Vezpa di Paolo Vezzola
Last updated: April 19, 2026
Vezpa di Paolo Vezzola
Registered office: Via San Zeno 67, 25015 Desenzano del Garda (BS), Italy
VAT ID: 04449070988 · Tax Code: VZZPLA84C10D284C
Email: [email protected] · PEC: [email protected]
This notice applies to the Vezpa App distributed through:
it.vezpa.pmsUse of the app requires creation of a property-specific account. The app is intended for professional users over 18 years of age (hospitality property operators and their authorized personnel).
Important: guest data is owned by the property. Vezpa acts as a Data Processor (Service Provider under CCPA; art. 28 GDPR where applicable), governed by the DPA.
| Permission | Purpose | Required |
|---|---|---|
| Camera | Capture of guest identity document images for OCR and transmission to authorities | Optional (alternative: manual entry) |
| Push notifications | Receive notifications for new bookings, check-ins, guest requests | Optional (app works without) |
| Biometric authentication (Face ID / Touch ID / fingerprint / Windows Hello) | Quick login after first password authentication. Biometric data never leaves the device and is not disclosed to Vezpa. | Optional |
| Storage / Files | Local saving of PDF reports, invoices, guest registration forms generated by the app | Optional |
| Internet | Communication with Vezpa servers | Required |
| REQUEST_INSTALL_PACKAGES (Android sideload only) | Automatic installation of updates via APK downloaded from Vezpa servers. Not present in the Google Play version. | Required only for the sideload flavor |
| SDK / Service | Provider | Purpose | Data Processed |
|---|---|---|---|
| Firebase Cloud Messaging (FCM) | Google LLC / Google Ireland Ltd | Push notifications delivery | Device token, technical identifiers |
| StoreKit / Google Play Billing / Microsoft Store | Apple Inc. / Google LLC / Microsoft Corp. | In-app purchases and subscription management | Purchase tokens, subscription status, store account ID |
| Stripe SDK (guest payment page only) | Stripe Payments Europe Ltd | Card payment processing | Card data handled by Stripe, not transmitted to Vezpa |
| local_auth (biometrics) | Operating system (Apple / Google / Microsoft) | Local biometric unlock | No biometric data transmitted to Vezpa |
| Flutter Secure Storage | Platform (Keychain iOS/macOS, EncryptedSharedPreferences Android, DPAPI Windows) | Local storage of JWT tokens and credentials | Refresh tokens, encrypted by the operating system |
| share_plus | Open Source | File sharing (PDF, reports) with system apps | Files selected by the user |
Vezpa does not integrate behavioral analytics SDKs (e.g., AppsFlyer, Mixpanel, Facebook SDK), advertising SDKs, or profiling SDKs. No cross-app tracking under Apple App Tracking Transparency (ATT).
Data is not used for advertising, profiling, or tracking purposes.
User data is retained for the duration of the contract + tax obligations (10 years for invoicing).
The user may request account deletion through the dedicated feature in the app or by contacting the Data Controller. Some data may be retained for legal obligations (invoicing, security logs).
Guest data (for which Vezpa is a Data Processor) follows the Data Controller's instructions as regulated by the DPA.
Data is not sold or publicly disclosed. It may be shared with sub-processors listed at vezpa.it/subprocessors and, limited to booking data, with OTA channels activated by the property.
For data transmitted to public authorities (Police Authority, ISTAT, Feratel, SES, NTAK, eVisitor, SEF, UbyPort, eTurizem), please refer to the general Privacy Policy.
Communications with US providers certified under the DPF (Google/Firebase, Stripe, Microsoft, DigitalOcean) occur on the basis of the EU-U.S. Data Privacy Framework (Commission Decision (EU) 2023/1795). Apple does not participate in the DPF: the contractual relationship for EU users is with Apple Distribution International Ltd (Ireland) and any transfers to Apple Inc. (USA) are governed by SCC 2021/914. Communications with STAAH (channel manager) occur on the basis of the EU adequacy decision for New Zealand (Commission Decision (EU) 2013/65). Tuya (China, optional) is governed by SCC 2021/914.
Under articles 15-22 GDPR (where applicable) and US state privacy laws including the CCPA/CPRA, users may exercise rights of access (right to know), rectification (right to correct), deletion, restriction, portability, objection, and opt-out of sale/sharing (Vezpa does not sell or share). Requests can be submitted through the app or to [email protected].
Complaints to the supervisory authority: Italian Data Protection Authority (Garante). US residents may also file complaints with their state Attorney General or the Federal Trade Commission (FTC) where applicable.
The App is intended exclusively for adult users (professional operators). It does not knowingly collect data from minors. In accordance with COPPA, we do not knowingly collect information from children under 13.
This notice may be updated. Changes will be published on this page and, if material, communicated via email and dashboard with at least 15 days' notice.
For privacy information or requests:
[email protected]
PEC: [email protected]
https://vezpa.it
California residents: see our California Privacy Rights page for CCPA/CPRA-specific disclosures.
© 2022-2026 Vezpa – All rights reserved | Privacy Policy | Terms of Service | Cookie Policy | California Privacy Rights | DPA | Sub-processors