1. The Service

ParkAfrika Limited ("ParkAfrika") operates a digital street parking management platform consisting of a Driver App, Warden Enforcement App, City Government Dashboard, and USSD parking payment gateway. The platform is deployed in designated managed parking zones across participating cities, beginning with Lagos, Nigeria.

ParkAfrika operates under a Public-Private Partnership agreement with the relevant city government authority. In managed zones, use of the ParkAfrika platform is the designated method for paying for and managing street parking. Failure to pay through the platform in a managed zone may result in a penalty charge notice.

2. Eligibility and Account Registration

• You must be at least 18 years of age to create a ParkAfrika account
• You must hold a valid driving licence issued by a recognised authority
• You must provide accurate, complete, and current information during registration
• You are responsible for maintaining the security of your account password and for all activity under your account
• You must notify us immediately of any unauthorised use of your account at support@parkafrika.com
• ParkAfrika reserves the right to suspend or terminate accounts that violate these Terms

3. Parking Sessions

3.1 Booking and Payment

• Parking sessions must be paid for in advance before or immediately upon parking your vehicle in a managed zone
• All prices are displayed inclusive of applicable taxes. Rates may vary by zone, time of day, and demand (dynamic pricing)
• Payment is accepted via card, bank transfer, USSD, OPay, PalmPay, MTN MoMo, and other supported payment channels
• A digital receipt is issued for every successful payment. This constitutes your proof of authorised parking
• Your digital receipt and session status may be checked by an authorised ParkAfrika warden at any time

3.2 Session Duration and Expiry

• You are responsible for monitoring your session timer. ParkAfrika will send an SMS and push notification (if enabled) 10 minutes before your session expires
• If your session expires and you have not extended it or moved your vehicle, you may be subject to a penalty charge notice
• Session extensions must be purchased before the original session expires. Extensions cannot be applied retroactively

3.3 Cancellations and Refunds

• You may cancel a session within 5 minutes of booking for a full refund
• After 5 minutes, sessions are considered commenced and are non-refundable
• Refunds for cancelled sessions will be processed within 3–5 working days to your original payment method
• In the event of a proven technical failure by ParkAfrika preventing you from paying or accessing your session, you will be entitled to a full refund and will not be subject to a fine for that session

4. Penalty Charge Notices (Fines)

• Authorised ParkAfrika wardens may issue digital penalty charge notices (PCNs) to vehicles found in managed zones without a valid, active parking session
• Fine amounts are set by the relevant city government authority and are as follows (subject to change by government order): No Payment — ₦5,000; Overstay — ₦3,000; Wrong Zone — ₦2,000; No Valid Permit (in permit zones) — ₦8,000
• All fines are supported by photographic evidence automatically captured at the time of issuance
• Fines must be paid within 7 days of issuance. Unpaid fines may be escalated to VIO, TRACE, or FRSC and may attract additional sanctions under applicable Lagos State law
• You may dispute a fine within 14 days of issuance via the ParkAfrika app by providing supporting evidence. Disputes are reviewed within 3 working days
• ParkAfrika acts as agent of the government authority in respect of fine issuance and collection. The underlying enforcement authority rests with State Governments

5. Acceptable Use

You agree not to use the ParkAfrika platform to:

• Provide false vehicle registration or personal information
• Attempt to circumvent or deceive the payment or enforcement system
• Use another person's account or payment details without their explicit consent
• Interfere with or disrupt the platform's operation
• Engage in any conduct that constitutes harassment of wardens or other ParkAfrika staff
• Attempt to reverse-engineer, copy, or create derivative works from the platform
• Use the platform for any unlawful purpose under Nigerian law

Violation of these provisions may result in immediate account termination and may be referred to law enforcement authorities.

6. Intellectual Property

All content, software, branding, and technology comprising the ParkAfrika platform are the exclusive property of ParkAfrika Limited or its licensors. Nothing in these Terms grants you any right, title, or interest in ParkAfrika's intellectual property. You may not reproduce, distribute, modify, or create derivative works from any ParkAfrika content without prior written consent.

7. Disclaimers and Limitation of Liability

To the maximum extent permitted by Nigerian law, ParkAfrika's total liability to you arising out of or related to your use of the platform shall not exceed the amount paid by you for parking sessions in the 30 days preceding the claim.

ParkAfrika is not liable for: vehicle damage, theft, or loss occurring in managed parking zones; third-party payment processing failures; or loss arising from circumstances beyond our reasonable control.

8. Termination

Either party may terminate the user account at any time. You may close your account via the app settings. ParkAfrika may suspend or terminate your account immediately where:

• You have three or more unpaid penalty charge notices outstanding
• We have reasonable grounds to believe your account is being used fraudulently
• You have materially breached these Terms

On termination, your right to use the platform ceases immediately. Outstanding payment obligations survive termination.

9. Governing Law and Dispute Resolution

These Terms are governed by the laws of the Federal Republic of Nigeria. Any disputes arising from or related to these Terms shall be subject to the exclusive jurisdiction of the courts of Enugu State, Nigeria.

Before pursuing formal legal action, both parties agree to attempt resolution in good faith through direct negotiation for a period of 30 days.

10. Changes to These Terms

We may update these Terms from time to time. Material changes will be communicated via email and in-app notification at least 14 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated Terms.

1. Definitions

• Data Controller — the entity that determines the purposes and means of processing personal data. In the ParkAfrika system, ParkAfrika is the Data Controller for driver and user data; State Governments are joint Controllers for enforcement and revenue data.
• Data Processor — the entity that processes personal data on behalf of a Data Controller. ParkAfrika's sub-processors include Paystack, Flutterwave, Google, Africa's Talking, and Supabase.
• Personal Data — any information relating to an identified or identifiable natural person, including vehicle registration numbers when linkable to a person, phone numbers, email addresses, and payment references.
• Processing — any operation performed on personal data, including collection, storage, use, transmission, and deletion.
• NDPA 2023 — the Nigeria Data Protection Act 2023 and any regulations made thereunder.
• NDPC — the Nigeria Data Protection Commission.

2. Nature and Purpose of Processing

Processing Activity	Controller	Legal Basis	Data Categories
Driver account management	ParkAfrika	Contract performance	Name, email, phone, vehicle plates
Parking session processing	ParkAfrika	Contract performance	Vehicle plate, zone, time, payment ref
Payment processing	ParkAfrika / Paystack / Flutterwave	Contract performance	Payment token, amount, channel
Fine issuance	State Govts / ParkAfrika	Legal obligation	Vehicle plate, photo evidence, zone, warden ID
Revenue reconciliation	State Govts (joint)	Legal obligation	Aggregated session and payment data
AI dynamic pricing	ParkAfrika	Legitimate interests	Zone occupancy (anonymised)
Platform analytics	ParkAfrika	Legitimate interests	Anonymised usage data

3. Sub-Processors

ParkAfrika uses the following sub-processors. We have executed Data Processing Agreements with each sub-processor ensuring adequate protections equivalent to or exceeding those required by the NDPA 2023.

Sub-Processor	Role	Data Shared	Location
Paystack (Stripe)	Payment processor	Payment initiation data; no card numbers stored by ParkAfrika	Nigeria
Flutterwave	Mobile money processor	Transaction initiation; phone number for mobile money	Nigeria
Africa's Talking	SMS / USSD gateway	Phone number, message content	Kenya (SCC)
Google Cloud (Maps / Vision)	Mapping; plate OCR	Location queries (anonymised); licence plate images	Global (SCC)
Supabase	Database, authentication	All platform data	EU West (SCC; Nigerian migration in progress)
Vercel	Application hosting	No personal data stored at CDN layer	Global (edge; no PII)
Anthropic (Claude API)	AI pricing engine	Anonymised zone occupancy data only — no personal data sent	USA (SCC)

4. Data Security Obligations

ParkAfrika implements and maintains the following technical and organisational security measures:

• Encryption in transit: TLS 1.3 for all API communications; HTTPS enforced across all endpoints
• Encryption at rest: AES-256 for all database storage
• Access controls: Role-based access control (RBAC) — wardens, city admins, and super admins each have access only to data required for their function
• Authentication: Multi-factor authentication required for all admin-level access
• Audit logging: Every data access, modification, and deletion by an admin is logged with timestamp and user ID
• Penetration testing: Quarterly independent penetration testing; results available to government partners on request
• Data minimisation: Only data strictly necessary for each processing purpose is collected and retained
• Anonymisation: Data used for AI pricing and analytics is aggregated and anonymised before processing

5. Government Data Sharing (Lagos State)

Under the ParkAfrika Concession Agreement with State Governments, the following data sharing applies:

• State Governments have real-time read access to zone occupancy, revenue, session counts, and warden performance data via the City Government Dashboard
• Daily automated revenue reconciliation reports are generated and delivered to State Internal Revenue Service (SIRS) designated accounts
• Monthly PDF audit reports are generated automatically for government record-keeping
• Violation data (vehicle plates, evidence photos, fine amounts) is accessible to authorised Ministry of Transportation officers
• Individual driver personal data (name, email, phone) is not shared with State Government unless required by court order or lawful government request under the NDPA 2023

6. Data Breach Response

In the event of a personal data breach, ParkAfrika will:

1. Contain and assess the breach within 12 hours of discovery
2. Notify the NDPC within 72 hours in accordance with Section 40 of the NDPA 2023, whether or not all details are available
3. Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms
4. Notify government partners within 24 hours of any breach affecting government-related data
5. Document the breach, its effects, and remedial actions taken in our breach register
6. Provide a full incident report to affected parties within 14 days of the breach

7. Data Subject Rights Requests

Where ParkAfrika acts as a Data Processor on behalf of a government authority or enterprise client (the Data Controller), we will:

• Forward any data subject rights request to the relevant Data Controller within 3 working days
• Provide reasonable technical assistance to enable the Controller to fulfil the request within the 30-day NDPA response window
• Not independently fulfil or refuse a data subject's rights request without instruction from the Controller, except where required by law

8. Audit Rights

Government partners and enterprise clients have the right to:

• Request written confirmation of ParkAfrika's compliance with this DPA at any time
• Request a copy of ParkAfrika's most recent penetration test report (subject to redaction of sensitive technical details)
• Conduct an audit of ParkAfrika's data processing activities with 30 days' written notice, at the requesting party's cost
• Access the City Government Dashboard at any time to view all transaction, session, and enforcement data in real time

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences, keep you logged in, and understand how visitors use the site. Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (stored on your device for a set period).

Similar technologies such as localStorage and sessionStorage serve similar purposes in web applications and are covered by this policy.

2. Cookies We Use

2.1 Strictly Necessary Cookies

These cookies are essential for the ParkAfrika platform to function. They cannot be disabled as the service will not work without them. They do not track you for marketing purposes.

Cookie Name	Purpose	Duration	Provider
sb-access-token	Keeps you logged in to your ParkAfrika account securely	Session / 1 hour	ParkAfrika (Supabase Auth)
sb-refresh-token	Automatically refreshes your login session so you stay signed in	60 days	ParkAfrika (Supabase Auth)
parkafrika-session	Stores your current parking session reference for the active session screen	Session	ParkAfrika
parkafrika-prefs	Stores your in-app preferences (e.g. notification settings, saved vehicles)	1 year	ParkAfrika

2.2 Performance and Analytics Cookies

We use Vercel Analytics to understand how visitors use the ParkAfrika website. This is privacy-friendly analytics that does not use cookies or fingerprinting and does not track individual users across sites.

Service	Purpose	Data Collected	Privacy Policy
Vercel Analytics	Understand page load performance and visitor counts	Anonymised page views, load times — no personal identifiers, no cross-site tracking	vercel.com/legal/privacy-policy

2.3 Third-Party Service Cookies

Some third-party services integrated into ParkAfrika may set their own cookies. We have selected these services specifically because they offer privacy-friendly implementations where possible.

Service	Purpose	Cookies Set	Opt-Out
Google Maps (Driver App)	Displaying parking zone maps and navigation	Google may set session cookies for Maps API performance	Not available — required for map functionality
Google Fonts	Loading Syne and DM Sans typefaces	Google may log requests; no persistent tracking cookie	Fonts are loaded from Google CDN; unavoidable if fonts are used
Paystack	Payment processing (when checkout opens)	Session cookies during checkout only; deleted on checkout close	Not available — required for payment

3. localStorage and App Storage

The ParkAfrika Driver and Warden apps are Progressive Web Apps (PWAs) and use browser localStorage and IndexedDB for the following purposes:

Storage Item	Purpose	Duration
Zone cache	Caches parking zone data for offline use — enables the app to show your assigned zone even without internet	Until next sync (max 24 hours)
Pending violations queue	For wardens: stores violations issued while offline for sync on reconnect	Until synced (max 72 hours)
Session data	Stores your current active session details for the timer screen	Session duration only
Notification token	Stores your Firebase push notification token to send parking expiry alerts	Until you disable notifications or uninstall the app

4. How to Control Cookies

4.1 Browser Settings

You can control cookies through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in and using the ParkAfrika platform.

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari (iOS): Settings → Safari → Privacy & Security
• Samsung Internet: Settings → Privacy → Smart Anti-Tracking

4.2 In-App Controls

• Push notifications: Toggle on/off in Profile → Notifications in the Driver App
• Location access: Control via your device's app permissions (Settings → ParkAfrika → Location)
• Clear app cache: Driver App → Profile → Clear Cache removes all locally stored data

4.3 Withdrawing Consent

Where processing relies on your consent (location data, push notifications, marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. To withdraw consent, use the in-app controls above or email dpo@parkafrika.ng.

5. Changes to This Cookie Policy

If we introduce new cookies or change how we use existing cookies, we will update this policy and notify registered users via email or in-app notification. We will not introduce advertising or behavioural tracking cookies without your explicit opt-in consent.