Privacy Policy
Last updated: February 2026
1. Data Controller
FABWIND LDA, Portugal (NIF: PT516581716) is the data controller for MyClub within the meaning of the EU General Data Protection Regulation (GDPR). Contact: info@myclubride.com
2. Data We Collect
| Category | Data | When |
|---|---|---|
| Account | Name, email, profile photo | Google/Apple sign-in |
| Location | GPS coordinates | During rides only (foreground + background with permission) |
| Rides | GPS tracks, distance, elevation, duration, speed, segment times | When you record or import a ride |
| Groups | Group name, membership, ride results, leaderboards | When you create/join a group |
| Device data | Heart rate, power, cadence | If you connect Garmin/Wahoo via OAuth |
| Strava data | Your segment efforts, KOMs, PRs, heart rate, power | If you connect Strava via OAuth (shown only to you) |
| Photos | Images, GPS location of photo | If you add photos to a ride |
| Technical | Device model, OS version, app version, crash logs | Automatically |
3. Legal Basis (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the service — recording rides, displaying live positions, segment matching, notifications.
- Legitimate interest (Art. 6(1)(f)): Improving the app, preventing abuse, crash analytics.
- Consent (Art. 6(1)(a)): Background location access, optional third-party integrations (Garmin, Wahoo, Strava), family tracking link sharing. You can withdraw consent at any time.
4. How We Use Your Data
- Display your position during Live Rides (visible to ride group members only).
- Match rides against segments and update leaderboards.
- Send ride notifications and group updates.
- Generate post-ride summaries (stats, photos, awards).
- Deliver routes to connected Garmin/Wahoo devices.
- If you connect Strava: display your personal Strava highlights in your private post-ride view; upload your ride to Strava if phone-only.
- Enable family tracking via shareable browser link.
- Detect potential crashes and relay SOS alerts to your group and emergency contacts.
- Improve the app, fix bugs, analyse usage patterns (aggregated, non-personal).
5. Data Sharing
We do NOT sell your data. Your data is shared only in the following circumstances:
- Your group: Ride data, live GPS position, segment results, and photos are visible to members of your group.
- Family tracking: If enabled, your live position and speed are visible via a unique link.
- Third-party platforms: If you connect Garmin, Wahoo, or Strava via OAuth 2.0.
- Infrastructure providers: Firebase (Google Cloud, EU region), map tile providers.
- Legal requirements: If required by Portuguese or EU law.
6. Live Ride GPS
During a Live Ride, your real-time GPS position is shared with your ride group only. This data is transmitted via Firebase Realtime Database (EU region) and is automatically deleted when the ride ends.
6b. Activity Route Intelligence
When you grant route contribution consent, anonymised route shapes from your activities are stored to power loop suggestions. The anonymised shape consists of the polyline only — the first and last 200 metres are trimmed, and no timestamps, heart rate, power, or cadence data are included.
Consent withdrawal: Withdrawing consent deletes your contributed route shapes and scrubs your identifier from other members' track metadata.
7. Crash Detection & SOS
If crash detection is enabled, the app uses phone accelerometer and gyroscope data to detect potential impacts. Sensor data is processed locally on your device and is not stored on our servers.
8. Family Tracking
The family tracking feature generates a unique, time-limited browser link. This link expires when the ride ends. You can disable this feature at any time.
9. Third-Party Integrations
Garmin Connect
If you connect your Garmin account, we access your activity data to enhance your cycling experience. This data remains strictly personal and private to you, is never sold, and can be disconnected at any time.
Other Integrations
- Wahoo Cloud: OAuth 2.0. Wahoo Privacy Policy
- Strava: OAuth 2.0. Strava Privacy Policy
- Firebase (Google Cloud): EU region. Firebase Privacy
10. Data Retention
- Account data: Retained while your account is active.
- Ride data: Retained while active. You can delete individual rides.
- Live GPS data: Automatically deleted when each ride ends.
- Account deletion: Permanently removes all data within 30 days.
11. Your Rights (GDPR)
You have the right to: access, rectification, erasure, data portability, restriction, objection, and consent withdrawal.
Contact: info@myclubride.com. We respond within 30 days.
You may lodge a complaint with the Portuguese data protection authority (CNPD — cnpd.pt).
12. International Transfers
Your data is processed within the EU. Any transfers outside the EU/EEA use Standard Contractual Clauses.
13. Security
We implement encryption in transit (TLS), Firebase security rules, and OAuth authentication.
14. Children
MyClub is not intended for users under 16. We do not knowingly collect data from children.
15. Cookies
The website uses essential cookies only (language preference). No advertising or tracking cookies.
16. Premium Subscriptions
Payment processing is handled by Stripe, Inc. We do not store credit card details. Stripe Privacy Policy
17. Advertising
Free users may see non-personalised ads via Google AdMob. Ads are never shown during rides or over safety features. Premium subscribers see no ads.
18. Changes
We may update this policy at any time. Material changes will be communicated via the app or email.
19. Contact
FABWIND LDA · Viseu, Portugal · NIF: PT516581716