Legal

Privacy Policy

Last updated:

At Riderr, your privacy is not an afterthought — it's a design constraint. Riderr is local-first: your ride data lives on your device, and what reaches our server is what you choose to send, at the privacy tier you select. This Privacy Policy explains what we collect, why, how we use and protect it, and what choices you have.

01What We Collect (And Where It Lives)

Riderr is a local-first application. When you record a ride, every GPS point, speed reading, and battery sample is written to a SQLite database on your device first. Your phone — not our server — is the source of truth for your ride history. We only ever see what you choose to send us, and what we receive depends on the privacy tier you select.

If you create an account, we collect the information you provide directly: your username, email address, and password hash (or your OAuth provider identifier, if you sign in with a third party). When the app talks to our server, we also log incidental request data — IP address, user agent, request timestamps — for abuse prevention and rate limiting. Usage analytics, where collected, are aggregated and de-identified.

02How We Use Your Information

We use the information we collect to operate, maintain, and improve Riderr; to surface your ride history, statistics, and insights back to you on demand; to send you technical notices, security alerts, and account-related messages; and to respond to your support requests.

Aggregated and de-identified data may be used to analyze usage trends, measure the effectiveness of new features, and improve the overall quality of the service. This data cannot reasonably be used to identify you.

03Ride Telemetry — Three Privacy Tiers

Riderr offers three privacy tiers for ride data, selectable per-account in the app. Your choice controls exactly what leaves your device.

Heartbeat (maximum privacy). Only presence pings during a ride and a final summary (distance, duration, max speed, average speed, battery delta, regen percentage). No GPS coordinates ever leave your phone. Your route, including its origin and shape, stays local.

Relative-Signed (default). The shape of your route is uploaded — but only as relative coordinates, rotated by a random angle per ride, with the origin point discarded. The server can render the shape but cannot place it on a map or learn where you started. Summary statistics are signed with an HMAC key that we deliver to your device once and then discard server-side. We can verify your stats are intact but we cannot read or modify the route.

Encrypted Backup (full GPS, end-to-end encrypted). The full GPS trace is encrypted on-device with AES-256-GCM under a key that lives in your iCloud Keychain. The server stores the ciphertext and the metadata needed to deliver it back to your devices, but it cannot decrypt the contents. If you switch devices, iCloud Keychain restores the key automatically.

Location data is only collected while a ride session is active, or when you explicitly enable background tracking in your device settings. You can review and permanently delete individual rides — locally and on the server — at any time from your account.

04Anonymous Mode

You can use Riderr without creating an account. In anonymous mode, no email, password, or personally-identifying information is collected. Every ride is recorded and stored on your device only — nothing is uploaded.

If you later choose to create an account, Riderr can optionally import your existing local rides into your new account at the privacy tier of your choice. You are prompted before any upload happens, and you may decline.

05End-to-End Encryption & Signed Summaries

For rides at the Relative-Signed tier, summary statistics are signed using an HMAC-SHA256 key that we generate during your first authenticated session, deliver to your device once, and then mark as delivered. After delivery, we retain the key version but not the bytes. We use the key only to verify the signatures you submit; we cannot forge or alter signed summaries.

For rides at the Encrypted Backup tier, the encryption key is a 32-byte random value stored in your iCloud Keychain with synchronization enabled. We never transmit it to our server. Encrypted payloads bind both the ciphertext and the surrounding metadata via authenticated encryption, so any server-side tampering with metadata is detectable on decryption.

Because we don't hold your encryption key, we cannot restore Encrypted-Backup ride data after you lose access to your Apple ID. Treat your Apple ID recovery as the recovery story for your encrypted ride backups.

06Data Sharing & Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only with the service providers we depend on to operate the platform — for example, cloud infrastructure, email delivery, and push-notification services — and only to the extent necessary to deliver the service. These providers are bound by confidentiality and data-protection commitments.

If you configure outbound webhooks for ride events, the payloads we send contain the fields you would expect (ride id, distance, timing). Identifying details about your specific board — its serial number and battery serial — are only included when you explicitly enable that on a per-hook basis.

We may disclose information when required by law, regulation, or valid legal process, or when we reasonably believe disclosure is necessary to protect the rights, property, or safety of Riderr, our users, or the public.

07Purchases & Subscriptions

If you purchase Riderr Pro, the transaction itself is processed by the Apple App Store — we never see or store your payment card details. To unlock Pro on your account, we store an entitlement record consisting of the Apple transaction identifiers, the product purchased, and its current status and expiry date. Apple sends our server notifications about renewals, cancellations, refunds, and expirations so that your access remains accurate.

We use this purchase information solely to determine whether your account is entitled to Pro features. We do not use it for advertising, and we do not sell it to anyone.

08Data Retention & Deletion

Data on your device is retained for as long as you keep the app installed and continue to use it. Deleting the app removes all local ride data immediately.

Server-side data is retained for as long as your account is active. If you delete your account, we remove your personal information and ride data from our active systems within 30 days and from offline backups within 90 days, except where retention is required by law. Aggregated, de-identified statistics may be retained indefinitely.

09Security & Audit Log

We implement industry-standard technical and organizational safeguards. All network traffic is encrypted with TLS 1.2 or higher. Passwords are stored using a one-way memory-hard hash and are never accessible in plaintext. Sensitive material — encryption keys, summary keys, recovery codes — never appears in our logs.

Privileged actions taken against your account by Riderr operators are recorded in an audit log visible from your account dashboard. Entries flagged with an ADMIN badge represent actions taken by us rather than by you. We aim to keep this log honest even when it isn't flattering.

No security system is impenetrable. We will notify affected users without undue delay if we ever become aware of a breach that affects their data.

10Your Rights & Choices

Depending on your location, you may have the right to access, correct, or delete the personal information we hold about you; to object to or restrict certain processing activities; and to receive a portable copy of your data in a machine-readable format. The app exposes self-service controls for the most common operations: data export, individual ride deletion, account deletion, and privacy-tier selection.

You may opt out of non-essential communications at any time by adjusting your notification preferences in the app. Opting out of marketing communications will not affect transactional or account-security messages.

11Children's Privacy

Riderr is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us and we will take steps to remove that information from our systems promptly.

12Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app or by email. We encourage you to review this policy periodically.

13Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out at [email protected]. We aim to respond within five business days.