Introduction

PedalCare (“we”, “us”, “our”) provides a bike maintenance app that helps riders track service history, record repairs, and receive maintenance reminders. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and your choices and rights. This policy applies to data collected through the PedalCare mobile app and related services.

Summary of key points

• You remain in control: connecting Strava is opt-in and you may disconnect at any time.
• We only use Strava data for features that help you maintain your own bikes (mileage, service reminders, service logs).
• We do not share, sell, or use Strava data for advertising, analytics sold to third parties, or AI/ML training.
• Short caches of Strava API responses are kept for performance only and are not kept longer than seven (7) days; Strava-derived data is deleted promptly when you request it or revoke access (we commit to removing or ceasing display within 48 hours where applicable).
• We use secure channels (HTTPS) and follow industry-standard security practices.

What data we collect

Data you provide directly

• Account information such as name and email when you register.
• Bike and maintenance records you create in the app (component names, service dates, notes, photos you upload).
• Support requests or messages you send to us.

Data from Strava (only if you choose to connect Strava)

• Basic Strava profile information (display name, username) for display and attribution.
• Activity summaries required to determine ride distance and date (used to update bike mileage and to populate service logs).

We do not request or store Strava credentials; authorization is performed using Strava’s OAuth flow.

Usage and device data

• App usage analytics and crash reports (to help us maintain and improve the app). These may come from third-party services (e.g., Firebase Crashlytics). You can opt out of analytics where the app provides such an option or by contacting support.
• Device and performance information (device model, OS version, app version) collected for diagnostics.

How we use your data

To operate the app and provide its features, including:

• Updating per-bike mileage from your connected Strava account.
• Triggering maintenance reminders based on actual ride distance and time.
• Populating service logs with ride date and distance that triggered service events.
• To respond to support requests and communicate about your account.
• To diagnose and fix technical issues and improve the product.
• To comply with legal obligations.

Strava data: specific use and limitations

We only access Strava data for the individual user who authorizes PedalCare and only for the purposes listed above. We do not display or disclose Strava Data for other users. We do not use Strava Data for targeted advertising, profiling for ads, resale, or for AI/ML model training. We comply with Strava’s brand and attribution requirements and will display Strava branding where required by Strava’s Brand Guidelines.

If you revoke PedalCare’s access via Strava or within the app, we will stop requesting your Strava data and will delete Strava-derived data as described in the Retention & Deletion section.

Data retention, caching, and deletion

Short-term caching: We may cache Strava API responses and related data short-term for performance. Such raw Strava API caches are retained no longer than seven (7) days.

Derived data: Mileage totals and service logs derived from Strava activity are stored as part of your PedalCare account so the information remains available to you.

Deletion upon request or disconnect: If you disconnect Strava or request deletion of Strava-derived data, we will remove Strava-derived records from our systems and caches promptly and will ensure any Strava data is no longer displayed within 48 hours where applicable. If you request complete deletion of your PedalCare account, we will delete personal data (including Strava-derived data) in accordance with applicable law and this policy; we will also cease any future access to Strava for that account.

Legal or technical exceptions: We may retain certain information if required by law, to comply with legal obligations, to resolve disputes, or to enforce our agreements.

Sharing and disclosure

We do not sell or rent your data. We do not disclose Strava Data to third parties except to service providers who perform services on our behalf (e.g., hosting, analytics, crash reporting). These providers are contractually bound to protect your data and not use it for unrelated purposes. We may disclose data when required by law or to respond to lawful requests by public authorities. If you explicitly request that we share data (for example, exporting service records), we will do so. We will not share Strava Data with advertisers, data brokers, or for AI/ML model training.

Third-party services and links

We use third-party services such as Strava (API), Firebase (authentication, Firestore, storage, crash reporting), and other service providers. These providers have their own privacy practices; please review their privacy policies. Strava’s API use is governed by the Strava API Agreement and our use of Strava Data is constrained by that agreement. The app may contain links to third-party sites. We are not responsible for their privacy practices.

Security

We use industry-standard technical and organizational measures to protect personal data in our possession, including secure transport (HTTPS) and secure storage practices for credentials and tokens. OAuth tokens and other sensitive credentials are stored securely and access is restricted. If we become aware of a data breach involving Strava Data or other personal data, we will notify affected users and Strava as applicable and will take steps to mitigate harm. We aim to acknowledge security incidents promptly and notify affected users and Strava within 24 hours of discovery where possible.

Your rights and choices

Access and portability: You can request a copy of your personal data that we hold.

Rectification: You can ask us to correct inaccurate data in your account.

Deletion: You can request deletion of your account and/or Strava-derived data. Use the contact details below or the in-app deletion options where available. We will comply with deletion requests in accordance with this policy and applicable law; Strava-derived data will be removed within 48 hours where applicable.

Revoke Strava access: You may disconnect PedalCare from Strava at any time via PedalCare settings or via Strava account settings (Strava → Settings → My Apps → Revoke access for PedalCare).

Opt-out of analytics: If the app provides opt-outs for analytics, use the in-app setting or contact support.

To exercise any of the rights above, contact us at support@pedalcare.io. We may ask for information to verify your identity prior to fulfilling requests.

Children

The app is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us and we will take steps to remove the information.

International transfers

We operate and host data in [your hosting region(s)]. If personal data is transferred outside your country or the EEA/UK, we will use appropriate safeguards and will comply with applicable data protection laws.

Retention of logs and legal obligations

We may retain certain logs or aggregated technical information for longer periods for operational, legal, or security reasons. Where personal data must be kept to meet legal obligations, we will protect it and limit access.

Regulatory & compliance notices

If you are an EU or UK resident, you may have additional rights under the GDPR/UK GDPR. You can make requests, lodge a complaint with a supervisory authority, or contact us for assistance. California residents: you may have rights under the CCPA/CPRA. Contact us for details about your rights.

Changes to this policy

We may update this Privacy Policy from time to time. When changes are material, we will notify you by posting the updated policy with a new effective date and, where appropriate, by other means such as email.

How to contact us

For support, requests, or privacy questions: support@pedalcare.io

For legal or compliance requests, data access, deletion, or portability: support@pedalcare.io

Data deletion request template (copy/paste)

Subject: PedalCare — Data deletion request

Body: “Hello — please delete all Strava-derived data and personal data for my PedalCare account. My PedalCare account email is [your email]. My Strava username is [your Strava username]. Please confirm when deletion is complete. Thank you.”