Privacy Policy

Last updated: December 20, 2025

1. Introduction

CycleHub ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using CycleHub, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use the Platform.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when using the Platform:

  • Account Information: Name, email address, password, profile photo
  • Club Information: Club name, description, location, branding assets
  • Payment Information: Billing address, payment method details (processed securely by Stripe)
  • Profile Data: Bio, cycling preferences, fitness level
  • Content: Routes, ride descriptions, photos, comments, messages

2.2 Information from Third-Party Services

When you connect third-party services to your account:

  • Strava: Athlete profile, activities, segment efforts, performance data
  • We only access data you explicitly authorize through OAuth permissions

2.3 Automatically Collected Information

We automatically collect certain information when you use the Platform:

  • Usage Data: Pages viewed, features used, time spent, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Location Data: Approximate location based on IP address (not precise GPS)
  • Cookies and Tracking: Session tokens, preferences, analytics data

3. How We Use Your Information

We use collected information for the following purposes:

  • Provide Services: Create and manage your account, process transactions, deliver features
  • Personalization: Match you with appropriate rides, recommend routes, customize your experience
  • Communication: Send ride notifications, membership updates, important service announcements
  • Analytics: Understand usage patterns, improve features, optimize performance
  • Safety and Security: Detect fraud, prevent abuse, enforce our Terms of Service
  • Legal Compliance: Comply with legal obligations and protect our rights
  • Marketing: Send promotional emails about new features (you can opt out anytime)

4. How We Share Your Information

4.1 Within Your Club

When you join a club, certain information is visible to club admins and other members:

  • Name, profile photo, bio
  • Membership tier and join date
  • Ride RSVPs and participation history
  • Performance data (if you choose to share it)

4.2 Public Information

Some information is publicly visible without login:

  • Club names, descriptions, and branding on club discovery page
  • Public routes and ride information (if club settings allow)
  • Shop products and pricing

4.3 Service Providers

We share information with trusted third-party service providers:

  • Stripe: Payment processing and subscription management
  • Hosting Providers: Infrastructure and data storage
  • Analytics Services: Usage tracking and performance monitoring
  • Email Services: Transactional and marketing emails

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.5 Business Transfers

If CycleHub is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Active Accounts: Retained while your account is active
  • Deleted Accounts: Most data deleted within 30 days; some data retained for legal/accounting purposes
  • Transaction Records: Retained for 7 years to comply with tax and accounting laws
  • Backup Data: May persist in backups for up to 90 days

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: HTTPS/TLS for data in transit, encryption at rest for sensitive data
  • Authentication: Secure password hashing (bcrypt), OAuth 2.0 for third-party integrations
  • Access Controls: Role-based permissions, limited employee access
  • Monitoring: Automated security monitoring and incident response
  • Regular Audits: Periodic security assessments and penetration testing

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information at any time through your account settings.

7.2 Data Portability

You can request a copy of your data in a structured, machine-readable format.

7.3 Deletion

You can delete your account at any time. Note that some information may be retained as described in Section 5.

7.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any email or updating your notification preferences.

7.5 Cookies

You can configure your browser to refuse cookies, but this may limit Platform functionality.

7.6 Third-Party Connections

You can disconnect third-party services (like Strava) at any time through your account settings.

8. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Portability: Receive your data in a portable format
  • Right to Object: Object to certain data processing activities
  • Right to Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at privacy@cyclehub.app.

9. Children's Privacy

CycleHub is not intended for users under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell your data)
  • Right to Non-Discrimination: We will not discriminate for exercising your rights

12. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Understand usage patterns and improve the Platform
  • Preference Cookies: Remember your settings and preferences

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Platform. Your continued use after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@cyclehub.app
Data Protection Officer: dpo@cyclehub.app
Address: [Your Business Address]

← Back to Home