Privacy Policy

1. Introduction

Welcome to Nabolader ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electric vehicle charger sharing platform. We are committed to protecting your privacy and ensuring transparency about our data practices.

Nabolader AS is the data controller responsible for your personal data. We are registered in Norway and comply with the General Data Protection Regulation (GDPR) and Norwegian data protection laws.

2. Information We Collect

2.1 Personal Information

• Name and email address
• Account credentials (encrypted passwords)
• Profile information you choose to provide
• Contact information for support requests

2.2 OAuth Provider Information

When you sign up using third-party providers:

• Google: Name, email address, and profile ID
• Facebook: Name, email address, and user ID

2.3 Charger and Location Data

• Charger location coordinates (latitude/longitude)
• Charger specifications and pricing information
• Availability schedules you set
• Installation and hardware identification data

2.4 Usage and Transaction Data

• Charging session details (duration, energy consumed, cost)
• Payment and billing information (processed by Stripe)
• Reviews and ratings
• Communication history

2.5 Technical Data

• IP address and device information
• Browser type and version
• Usage analytics (via Matomo)
• Application logs for troubleshooting

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Facilitate charger sharing and booking
• Process payments and payouts
• Enable communication between users
• Provide customer support

3.2 Safety and Security

• Verify identity and prevent fraud
• Monitor for suspicious activity
• Enforce our terms of service
• Comply with legal obligations

3.3 Improvement and Analytics

• Analyze usage patterns to improve our service
• Develop new features
• Conduct research and analytics
• Optimize platform performance

4. Information Sharing and Disclosure

4.1 With Other Users

We share limited information to facilitate transactions:

• Charger owners see driver names and reviews
• Drivers see owner names and charger details
• Public reviews and ratings are visible to all users

4.2 With Service Providers

• Stripe: Payment processing and payout services
• Charger Manufacturers: Hardware integration (Zaptec, Easee)
• Cloud Providers: Hosting and infrastructure
• Analytics: Matomo for usage analytics

4.3 Legal Requirements

We may disclose information when required by law, to protect rights and safety, or in connection with legal proceedings.

5. Data Storage and Security

5.1 Security Measures

• Encryption of data in transit and at rest
• Secure authentication with JWT tokens
• Regular security audits and updates
• Access controls and monitoring

5.2 Data Location

Your data is stored on secure servers within the European Economic Area (EEA) to ensure compliance with Norwegian and EU data protection laws.

5.3 Retention Period

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Account data is typically retained for 7 years after account closure for tax and legal compliance.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at [email protected]or use the data export/deletion features in your account settings.

7. Cookies and Analytics

7.1 Essential Cookies

We use essential cookies for authentication, security, and basic functionality. These cannot be disabled without affecting the service.

7.2 Analytics

We use Matomo (privacy-focused analytics) to understand how users interact with our platform. This helps us improve the service. You can opt out of analytics tracking in your account settings.

8. OAuth Provider-Specific Information

8.1 Facebook Login

When you use Facebook Login, you can:

• Manage app permissions in your Facebook settings
• Request data deletion through Facebook's interface
• Contact us directly for account deletion

Facebook's data deletion callback URL: https://api.nabolader.no/api/delete-data

8.2 Google Login

Your Google account permissions can be managed through Google Account settings. We only access basic profile information (name, email) with your consent.

9. International Transfers

We primarily process data within the EEA. When we transfer data internationally (e.g., to service providers), we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses
• Certification schemes

10. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting the updated policy on our platform. Your continued use of the service after changes indicates your acceptance of the updated policy.

12. Contact Information