ValetMate is an end-to-end valet operations platform QR tags, real-time session tracking, locker management, customer self-service, and optional built-in payments. Everything your team needs in one system.
Built from the ground up for professional valet teams from a single hotel drop-off to a multi-site operation.
Numbered QR codes link each physical tag to a session in seconds. Staff scan with the mobile app no manual entry, no mistakes.
Every session moves through a clear lifecycle: active → parked → key in office (→ key in locker, optional) → collected. Staff and customers see live status via push notifications.
Field staff record the level and bay for every vehicle with optional photo. Relocation history is fully tracked so any team member can retrieve any car.
Assign keys to named lockers with PIN codes. Customers self-collect via the app. Optional revert window lets staff retrieve a key if the customer changes their mind. This avoids costly key retrieval processes involving night staff and call out fees.
Pre- and post-service damage reports with photos and area descriptions. Timestamped and tied to the session, giving you a clear audit trail for dispute resolution.
Customers can request early car retrieval from the app. Staff confirm with a scheduled time. Push notifications keep both sides in sync.
Per-company payment integration lets you charge customers directly through the app. Platform subscriptions are also handled automatically no manual invoicing.
Customers rate their experience after each session. Ratings are visible per car park in the dashboard so managers can track service quality over time.
The full-service workflow staff manage everything from arrival to key handover. The customer is kept informed at every step.
Field staff scan the QR tag with the mobile app. A session is created instantly, linked to the tag and car park.
Customers scan the QR code with their own smartphone to claim their session and receive updates about their session and for potential late night key collection.
Field staff log any damage to the vehicle, including photos and descriptions before any other actions are taken.
Field staff log the bay and level, optionally attaching a photo.
Multiple parking events are recorded if the car is relocated.
Key is checked in to the office or assigned directly to a locker.
Status updates in real time across all devices.
The customer receives a push notification. They can track their session live in the app.
Customer collects directly from the locker using the PIN, or from staff at the desk.
Session is marked complete.
Customer is prompted to rate the experience.
Full session history is available in both the customer app and the manager dashboard.
Session status lifecycle
The customer manages their own session from arrival to payment; no staff interaction required.
The customer scans the QR tag on arrival. A session starts immediately, linked to the tag and car park. No app account required.
The app shows elapsed time and the applicable rate. The customer can monitor their session at any time from the link sent on scan.
When ready to leave, the customer ends the session in the app. The final duration and charge are calculated instantly.
The customer completes payment in the app via their card. A receipt is sent automatically. No staff intervention required.
Session status lifecycle
ValetMate includes a web portal for managers and two mobile apps one for staff, one for customers.
Three built-in roles cover every level of your team. Staff with dual roles can switch modes without a separate login.
Each company gets its own isolated workspace. Billing is handled automatically no manual invoicing.
Full access for a fixed trial period. No credit card required to start. Trial days remaining shown as a banner in the portal.
Full access. Subscription managed automatically. No manual renewal required.
Read-only access while payment is retried. Staff can view sessions but cannot make changes until resolved.
Read-only access to historical data. Company data is retained according to the data retention policy.
ValetMate is built with privacy-first defaults. Customer data is encrypted at rest, never logged in plain text, and automatically purged after a configurable retention period.
Names, emails, phone numbers, vehicle plates, and FCM tokens are encrypted at rest using Fernet symmetric encryption. Indexed lookups use HMAC-SHA256 keyed hashes — plaintext is never stored in a queryable column.
Session PII is automatically redacted after a configurable retention period (default 90 days). A scheduled background task runs this daily without any manual intervention. Session records are preserved for operational reporting.
Customer accounts inactive beyond the configured period receive a warning email 5 days before expiry, then are automatically deleted. Activity is tracked on every login and API call.
Login endpoints are rate-limited per IP. After repeated failures, accounts are locked out automatically. Lockouts clear on successful password reset — without requiring manual admin intervention.
A custom log formatter strips emails and phone numbers from all server log output before writing to disk or any log aggregation system.
Consent decisions are recorded in the database with timestamp, policy version, and a non-reversible IP hash — satisfying GDPR Article 5(2) and Article 7(1) accountability requirements. Analytics scripts are only loaded after explicit consent.
All API sessions use short-lived JWT access tokens. Refresh tokens rotate on every use and are immediately blacklisted after rotation, limiting the exposure window of any compromised token.
Damage photos and session files are served via time-limited signed tokens (2-hour expiry). Staff and customers are restricted to files within their own company scope — no direct URL guessing is possible.
Containerised, cloud-ready, and designed for reliable production deployments.
Fully managed cloud deployment. Updates, migrations, and infrastructure maintenance are handled by AIOZ zero ops burden on your team.
Persistent connections deliver live updates to the dashboard and customer app instantly no polling, no page refreshes, no delay.
Native apps for both staff and customers on iOS and Android. A single login screen handles both account types. Face ID and biometric login supported on both platforms.
The server enforces a minimum app version per platform. Outdated apps are gracefully blocked with an update prompt before they can connect.
Each company is fully isolated. Data, staff, car parks, billing, and payment configuration are all scoped to the company no data leakage between tenants.
AIOZ manages all deployments, updates, and infrastructure. New features and security patches are rolled out without any downtime or action required from you.