Privacy & Data Protection

Privacy Policy

Kingdom Valet

1. Introduction

This Privacy Policy describes how Kingdom Valet ("we," "our," "us") collects, uses, stores, shares, and protects personal information in connection with our digital valet parking platform, including web-based guest intake pages, valet operations tools, SMS messaging, and related technology services.

Kingdom Valet provides valet parking services using digital infrastructure provided by Valletto LLC ("Valletto"). We process personal information solely to support valet services and comply with industry regulations, including:

Valletto processes guest information solely as a service provider to Kingdom Valet and does not independently determine how guest data is used.

  • CTIA Messaging Principles & Best Practices
  • 10DLC (Application-to-Person) registration and carrier guidelines
  • Federal/state privacy laws
  • PCI-DSS (for payments via our payment partners)
  • Relevant building or facility access/security requirements

Use of our services constitutes acceptance of this Privacy Policy and any updates as outlined in Section 10.

2. Information We Collect

We collect only the minimum information necessary to operate valet services, facilitate SMS communication, and comply with audit and security requirements.

2.1 Information You Provide Directly

You may provide the following information when using our digital intake forms or related tools:

  • Phone number (required for SMS updates and identity confirmation)
  • Name (optional; for easier vehicle matching)
  • Vehicle details including license plate, make, model, color
  • Vehicle photos submitted for identification
  • Payment information (handled exclusively by secure third-party processors; Kingdom Valet does not store full card numbers)
  • Notes or instructions related to your valet experience

All information is provided voluntarily as part of the check-in process.

2.2 Information Collected Automatically

To ensure security, service accuracy, and compliance, we automatically collect limited technical and session data:

  • Device type and browser information
  • IP address and network metadata
  • Timestamps for check-ins, messages, and vehicle retrieval
  • Application logs and system event records
  • SMS delivery confirmations and message routing metadata
  • Fraud prevention and anomaly detection signals

We do not collect biometric identifiers, audio recordings, or unrelated personal data.

2.3 No Biometric Data

Kingdom Valet does not collect or process biometric data of any kind, including facial recognition templates, fingerprints, voiceprints, iris scans, or similar identifiers.

3. How We Use Your Information

We use personal information exclusively to support valet operations and comply with security, legal, and carrier requirements. We do not use guest information for advertising, promotions, or unrelated commercial purposes.

3.1 Service Operation & Communication

Information is used to:

  • Check vehicles in and out
  • Identify the correct vehicle and owner
  • Provide real-time SMS updates regarding vehicle status
  • Facilitate safe and accurate vehicle retrieval
  • Assist with disputes, lost items, or security inquiries

3.2 Payments & Fraud Prevention

When payment is involved, information is used to:

  • Process payments securely via PCI-compliant processors
  • Confirm successful transactions
  • Prevent fraudulent activity
  • Provide receipts or confirmations

Kingdom Valet does not store or retain full payment card details.

3.3 Security, Auditing, and Compliance

We maintain logs and other required data to:

  • Support CTIA and 10DLC carrier audit requirements
  • Maintain operational safety records
  • Detect unauthorized or suspicious platform use
  • Ensure proper SMS routing and compliance
  • Perform system diagnostics and improve reliability

3.4 No Advertising or Marketing Use

  • No behavioral tracking
  • No profiling
  • No advertising or remarketing
  • No selling or renting of data
  • No use of your phone number for promotional outreach

SMS messages are strictly service-related only.

4. SMS Consent & Required 10DLC Disclosures

Your phone number is used exclusively for valet service communications on behalf of Kingdom Valet. Our SMS processes strictly follow CTIA and 10DLC carrier requirements.

4.1 Opt-In Disclosure (Brand-Specific & Dynamic)

Before submitting your phone number, you are shown a mandatory disclosure next to a required checkbox. This disclosure is dynamically generated to include the name of Kingdom Valet.

Example:

"I agree to receive SMS updates from Kingdom Valet about my valet service. Message and data rates may apply. Message frequency varies. Reply STOP to unsubscribe or HELP for help."

This disclosure appears inline and must be accepted to proceed.

4.2 Required Regulatory Disclosures

To comply with CTIA, carriers, and 10DLC rules, every intake form and consent page includes:

  • STOP: Ends all valet-related SMS communication
  • HELP: Returns instructions or support contact details
  • Message/data rates may apply
  • Message frequency varies (typically 1–4 messages per session)
  • Clear identification of the sending brand
  • No-sharing clause explicitly referencing your phone number

Your phone number is never shared with third parties for marketing, advertising, or promotional purposes.

4.3 Nature of Messages

Guests only receive messages necessary to:

  • Confirm check-in
  • Provide retrieval instructions
  • Notify when the vehicle is ready
  • Communicate timing or service updates

No marketing, promotions, or ongoing subscriptions are sent.

4.4 Consent Withdrawal

Reply STOP at any time to immediately discontinue SMS communication.

Service or safety-critical notices may still be sent only where required by law or to prevent an immediate safety risk.

5. Information Sharing

We limit data sharing to only what is operationally necessary to provide valet services, comply with carrier requirements, and maintain system security. Personal information — including phone numbers — is never sold, rented, traded, or shared for marketing, advertising, promotional outreach, or data-broker purposes.

5.1 Platform & Infrastructure Providers

We use secure third-party technology providers strictly for hosting, delivering, or supporting our services. These providers process data only under our instructions and only for operational purposes. Providers may include:

Valletto (core platform provider)

  • Digital guest check-in and vehicle intake processing
  • SMS message processing and delivery
  • Session management and system event logging
  • Secure encrypted data storage
  • Fraud prevention and audit logging

Cloud infrastructure vendors (e.g., Firebase, Google Cloud, AWS)

  • Encrypted data storage
  • Server hosting
  • Access-controlled operational tools
  • Application security monitoring

These providers do not have permission to use guest information for their own marketing or analytics.

5.2 Payment Processors

If you complete a digital payment, limited information is shared with certified PCI-compliant processors (such as Stripe) to:

  • Verify card information
  • Process the transaction
  • Prevent fraud
  • Provide payment confirmations

Payment processors do not receive access to SMS consent data or phone numbers for any marketing or promotional purpose.

5.3 Property / Building Management

We may share vehicle- or service-related information with property or building management only when required to operate the valet service or address on-site security or incident-response needs. Examples include:

  • Confirming guest identity during vehicle retrieval
  • Assisting with misplaced keys, vehicles, or safety events
  • Providing logs for damage investigations when legally permitted

Phone numbers are shared only when required for direct service coordination and never for marketing by the building.

5.4 Service Personnel & On-Site Valet Staff

Authorized valet personnel may receive limited access to service-related information to:

  • Check in vehicles
  • Retrieve vehicles
  • Contact guests regarding their vehicle status
  • Handle customer service and safety issues

Personnel are forbidden from using guest information for personal, marketing, or off-platform purposes.

5.5 Legal, Regulatory, and Compliance Requirements

We may disclose information when legally required, including:

  • Valid subpoenas or court orders
  • Law enforcement investigations
  • Carrier or regulatory audits (SMS/10DLC, CTIA compliance)
  • Fraud or abuse prevention
  • Contractual obligations necessary to maintain messaging compliance

Any such disclosure is limited to what the law requires.

5.6 Absolute Restrictions (No Exceptions)

To comply with CTIA, carrier rules, and privacy laws:

  • We do not share or sell your personal information.
  • We do not share your phone number with any third party for their marketing, promotional, or advertising purposes.
  • We do not transfer your data to data brokers.
  • We do not allow third parties to independently use, repurpose, or analyze your data outside of strict operational needs.

6. Data Retention

We retain personal information only for as long as operationally necessary to provide valet services, comply with regulatory requirements, and maintain accurate security and audit logs. Retention periods differ based on data type:

6.1 Service & Operational Records

Information related to active valet sessions (vehicle details, timestamps, service logs, SMS activity) is retained to:

  • Ensure accurate vehicle retrieval
  • Resolve guest disputes
  • Support building management investigations (when applicable)
  • Maintain safety records

Retention: typically 12–24 months, unless a longer period is required for legal or operational reasons.

6.2 Payment Records

Payment-related data is retained only as long as required by PCI-DSS standards, federal tax regulations, fraud monitoring, and financial auditing obligations.

Kingdom Valet does not store full card details at any time.

6.3 SMS & Messaging Logs

SMS logs required for 10DLC/CTIA compliance, carrier audits, or fraud prevention may be retained for up to 3–5 years, as mandated by carrier and regulatory frameworks. Logs are restricted to operational metadata and do not include message content beyond what is required for audit purposes.

6.4 User Requests for Deletion

When deletion is requested, we remove all non-essential data except where retention is required by:

  • 10DLC carrier audit obligations
  • Fraud prevention requirements
  • Building/property incident investigations
  • Applicable state/federal law (e.g., bookkeeping regulations)

We permanently delete data once retention obligations expire.

7. Data Security

We employ multiple layers of administrative, technical, and physical safeguards to protect personal information from unauthorized access, misuse, or disclosure.

7.1 Encryption & Transmission Security

  • All data transmitted between your device and our servers uses encrypted HTTPS/TLS.
  • Sensitive fields (phone numbers, logs, payment tokens) are encrypted at rest using industry-standard protocols (AES-256 or equivalent).

7.2 Access Controls

  • Only authorized personnel with a documented operational need can access restricted data.
  • Access is role-based and logged.
  • Administrative access requires MFA (multi-factor authentication).

7.3 Infrastructure Security

  • Systems are hosted in secure, SOC 2 / ISO 27001–certified environments (e.g., Google Cloud, Firebase).
  • Environments are monitored for intrusion attempts, unauthorized access, and anomalous activity.
  • Automated safeguards detect suspicious usage patterns related to SMS delivery, fraud, or potential misuse.

7.4 Application-Level Security

  • Regular code reviews
  • Third-party dependency scanning
  • Firewalled microservices architecture
  • Segregated databases and access layers to prevent data cross-exposure

7.5 Incident Response

In the event of a suspected or confirmed security incident, we:

  • Immediately restrict access to affected systems
  • Conduct forensic investigation
  • Notify affected parties as required by law
  • Work with property management and relevant authorities (if applicable)

7.6 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Our procedures include:

  • Timeline: Where required by law (e.g., state breach notification statutes), we will provide notice to affected individuals without unreasonable delay and, where applicable, within the timeframe specified by law (commonly 30 to 60 days after discovery or confirmation of the breach, depending on jurisdiction).
  • Method: Notification may be provided by email to the address we have on file, by prominent notice on the Platform or at the valet location, by U.S. mail, or by other means required by applicable law.
  • Content: To the extent required by law, notice will include a description of the incident, the types of information involved, steps we are taking to address the breach, and steps you can take to protect yourself (e.g., monitoring accounts, placing fraud alerts).
  • Regulatory and law enforcement: We will comply with any obligation to notify state attorneys general, regulators, or other authorities as required by applicable breach notification laws.

If you have questions about a potential or confirmed breach, contact us at kingdomvaletoc@gmail.com or (786) 337-2810.

8. Your Rights

Depending on your location and applicable privacy regulations, you may have the following rights regarding your personal information.

8.1 Access & Portability

You may request a copy of the personal data associated with your valet session.

8.2 Correction

You may request correction of inaccurate information, such as vehicle details or contact information used for service updates.

8.3 Deletion

You may request deletion of personal data when:

  • The valet session is complete
  • Retention is not required for legal, regulatory, or audit reasons
  • No payment or fraud holds are pending

8.4 SMS Consent Withdrawal

You may revoke SMS messaging consent at any time by replying STOP.

After revocation:

  • All non-essential SMS communication ceases immediately
  • You may still receive legally required service or safety notices, if applicable

8.5 Limitations

Requests may be denied if fulfilling them would:

  • Violate law
  • Interfere with fraud investigations
  • Prevent accurate service completion
  • Conflict with 10DLC/CTIA compliance record-keeping requirements

8A. State-Specific Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request categories and specific pieces of personal information we collected
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: We do not sell or share personal information
  • Right to Non-Discrimination: No discriminatory treatment for exercising rights

How to Exercise: Email kingdomvaletoc@gmail.com or call (786) 337-2810. We respond within 45 days.

Virginia, Colorado, Connecticut Residents

Residents of these states have rights to:

  • Access and obtain a copy of personal data
  • Correct inaccuracies in personal data
  • Delete personal data
  • Opt out of targeted advertising (we do not engage in this)

Contact kingdomvaletoc@gmail.com to exercise these rights.

Other States

If you reside in Montana, Oregon, Texas, Utah, or another state with privacy laws, contact us for information about your rights.

9. Children's Privacy

Our services are not intended for, directed toward, or designed to collect data from individuals under the age of 13.

We do not knowingly collect or store personal information from minors. If we become aware that a minor has provided personal information:

  • The information will be deleted promptly
  • We may notify the parent or guardian if contact information is available
  • Any related sessions may be terminated to maintain compliance

Parents or guardians may contact us directly to request deletion of a minor's information.

10. Policy Changes

We may update this Privacy Policy at any time to reflect:

  • Regulatory changes
  • 10DLC/CTIA updates
  • Carrier policy changes
  • Security improvements
  • Platform feature enhancements
  • Operational adjustments for valet partners

10.1 Notice of Changes

When updates occur, we will:

  • Post the revised policy on this page
  • Update the "Last Updated" date
  • Notify partners or affected users when a material change impacts rights, SMS procedures, or data-handling practices

10.2 Continued Use

Continued use of valet services after a policy update constitutes acceptance of the revised terms, unless otherwise required by law.

If you do not agree to updated terms, you may discontinue using the service and request deletion of eligible data.

11. Terms of Service Reference

This Privacy Policy explains how we collect, use, store, protect, and handle guest information throughout your valet service experience. Additional legal terms govern your use of the Valletto Platform, including service limitations, guest responsibilities, vehicle handling protocols, payment procedures, SMS compliance requirements, and dispute resolution processes.

For the complete set of legal terms that apply to your use of this service, please review the Terms of Service specific to this valet operator:

https://kingdomvalet.com/terms

If you have questions about how the Terms apply to your valet experience, you may contact the valet company or Valletto using the information found in the Contact section below.

12. Contact Information

For privacy concerns:

  • Email: kingdomvaletoc@gmail.com
  • Phone: (786) 337-2810
  • Address: 800 Brickell Ave, Miami, FL 33131, USA
  • Website: kingdom.valletto.io
Back to Home
Privacy Policy — Kingdom Valet