LEGAL
Privacy Policy
Last updated: June 2026
1. Who We Are
RideTheBound ("we", "our", "us") is the operator of the RideTheBound indoor cycling platform, accessible at ridethebound.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.
2. Information We Collect
We collect the following categories of information: • Account information: when you sign in with Google, we receive your name, email address, and profile picture via Google OAuth 2.0. • Fitness & performance data: heart rate, cadence, power output, speed, and route data transmitted by your connected smart trainer or sensors. • Usage data: pages visited, features used, session duration, and interaction logs to improve the Service. • Device information: browser type, operating system, IP address, and approximate location (country/region level).
3. How We Use Your Information
We use the information we collect to: • Create and manage your account. • Deliver the core cycling experience, including real-time trainer resistance control and performance tracking. • Personalise your experience (Zone 2 coaching targets, daily challenges, leaderboards). • Sync your rides to Strava when you explicitly request it. • Send transactional emails (ride summaries, account notices). • Analyse usage patterns to improve features and fix bugs. • Comply with legal obligations.
4. Google OAuth & Limited Use
RideTheBound uses Google OAuth 2.0 for authentication. We only request the scopes necessary to identify you (email and basic profile). We do not access your Gmail, Google Drive, Google Contacts, or any other Google service data. The information received from Google APIs is used in accordance with the Google API Services User Data Policy, including the Limited Use requirements.
5. Strava Integration
If you connect your Strava account, we request permission to upload activities on your behalf. We only upload activities you explicitly approve. We do not read your Strava feed, followers, or any other Strava data beyond what is required to post the ride. You can disconnect Strava at any time from your profile settings.
6. Data Sharing
We do not sell your personal data. We may share your information with: • Service providers: hosting, analytics, and email services that process data on our behalf under strict data processing agreements. • Google: as required by our use of Google OAuth (governed by Google's Privacy Policy). • Strava: only the activity data you explicitly choose to sync. • Legal authorities: if required by applicable law or to protect the rights and safety of our users.
7. Data Retention
We retain your account data for as long as your account is active. Fitness and ride data is retained for up to 3 years to power your personal history and statistics. You may request deletion of your data at any time by contacting us or by deleting your account from your profile settings, after which we will erase your personal data within 30 days.
8. Your Rights
Depending on your jurisdiction, you may have the right to: • Access the personal data we hold about you. • Correct inaccurate data. • Request erasure of your data ("right to be forgotten"). • Object to or restrict processing of your data. • Data portability — receive your data in a machine-readable format. • Withdraw consent at any time (where processing is based on consent). To exercise any of these rights, contact us at legal@ridethebound.com.
9. Cookies & Tracking
We use essential cookies to maintain your session and authentication state. We may use analytics cookies to understand how users interact with the Service. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.
10. Security
We implement industry-standard security measures including HTTPS encryption, OAuth 2.0 for authentication, and regular security audits. However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your Google account.
11. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice at least 14 days before the change takes effect. Continued use of the Service after that date constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team at: legal@ridethebound.com RideTheBound, Spain