SharkPark

Privacy Policy

Last updated: May 3, 2026

SharkPark (“SharkPark,” “we,” “us,” or “our”) is an independent crowdsourced parking application focused on the area around California State University, Long Beach (“CSULB”). SharkPark is not affiliated with, endorsed by, or sponsored by California State University, Long Beach. This Privacy Policy explains what information we collect through the SharkPark mobile applications and the website at sharkpark.app (collectively, the “Service”), how we use it, and the choices you have.

1. Summary

  • We do not store your raw GPS coordinates or location history on our servers.
  • We only know that some hashed device entered or exited a parking lot — not who, where they came from, or where they went next.
  • If you sign in, we use your school’s Microsoft (Azure AD) single sign-on. We receive only the basic profile fields needed to authenticate you.
  • We don’t sell your information, share it with advertisers, or use it for marketing.
  • You can delete your account and associated data at any time from inside the app, or by emailing security@sharkpark.app.

2. Information we collect

2.1 Anonymous geofence events

When the SharkPark mobile app detects that your device has entered or exited a parking lot, it sends an event to our backend containing:

  • The lot identifier (e.g., “Lot G14”).
  • Whether the event was an enter or exit.
  • A randomly generated device identifier that is one-way hashed (SHA-256) with a server-side salt before it is written to our database. The unhashed identifier never leaves your device’s secure storage and is never sent to or stored by our servers in raw form.
  • A timestamp.

We do not receive or store your raw GPS coordinates, the path you took to reach the lot, your speed, or your location at any time you are not crossing a lot boundary.

2.2 Account information (optional)

SharkPark can be used as a guest with no account. If you choose to sign in, we use Microsoft Azure Active Directory single sign-on (SSO). We receive your name, email address, and a Microsoft-issued user identifier solely for the purposes of authenticating you and associating your favorites and preferences with your account. We do not receive your Microsoft password.

2.3 In-app reports

If you submit an incident report from inside the app (e.g., to flag a closure, accident, or other issue), we store the report content, the lot it relates to, and your account identifier (if signed in). Reports are reviewed for moderation and to improve the Service.

2.4 Diagnostic and crash data

We use third-party tooling (see Section 5) to collect aggregated crash reports and performance information. These reports may include device model, operating system version, app version, and a stack trace. They do not include your name, contact information, or location.

2.5 Push notification tokens

If you opt in to push notifications (e.g., favorite-lot alerts), your device’s push token is stored so we can deliver those notifications. You can revoke this at any time by disabling notifications for SharkPark in your device settings.

3. How we use information

  • To compute and display live occupancy estimates for parking lots.
  • To compute reliability scores so users can judge how trustworthy a given estimate is.
  • To generate aggregated, non-identifying training data for short- and long-term occupancy forecasts.
  • To authenticate you and remember your preferences and favorite lots, if you sign in.
  • To deliver push notifications you have opted in to.
  • To diagnose crashes, performance issues, and abuse.

4. Legal basis

We process information based on (a) your consent, granted when you install the app and grant location permissions, (b) our legitimate interest in operating, securing, and improving the Service, and (c) our need to perform a contract with you when you create an account.

5. Service providers

We share limited information with the following service providers, under contract, solely to operate the Service:

  • Microsoft (Azure Active Directory) — single sign-on authentication.
  • Cloudflare, Inc. — DNS, content delivery, and object storage (R2) for application assets and machine-learning model artifacts.
  • Neon, Inc. — managed PostgreSQL database hosting.
  • Fly.io (Hashicorp Holdings, Inc.) — backend application hosting.
  • Functional Software, Inc. (Sentry) — crash and performance diagnostics.
  • Apple Inc. and Google LLC — push notification delivery (APNs and FCM).

We do not sell or rent personal information to anyone, and we do not share information with advertising networks or data brokers.

6. Retention

  • Hashed event records: retained while needed to operate the Service. Per-event identifiers are not linkable back to you.
  • Aggregated occupancy snapshots: retained indefinitely; they are statistical summaries that do not identify any individual.
  • Account information and favorites: retained until you delete your account.
  • Incident reports: retained per audit requirements; you may request deletion at any time.
  • Crash reports: retained for up to 90 days by our diagnostics provider.

7. Your rights and choices

  • Access & export: Email security@sharkpark.app and we will provide a copy of the personal data associated with your account.
  • Deletion: Delete your account from inside the app under Settings → Account → Delete Account, or follow the instructions at sharkpark.app/delete-account.
  • Location permissions: You can revoke location permissions at any time in your device’s system settings. The app will continue to function in a limited, view-only mode.
  • Push notifications: You can disable push notifications in your device’s system settings.
  • California residents (CCPA/CPRA): You have the right to know what personal information we have collected, to request deletion, and to be free from discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.

8. Children’s privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at security@sharkpark.app and we will promptly delete it.

9. International users

The Service is operated from, and intended for users in, the United States. If you access the Service from outside the United States, you consent to the transfer of information to the United States and the processing of that information in accordance with this Privacy Policy.

10. Security

We use industry-standard technical and organizational safeguards to protect information, including encryption in transit (TLS), hashed and salted device identifiers, restricted access to production systems, and continuous monitoring. No system is perfectly secure, and we cannot guarantee absolute security.

11. Cookies and tracking technologies

The SharkPark website does not set advertising cookies and does not use third-party analytics, web beacons, fingerprinting, or cross-site tracking pixels. The site uses only the strictly necessary cookies required for it to function (for example, to remember your theme preference). The mobile application does not use web cookies.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app and update the “Last updated” date above. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.

13. Contact

Questions, requests, or complaints? Email us at security@sharkpark.app.