Template privacy notice — not legal advice. Review with counsel before launch, especially for health-related ride data and US transfers.
1. Controller
Andreas Kämpf, Thomas-Muentzer-Str. 22, 99084 Erfurt, Germany. Contact: hello@ride2map.app.
2. What RIDE2MAP is
RIDE2MAP (https://ride2map.app) lets you import ride files or connected sources, replay routes on a map, save rides to your account, and create share links. We are based in Germany; many technical providers process data in the United States (see Subprocessors).
3. Categories of data
- Account data — email address, auth identifiers (magic link / Google OAuth via Supabase), profile preferences (e.g. board type).
- Ride data — GPS tracks, timestamps, speed, elevation, and board telemetry (duty cycle, battery, temperatures) when present in your import; activity titles and metadata you save.
- Connected providers — OAuth tokens for Strava / Floaty (encrypted at rest) when you choose to connect; we fetch only what you request.
- Usage data — page paths for product analytics (anonymous visitor cookie), server logs, and error diagnostics.
- Payment data — when you subscribe via Stripe, payment is handled by Stripe; we receive subscription status, not full card numbers.
4. Purposes and legal bases (GDPR Art. 6)
- Provide the service (contract / pre-contractual steps) — accounts, imports, replay, cloud saves, share links.
- Security and abuse prevention (legitimate interests) — rate limits, fraud prevention, integrity of share URLs.
- Product improvement (legitimate interests / consent where required) — aggregated usage analytics; you can dismiss non-essential tracking via our cookie notice where applicable.
- Legal obligations — tax and billing records for paid plans.
5. Health and sensitive data
Some imports (e.g. Strava streams) may include heart rate or similar vitals. We process this only to display your replay HUD and stored ride — not for medical purposes. Do not upload data you are not allowed to share. You can delete saved rides from your account.
6. International transfers
Subprocessors in the US (Vercel, Supabase, Mapbox, Stripe, etc.) may process data outside the EEA. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and provider Data Processing Agreements. Prefer EU Supabase region when your plan supports it.
7. Retention
- Account and saved rides — until you delete them or close your account.
- OAuth tokens — until you disconnect the provider or delete your account.
- Server logs — typically rolling retention on the host (e.g. 30–90 days).
- Billing records — as required by commercial and tax law.
8. Your rights
If you are in the EEA/UK, you may have rights to access, rectify, erase, restrict, port, and object to processing, and to lodge a complaint with your supervisory authority (in Germany, your local Landesdatenschutzbehörde). Contact hello@ride2map.app to exercise these rights.
9. Push notifications
If we enable web or mobile push notifications in the future, we will ask for consent and update this policy with the provider used and opt-out instructions.
10. Children
RIDE2MAP is not directed at children under 16. Do not use the service if you are below the age required in your country without parental consent.
11. Changes
We may update this policy; material changes will be reflected on this page with an updated date.