Privacy Policy

Last updated: March 12, 2026

BikeLab ("we", "our", "the app") is a cycling analytics application that helps riders track performance, monitor bike health, and improve training. This policy describes how we collect, use, and protect your data.

1. Data We Collect

When you use BikeLab, we collect the following information:

• Strava account data: Your Strava athlete ID, name, profile photo, and access tokens (via OAuth2 authorization).
• Activity data: Cycling activities synced from Strava, including distance, duration, speed, heart rate, cadence, power, elevation, and GPS metadata.
• Bike and gear data: Bike names, mileage, and gear information from your Strava profile.
• Profile data you provide: Weight, age, gender, experience level, heart rate zones, and training preferences entered within the app.
• User-generated content: Photos uploaded to your garage, planned rides, goals, and checklist items.

2. How We Use Your Data

• Display ride analytics, performance charts, and training insights.
• Calculate bike component wear and maintenance schedules.
• Generate personalized nutrition plans based on your profile and ride parameters.
• Track progress toward your cycling goals.
• Generate AI-powered ride analysis reports (ride metrics — not personal data — are sent to OpenAI for text generation).
• Evaluate and award achievements based on your activity history.

3. Third-Party Services

BikeLab integrates with the following third-party services:

• Strava API: To authenticate your account and sync cycling activities. Governed by Strava's Privacy Policy.
• OpenAI API: To generate ride analysis text. Only aggregated ride metrics (distance, speed, heart rate, elevation) are sent — no personal identifiers.
• ImageKit: To store user-uploaded photos securely in the cloud.

4. Data Storage and Security

Your data is stored on secure PostgreSQL databases hosted on managed infrastructure. Access tokens are encrypted. All communication between the app and our servers uses HTTPS/TLS encryption.

We do not store your Strava password. Authentication is handled entirely through Strava's OAuth2 flow.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only with the third-party services listed above, strictly for the purposes of providing app functionality.

6. Data Retention

Your data is retained as long as your account is active. Cached activity data on our servers expires automatically (within hours). AI analysis cache is cleaned up after 10 days.

7. Your Rights

You have the right to:

• Access your data: All your data is visible within the app.
• Delete your account: Go to Profile → Account Settings → Delete Account. This permanently removes all your data from our servers, including activities, goals, achievements, and profile information.
• Disconnect Strava: Go to Profile → Strava Integration → Unlink. This revokes our access to your Strava data and frees your athlete slot.
• Request data export: Contact us at the email below.

8. Children's Privacy

BikeLab is not intended for children under 13. We do not knowingly collect data from children under 13.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the app constitutes acceptance of the revised policy.

10. Contact

If you have questions about this privacy policy or your data, contact us at:
melodicharm@gmail.com