Privacy Policy
Last updated June 15, 2026
This Privacy Policy explains how paived.io, Inc. (“paived.io,” “we,” “us”) handles information for the paived.io network (Section A) and on the paived.io website (Section B). If a participating merchant — for example, Level Parking — has shared your information with paived.io, Section A governs that information; Section B covers visits to paived.io itself.
Section A — The paived.io network
paived.io operates an identity, payment, and loyalty network across multiple merchants. The current list of participating merchants is published at paived.io/network and may grow over time. When you use a participating merchant's service and that merchant shares your information with us under your agreement with the merchant, the rest of Section A applies.
A.1 — Information we receive from participating merchants
A participating merchant shares the following with us:
- Your phone number.
- Your license plate(s) and the state of issuance.
- Vehicle attributes you have provided (make, model, color, year).
- The fact that you have a payment method on file with that merchant. We do not receive your card number, CVV, or any full card data — only a reference that lets the network ledger know a payment method exists. The card itself remains with the merchant's payment processor and your card issuer.
- Your visits to participating merchant locations (date, time, location, plate match) — for the cross-merchant network record.
A.2 — Information we do NOT receive
The following information is never shared with us by participating merchants:
- Your DMV record or driving history.
- Your face or any biometric data beyond the text characters of your license plate. We receive only the plate's letters and numbers, never images, facial features, or any biometric identifier.
- Your physical mailing address, beyond what is necessary to settle a card payment with your card issuer.
- Your Social Security Number or any government identifier.
- Your marketing preferences with the merchant. paived.io may send you marketing messages only if you separately opt in through a paived.io surface; merchants do not opt you in on our behalf.
A.3 — What you authorize as a network member
When you accept a participating merchant's terms that incorporate the paived.io network — for example, by accepting Level Parking's Terms of Service — you authorize the following uses of the information above:
- Network membership.You become a “Driver” on the paived.io network, with paived.io holding the identity information listed in A.1.
- Plate lookup. Other participating merchants may recognize you by your license plate when you approach their facilities, the same way the enrolling merchant does today.
- Loyalty accrual. Your visits to participating merchants may contribute to a cross-merchant loyalty balance held by paived.io.
These three are the only authorizations triggered by accepting a merchant's terms. Acceptance of merchant terms does not, by itself, authorize paived.io to charge you at any other merchant. The charge authority is captured separately — see A.4.
A.4 — Cross-merchant payment authorization
Read this section carefully. It describes the authorization that lets paived.io charge you at merchants other than the one where you enrolled.
When you enable a network-wide payment feature at a participating merchant — for example, Level Parking's Checkout-Free — you authorize paived.io to charge you at any participating paived.io merchant using a payment method you have stored on the paived.io network. This is a one-time authorization: you will not be asked to confirm at each new merchant.
The list of participating merchants is published at paived.io/network and may grow over time. Your authorization extends to merchants on that list, both today and in the future, for as long as your authorization remains in effect.
Because this authorization is broader than ordinary point-of-sale consent, the enrolling merchant captures it through a distinct, conspicuous affirmation at the time of enrollment — separate from the merchant's general terms acceptance. The exact language of the affirmation, along with the date, time, IP address, and browser used, is recorded by the merchant and shared with us as part of A.1.
You can withdraw this authorization at any time — see A.6.
A.5 — Retention
We retain transaction records — which merchant, what amount, what time — for the minimum period required by applicable financial regulation, currently seven years. That keeps your past activity discoverable for chargebacks, disputes, tax records, and audit.
Your identity information (phone, name, vehicle attributes) is retained for as long as you are an active network member, and is removed within 24 hours of your withdrawal.
Tokenized payment-method references are retained for a limited period after a payment method is removed or you withdraw, for dispute resolution and audit. You can request immediate deletion by contacting support@paived.io.
A.6 — Withdrawal
You may withdraw from the paived.io network at any time:
- Visit paived.io/account and request removal,
- Email support@paived.io with the request, or
- Contact the merchant where you enrolled and ask them to forward the request to paived.io on your behalf.
Withdrawal:
- Stops paived.io from sharing your information with any new merchants.
- Stops any participating merchant from initiating new charges through the paived.io network.
- Does not cancel your account at the merchant where you originally enrolled — that account continues under that merchant's own terms.
- Does not reverse charges that have already been authorized and are in process.
- Takes effect within 24 hours across the network.
A.7 — How we share your network information
paived.io shares your network information with participating merchants for the purposes you have authorized in A.3 and A.4 (plate lookup, charge authority, loyalty accrual). We share information with the payment processor handling a network charge (currently Stripe). We do not sell network identity information to advertisers or data brokers.
We may share information with service providers that help us run the network — for example, fraud-prevention vendors and hosting providers — under obligations of confidentiality.
We may share information where we are required to by law, in response to lawful legal process, or where we need to in order to protect rights, safety, or the integrity of the network.
A.8 — Your rights and choices
You may contact us at any time to ask what network information we hold about you, to correct it, or to request its deletion (subject to the retention rules in A.5). Depending on where you live, you may have additional rights under applicable privacy law; email support@paived.io and we will help you exercise them.
A.9 — Per-visit attribution and the 15-minute claim window
When more than one Driver is authorized to use the same vehicle — for example, a couple sharing a car or a parent and adult child who both wash it — paived.io needs to decide whose paived.io account each visit gets attributed to. By default, the visit attributes to the Driver registered as the vehicle's Owner.
To prevent the default from being wrong in cases like “my spouse took the car today,” paived.io may send a short text message to the Owner's phone immediately after a visit with a link that allows another authorized Driver to claim the visit instead. The link contains:
- The visit identifier.
- The Driver identifier the link is intended for.
- An expiration timestamp 15 minutes after the visit settles.
- A cryptographic signature (HMAC-SHA256) that proves paived.io generated the link.
Tapping the link opens paived.io/override, which verifies the signature and the expiration. The intended Driver signs in to confirm — paived.io does not allow a claim from anyone other than the named Driver, even if they have the URL. The act of claiming writes the override on the visit record; subsequent loyalty accrual, membership benefits, and any future settlement attribute to the claiming Driver instead of the Owner.
paived.io retains the override event — visit, claiming Driver, time, IP address used to perform the claim — as part of the transaction record under A.5. The 15-minute window is enforced by the signed token; expired tokens cannot be used to claim, and out-of-band requests after the window must be handled by paived-ops at support@paived.io.
You may decline to receive override SMS by emailing support@paived.io. Declining stops the message, not the underlying attribution; the visit still attributes to the Owner by default unless an override is performed in person via paived-ops.
A.10 — Vehicle ownership disputes
When a new Driver attempts to claim a plate already registered to another Driver — for example, when buying a used car — paived.io does not transfer the plate automatically and does not query DMV records (querying DMV records for this purpose would be prohibited by federal law). Instead, paived.io initiates a 14-day verification:
- paived.io creates a dispute record containing the claiming Driver's identifier, the plate's vehicle identifier, the existing Owner's identifier, the timestamp of the claim, and an auto-release date 14 days later.
- paived.io may notify the existing Owner that a claim has been made, by SMS or email, with the option to confirm the sale or contest the claim. The Owner has 14 days to respond.
- If the Owner confirms (or 14 days pass without a response and paived.io has confirmed delivery of the notification), paived.io closes the Owner's relationship with the vehicle and opens the new Driver's ownership. The previous Owner's transaction history at the vehicle is retained per A.5 but no longer attributed to them going forward.
- If the Owner contests the claim, paived-ops reviews. paived.io may request documentation (typically a bill of sale or title transfer) from either side. paived.io stores any documents you provide in the dispute record while the dispute is open, and deletes those documents within 90 days of resolution unless legal or audit retention applies.
You can see disputes you are part of — either as claimant or as prior Owner — at paived.io/account/vehicles, which shows the plate, the auto-release date, and (for prior Owners) the option to email support@paived.io to confirm or contest.
Dispute records are retained for the same period as transaction records (currently seven years; see A.5) — they document the chain of custody for a vehicle on the network and are necessary if a later dispute references the earlier resolution.
A.11 — Direct enrollment via paived.io/join
You can also enroll on the paived.io network directly through paived.io/join — for example, by scanning a QR code at a participating merchant's site. When you enroll directly:
- We collect your phone number and license plate (with state of issuance) — the same fields A.1 describes coming from participating merchants.
- We send a one-time SMS code to your phone to verify the number. The verification is operated through Twilio Verify; see B.3 for the third-party processor disclosure.
- On successful verification, we record your consent to network membership — the same scope A.3 describes.
- If you enrolled via a QR code that carried a participating merchant's identifier (a
?site=…URL parameter), we also record your consent to cross-merchant paymentauthorization with respect to that merchant, on the same terms as A.4. The merchant identifier and the exact URL you used are preserved in the consent record as evidence of which merchant's context the enrollment occurred in.
Direct enrollment does not capture the merchant-specific documentation that participating merchants do (a written affirmation, an IP address, a browser fingerprint). Some paived.io features may therefore require an additional confirmation step later — for example, cross-merchant payment at a merchant other than the one in your enrollment URL.
You can withdraw from direct enrollment at any time under A.6.
Section B — The paived.io website
The remaining sections cover visits to paived.io itself — the marketing site you are reading now. They do not change anything in Section A.
B.1 — Information we collect on the website
Information you give us. If you email us or otherwise get in touch, we receive your email address, any name you provide, and whatever you choose to include in your message.
Information collected automatically. Like most websites, our hosting and infrastructure providers record standard technical data when you visit — such as your IP address, browser type, the pages requested, and timestamps. We use this to operate, secure, and improve the site.
We do not run advertising trackers or third-party ad cookies on this website.
B.2 — How we use website information
We use the information above to respond to you, to operate and secure the website, to understand and improve how it is used, and to comply with our legal obligations.
B.3 — Cookies and analytics
This website uses only what it needs to function. It does not use advertising or cross-site tracking cookies. If we add privacy-respecting analytics in the future, we will update this policy first.
B.4 — Third-party processors
paived.io uses a small set of vendors to operate the website and network. These vendors process information on our behalf under written contracts and may not use it for their own purposes:
- Supabase— database, authentication, and session storage. Drivers' phone numbers, plates, and account records are stored here.
- Vercel — application hosting and edge delivery. Standard server logs (IP, user agent, request URL) pass through Vercel during ordinary website use.
- Twilio — sends both the one-time SMS codes used to verify your phone number at sign-in and at /join (Twilio Verify), and the automated account and transaction text messages described in our SMS Terms (charge, payment, and vehicle-claim notices). We send Twilio your phone number and the message to deliver; Twilio sends the SMS through the underlying carriers. We do not share your number with third parties for their own marketing.
- Resend — sends transactional email (contact form responses, support replies). We send Resend the recipient address and the email body; Resend delivers via standard SMTP infrastructure.
- Sentry — error and performance monitoring. Sentry receives stack traces and request metadata when an error occurs server-side or in your browser. We do not forward PII to Sentry as a matter of practice.
As new processors come online — for example, a payment processor when paived.io enables direct payment — we update this list before they handle your information.
B.5 — Website data retention
We keep correspondence for as long as we need it to respond and for our ordinary business records, and technical logs for a limited period, unless a longer period is required by law.
Children
paived.io is intended for a general audience and is not directed to children under 13. We do not knowingly collect information from children. If a participating merchant inadvertently shares information about a person under 13, contact us at support@paived.io and we will remove it.
Security
We take reasonable measures to protect the information we hold. No system or method of transmission is perfectly secure, and we cannot guarantee absolute security.
Changes to this policy
We may update this Privacy Policy as the paived.io network and website develop. When we do, we will revise the date at the top of this page. Material changes to Section A will be announced to participating merchants and, where required, to you directly. Continued use of the network or website after an update constitutes acceptance.
Contact us
Questions about this policy, your network information, general website inquiries, or requests to exercise any of the rights described above can be sent to support@paived.io.