Vezpa di Paolo Vezzola
Last updated: April 19, 2026
Vezpa di Paolo Vezzola
Registered office: Via San Zeno 67, 25015 Desenzano del Garda (BS), Italy
VAT: 04449070988 · Tax code: VZZPLA84C10D284C
Email: [email protected] · PEC: [email protected]
This notice applies to the Vezpa App distributed through:
it.vezpa.pmsUse of the app requires creating an account dedicated to the accommodation property. The app is intended for professional users over 18 years of age (property managers and their authorized personnel).
Important: Guest data belongs to the property. Vezpa acts as Data Processor under GDPR art. 28 (where applicable) and as service provider / third party under PIPEDA, governed by the DPA.
| Permission | Purpose | Required |
|---|---|---|
| Camera | Capturing images of guest identity documents for OCR and transmission to authorities | Optional (alternative: manual entry) |
| Push notifications | Receiving notifications on new bookings, check-ins, guest requests | Optional (the app works without them) |
| Biometric authentication (Face ID / Touch ID / fingerprint / Windows Hello) | Fast login after the first password authentication. Biometric data never leaves the device and is not communicated to Vezpa. | Optional |
| Storage / Files | Local saving of PDF reports, invoices, guest reports generated by the app | Optional |
| Internet | Communication with Vezpa servers | Required |
| REQUEST_INSTALL_PACKAGES (Android sideload only) | Automatic installation of updates via APK downloaded from Vezpa servers. Not present in the Google Play version. | Required only for the sideload flavour |
| SDK / Service | Provider | Purpose | Data processed |
|---|---|---|---|
| Firebase Cloud Messaging (FCM) | Google LLC / Google Ireland Ltd | Sending push notifications | Device token, technical identifiers |
| StoreKit / Google Play Billing / Microsoft Store | Apple Inc. / Google LLC / Microsoft Corp. | In-app purchase and subscription management | Purchase token, subscription status, store account ID |
| Stripe SDK (guest payment page only) | Stripe Payments Europe Ltd | Card payment processing | Card data handled by Stripe, not transmitted to Vezpa |
| local_auth (biometrics) | Operating system (Apple / Google / Microsoft) | Local biometric unlock | No biometric data transmitted to Vezpa |
| Flutter Secure Storage | Platform (Keychain iOS/macOS, EncryptedSharedPreferences Android, DPAPI Windows) | Local storage of JWT tokens and credentials | Refresh tokens, encrypted by the operating system |
| share_plus | Open Source | Sharing files (PDF, reports) with system apps | Files chosen by the user |
Vezpa does not integrate behavioural analytics SDKs (e.g. AppsFlyer, Mixpanel, Facebook SDK), advertising SDKs or profiling SDKs. No cross-app tracking under Apple App Tracking Transparency (ATT).
Data is not used for advertising, profiling or tracking purposes. We do not sell your personal information.
User data is kept for the duration of the contract + tax obligations (10 years for invoicing; minimum 6 years for Canadian customers under CRA requirements).
The user may request account deletion through the dedicated feature in the app or by writing to the Data Controller. Some data may be retained for legal obligations (invoicing, security logs).
Guest data (for which Vezpa is Data Processor) follows the Data Controller's instructions as regulated in the DPA.
Data is not sold or disseminated. It may be disclosed to the sub-processors listed at vezpa.it/subprocessors and, limited to reservation data, to the OTA channels activated by the property.
For data transmitted to public authorities (Questura, ISTAT, Feratel, SES, NTAK, eVisitor, SEF, UbyPort, eTurizem, and where applicable CRA and provincial authorities), please refer to the general Privacy Policy.
Communications with USA providers certified active under the DPF (Google/Firebase, Stripe, Microsoft, DigitalOcean) take place under the EU-U.S. Data Privacy Framework (Commission Decision (EU) 2023/1795). Apple does not participate in the DPF: the contractual relationship for EU users is with Apple Distribution International Ltd (Ireland), and any transfers to Apple Inc. (USA) are governed by Standard Contractual Clauses 2021/914. Communications with STAAH (channel manager) take place under the EU Adequacy Decision for New Zealand (Commission Decision (EU) 2013/65). Tuya (China, optional) is governed by SCC 2021/914. Canadian users are informed that their personal information may be transferred to, stored in, and processed in the EU, USA, New Zealand or other jurisdictions, and may be subject to lawful access by foreign authorities.
Under GDPR arts. 15-22 (where applicable) and under PIPEDA / Quebec Law 25, the user may exercise rights of access, rectification, erasure, restriction, portability and objection. Requests may be submitted through the app or to [email protected].
Complaints to the supervisory authority: Italian Data Protection Authority (Garante per la Protezione dei Dati Personali). Canadian users may also file a complaint with the Office of the Privacy Commissioner of Canada - OPC (www.priv.gc.ca). Quebec residents may contact Commission d'acces a l'information (CAI, www.cai.gouv.qc.ca).
The App is intended exclusively for adult users (professional managers). It does not knowingly collect data from minors.
This notice may be updated. Changes will be published on this page and, if material, communicated by email and dashboard with at least 15 days' notice.
For information or privacy requests:
© 2022-2026 Vezpa - All rights reserved | Privacy Policy | Terms of Service | Cookie Policy | DPA | Sub-processors | Canadian Privacy Rights