring to detect suspicious activity
🏢 Organisational measures
- Data access restricted to authorised personnel only
- Confidentiality agreements with employees and suppliers
- Staff training on data protection
- Security incident management procedures
- Periodic risk assessments
In the event of a data breach:
If a breach occurs that poses a risk to your rights and freedoms:
- We will notify the supervisory authority within 72 hours
- We will inform you directly without undue delay
- We will provide you with information about the nature of the breach and the measures taken
7 Your Rights – Full Details
7.1 Right of Access (Art. 15 GDPR)
You have the right to obtain:
- Confirmation that we are processing your personal data
- A copy of all personal data in our possession
- Information on the purposes, categories, recipients and retention period
How to exercise this right:
- By email: support@kaivis.com
You will receive a file in a readable format (JSON/CSV) containing all your data.
7.2 Right to Rectification (Art. 16 GDPR)
You have the right to correct inaccurate or incomplete personal data.
How to exercise this right:
- In the app: Settings > Profile > Edit
- By email: support@kaivis.com (for complex corrections)
7.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
You have the right to have your personal data deleted when:
- They are no longer necessary for the purposes for which they were collected
- You withdraw the consent on which the processing is based
- You object to the processing and there are no overriding legitimate grounds
- The data has been processed unlawfully
Exceptions: We cannot erase data when it is necessary for:
- Comply with a legal obligation (e.g. tax data for 10 years)
- Establishing, exercising or defending a right in court (e.g. we retain records of T&C signature for 10 years)
How to exercise this right:
- In the app: follow the instructions in settings
- By email: support@kaivis.com
- On the website: https://kaivis.com/delete-account
Effects of deletion:
- Permanent loss of your account and all associated data
- Deletion within 30 days (except for legal retention obligations)
7.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to obtain the restriction (temporary suspension) of processing when:
- You contest the accuracy of the data (for the period necessary for verification)
- The processing is unlawful but you oppose erasure
- You need the data to establish, exercise or defend a right in court
How to exercise this right: support@kaivis.com
7.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your data in a structured, machine-readable format (JSON, CSV) and to transmit it to another controller.
Applies to:
- Data provided by you
- Data collected with your consent or for the performance of the contract
- Processing carried out by automated means
How to exercise this right:
- By email: support@kaivis.com (if you wish to transfer directly to another service, where technically possible)
7.6 Right to Object (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data based on legitimate interest, including profiling.
In the event of an objection, we will assess whether there are compelling legitimate grounds that override your interests.
How to exercise this right:
- By email: support@kaivis.com
7.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
How to exercise this right:
- By e-mail: support@kaivis.com
7.8 Right to Complain
You have the right to lodge a complaint with a supervisory authority, in particular in the State where:
- You habitually reside
- You work
- The alleged infringement occurred
Competent authorities:
- Switzerland: Federal Data Protection Commissioner (IFPDT) – www.edoeb.admin.ch
- Italy: Data Protection Authority – www.garanteprivacy.it
Response times to requests: We respond to all requests within 30 days of receipt. In complex cases, the deadline may be extended by a further 60 days, subject to notification.
Identity verification: To protect your data, we may ask you to verify your identity before we can act on your request (e.g. confirmation from your registered email address).
8 Cookies and Similar Technologies
8.1 What are cookies
Cookies are small text files stored on your device when you visit our website or use the app.
8.2 Cookies we use or may use
Technical cookies (strictly necessary):
- Authentication and session management
- Security and fraud prevention
- No consent required (essential for operation)
Preference cookies:
- Language and settings storage
- Personalisation of user experience
Analytics cookies (if used):
- Google Analytics
- App usage analysis for improvements
- Aggregated and anonymised data
Marketing identifiers (consent-based):
- Advertising ID (Android) shared with Meta and/or Google via the Meta SDK and Google Ads
- Used to show you personalised KaiVis marketing communications on Meta and Google platforms, to measure the effectiveness of our advertising campaigns, and to optimise marketing towards you or other users with similar interests
- We do not sell your Advertising ID or any other personal data to Meta or Google: we use it solely for the marketing purposes described above
- Requires explicit consent, given via a single separate checkbox during onboarding
- Legal basis: Consent (Art. 6.1.a GDPR) / Express consent for profiling (Art. 6 para. 6-7 nFADP)
To withdraw your consent, write to us at support@kaivis.com or disable your Advertising ID from your device settings (Settings > Privacy > Ads; the exact path may vary depending on your operating system).
8.3 Cookie management
We may need to collect cookies
Website:
- Cookie banner on first access
- Option to accept/refuse non-essential cookies
- Browser settings to block cookies
Mobile app — identifiers and local storage:
The mobile app does not use traditional cookies. Instead, it uses:
- Authentication tokens — to keep the login session active
- Local storage — to save preferences and settings on the device
- Advertising ID (Android) — anonymous device identifier, manageable from Settings > Privacy > Advertising – if enabled
- Third-party SDKs (e.g. Google, Meta) — which may collect their own identifiers in accordance with their privacy policies – if enabled
How to refuse cookies/identifiers:
- Website: cookie banner or browser settings
- App: Device settings > Privacy > Location / Advertising
- Email: support@kaivis.com for assistance
9 Recommendations and Personalisation
9.1 Transactional emails (do not require consent)
We will send emails/notifications/SMS messages necessary for the service:
- Registration confirmation
- Important updates on Terms/Privacy
- Customer service responses
You cannot disable these (they are necessary for the service).
9.2 Personalised recommendations
We may collect and transmit your data (location, preferences, history) to AWS in order to:
- Show you points of interest and events relevant to you
- Offer you an improved browsing experience
- Indicate available parking spaces
- Improve recommendations and the browsing experience for all users
Personalisation control: You can choose not to fill in certain preferences, but they are necessary to use the service to its fullest
Note: Not filling in preferences does not disable recommendations, but makes them less relevant to you. Some partners may still have increased visibility (boost) if relevant to your location.
9.3 Push notifications
You can control push notifications via:
- Device settings > Notifications > KaiVis
10 Minors
The Services are intended for persons aged 18 and over.
We do not intentionally collect data from children under the age of 18.
If we become aware that we have collected data from a child under the age of 18:
- We will immediately delete the data
- We will notify the guardian (if identifiable)
- We will block the account
If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal data, please contact us immediately at: support@kaivis.com
11 Links to Third-Party Websites
The Services may contain links to third-party websites or apps.
Important:
- We are not responsible for the privacy practices of third-party sites
- We encourage you to read their privacy policies
- This policy applies only to KaiVis Services
12 Legal Basis for Processing (Summary)
We process your personal data on the basis of:
Performance of the contract (Art. 6.1.b GDPR):
- Account creation and management
- Provision of the service (check-in, rewards, etc.)
- Sharing with local partners to provide the service
- Payment processing, if applicable
Consent (Art. 6.1.a GDPR / Art. 6 para. 6-7 nFADP):
- Non-essential cookies
- Geolocation (where required by the operating system)
- Advertising ID for personalised marketing via Meta and/or Google
Legitimate interest (Art. 6.1.f GDPR):
- Improvement and development of services
- Analytics and statistics (aggregated data)
- Security and fraud prevention
- Dispute resolution
- Communications regarding changes to the Terms
- Marketing for user acquisition via advertising platforms (aggregated data)
Legal obligation (Art. 6.1.c GDPR):
- Retention of tax/accounting data
- Responses to requests from authorities
- Regulatory compliance
You always have the right to object to processing based on legitimate interest.
13 Automated Decisions and Profiling
We do not currently use fully automated decision-making processes that produce legal effects or significantly affect you.
We do not carry out profiling on behalf of third parties for advertising or behavioural marketing purposes, except for our own marketing, e.g. via Meta or at an aggregate level.
We only use algorithms for:
- Fraud detection (e.g. abnormal number of check-ins)
- Recommendations for nearby partners (based on GPS location)
- Aggregate usage statistics
In the event of future changes, we will update this policy and notify you.
14 Frequently Asked Questions
Can I use the app without providing all my data?
Why does the app need my location?
How do I know what data you have about me?
How long does it take to delete my account?
Can local partners see all my data?
Do you sell my data?
Can I transfer my data elsewhere?
Is my data used to improve the service for other users?
What does 'boost' mean in recommendations?
15 Official Version
16 Updated List of Partners
Below are the main third-party service providers with whom we may share your data:
| Partners | Purpose | Country | Privacy Policy |
|---|---|---|---|
| AWS (Amazon) | Hosting, infrastructure, database, interfaces | EU – Germany | aws.amazon.com/privacy |
| Mapbox | Maps and geo-location | USA | mapbox.com/legal/privacy |
| TomTom | Search by address or name/map data | NL | tomtom.com/privacy |
| Google/Google Play | Installation/Analytics | USA | policies.google.com/privacy |
| Google Ads | Advertising/Analytics | USA | policies.google.com/privacy |
| Meta | Advertising/Analytics | USA | facebook.com/privacy/policy |
| Clickup | Internal project management/ticketing | USA | clickup.com/privacy |
This list is updated periodically. We invite you to consult it regularly.
Conclusion
By agreeing to continue using the app, you confirm that you have carefully read and understood this document and that you agree with its contents.
If you have any questions, concerns or requests regarding your privacy, please do not hesitate to contact us:
Email: support@kaivis.com
Guaranteed response within: 30 days
Thank you for placing your trust in KaiVis.

© 2026 ManuelParodi. All rights reserved.