Last updated: 22 April 2026
The controller of your personal data is MTBIZ Marcin Tymków, Michałowice 61, 49-314 Michałowice, Poland, tax ID (NIP): 747 191 21 58, operator of Charge&Sleep available at chargeandsleep.com. Contact for data protection matters: hello@chargeandsleep.com
Registration data: email address and password (stored hashed by the authentication provider). Profile data (optional): first name, last name, avatar. Electric-vehicle data (optional): model, battery capacity, connector type, charging preferences. User-generated content: stay ratings, comments, charger status reports, photos of charging stations and facilities. Technical data: IP address, session identifier, server logs, browser metadata. Analytics data (only after your consent): usage events, traffic source, Google Analytics client identifier.
Account management, sign-in and service delivery — performance of contract (Art. 6(1)(b) GDPR). Displaying your ratings, photos and reports to other users — performance of contract (Art. 6(1)(b) GDPR). Transactional emails (sign-up confirmation, password reset, submission status notifications) — performance of contract (Art. 6(1)(b) GDPR). Content moderation and service security — our legitimate interest (Art. 6(1)(f) GDPR). Product analytics and traffic measurement (Google Analytics) — only with your consent (Art. 6(1)(a) GDPR), collected via a Google Consent Mode v2 cookie banner. Bookkeeping and invoicing — legal obligation (Art. 6(1)(c) GDPR, Polish Accounting Act).
By uploading photos of chargers, hotels or other facilities, you represent that you hold the copyright or have the necessary permission to share them. By uploading a photo you grant us a non-exclusive, royalty-free, worldwide licence to display, crop, compress and present it within the service and in materials promoting the service (for example social-media previews). The licence applies for as long as the content is published on the service. Photos are stored in Supabase Storage.
Account data — until account deletion, or 3 years from your last sign-in, whichever comes first. Published content (ratings, photos, reports) — until you delete it or your account is deleted. Server logs and technical data — 90 days. Accounting and invoicing data — 5 years from the end of the financial year (statutory obligation). Analytics data (after consent) — 14 months.
You have the right to access your data, rectify it, erase it (right to be forgotten), restrict processing, data portability and to object to processing based on legitimate interest. You may withdraw analytics consent at any time, without affecting the lawfulness of prior processing, by reopening the cookie banner from the footer. You have the right to lodge a complaint with the Polish data-protection authority (Prezes UODO, ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl) or your local supervisory authority if you believe processing infringes the GDPR.
We engage the following trusted providers under Data Processing Agreements:
Supabase, Inc. — database, authentication, file storage (Supabase Storage); EU infrastructure.
Vercel, Inc. — web-application hosting; transfer to the USA under Standard Contractual Clauses (SCC).
Google Ireland Limited — Google Analytics 4 traffic measurement (only after your consent); transfer to the USA under SCC.
Resend, Inc. — transactional email delivery (sign-up, notifications, password reset); transfer to the USA under SCC.
Mapbox, Inc. — map tiles and geocoding; transfer to the USA under SCC.
PHU Dorot Dorota Jakubik — accounting and bookkeeping services (limited to invoicing data).
We never sell your data or share it with third parties for marketing purposes.
Sign-in currently uses email and password. We plan to add sign-in with external identity providers (such as Google or Apple) in the future — this policy will be updated before such providers are enabled.
Some processors are established outside the European Economic Area (mainly the USA). Transfers are carried out under Standard Contractual Clauses adopted by the European Commission (SCC) and, where applicable, under the EU-US Data Privacy Framework if the provider is certified.
The service uses strictly-necessary cookies (session, theme, language, memory of your consent decision) that are set without asking — the service cannot function without them. Analytics cookies (Google Analytics) and any marketing cookies are only set after you grant consent in the cookie banner. We implement Google Consent Mode v2 — by default all non-essential consent categories are denied until you grant explicit consent. You can change your decision at any time by reopening the cookie banner from the footer.
The service does not enforce a formal minimum age. If you are a minor, make sure you have your parent's or legal guardian's consent before creating an account or posting content.
We reserve the right to update this policy. We will notify registered users of material changes at least 14 days in advance by email and by an in-service notice. The date of the last update is shown at the top of this document.
For all data-protection matters: hello@chargeandsleep.com. Postal address: MTBIZ Marcin Tymków, Michałowice 61, 49-314 Michałowice, Poland.