Privacy Policy

What We Collect

When you sign in with Strava, we collect your name, profile photo, and Strava athlete ID. We also access your recent ride activities to automatically detect group rides.

How We Use Your Data

• Your name and photo are shown to other members of groups you join
• Ride activity data (start time, location) is used to match riders who rode together
• Payment records track shared expenses within your groups
• We do not sell, license, or share your data with third parties
• We do not use your data for advertising, analytics, or AI/ML training

Strava Data

This application uses the Strava API but is not endorsed or certified by Strava. Your Strava activity data is used solely for ride detection within your groups. We cache Strava profile images for up to 7 days. You can disconnect your Strava account at any time from your profile page.

Data Storage & Security

Your data is stored in a secure PostgreSQL database hosted on Neon. OAuth tokens are encrypted at rest and transmitted only over HTTPS. Access tokens are automatically refreshed and never exposed to other users.

Your Rights

• Access: View all your data on your profile and group pages
• Disconnect: Revoke Strava access from your profile page — this deauthorises PelotonTab on Strava's side
• Delete: Delete your account and all associated data from your profile page. Deletions are processed immediately
• Withdraw consent: You can revoke access at any time by disconnecting Strava or deleting your account

Data Retention

We retain your data for as long as your account is active. When you delete your account, all your personal data, group memberships, ride records, and payment history are permanently deleted. Strava activity data cached for ride detection is also removed.

Contact

For questions about your data or this privacy policy, contact us at support@pelotontab.com.