Privacy Policy
This Privacy Policy explains how [Velo Passport / your name or company] ("we", "us", "our") collects, uses, and protects your personal data when you join our waitlist or, in future, use the Velo Passport app. We are committed to handling your data in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR.
1. Who we are
Velo Passport is an independent cycling progress-tracking project. It is not affiliated with the European Cyclists' Federation or the official EuroVelo network. The data controller is [your name / company], contactable at [your-contact-email].
2. Information we collect
Today, while we are pre-launch, we only collect what you give us:
- Waitlist email address — when you submit the signup form.
- Basic technical data — our form provider and host may log standard request data (e.g. IP address, timestamp, browser type) to deliver and secure the service.
If and when you use the future app, we expect to additionally process:
- Account details you provide (e.g. name, email).
- Ride data you choose to import — GPX files and, if you connect it, Strava activity data (routes, distances, timestamps) used to match rides to EuroVelo routes and calculate your progress.
- Content you create — saved milestones, notes, photos, and passport progress.
3. How we use your data
- To add you to the waitlist and send launch updates and early-access invitations.
- To operate, secure, and improve the website and (in future) the app.
- To match imported rides to EuroVelo routes and show your progress and stamps.
- To respond to your enquiries.
We do not sell your personal data.
4. Legal bases (GDPR Article 6)
- Consent — for joining the waitlist and receiving marketing/update emails. You can withdraw consent at any time (see "Your rights").
- Contract — to provide app features you sign up for.
- Legitimate interests — to keep our service secure and working, balanced against your rights.
5. Service providers we use
We share data only with processors that help us run the service, under appropriate agreements:
- Formspree — processes waitlist form submissions.
- Vercel — hosts this website.
- [Supabase] — will store app account and progress data (future).
- [Strava] — if you choose to connect it, under Strava's own terms and API agreement (future).
6. International transfers
Some providers may process data outside the EEA/UK. Where they do, we rely on appropriate safeguards such as Standard Contractual Clauses or an adequacy decision. Details available on request at [your-contact-email].
7. Data retention
We keep waitlist data until you unsubscribe or ask us to delete it, or until the waitlist is no longer needed. App data will be retained for as long as your account is active and then deleted or anonymised within [retention period, e.g. 30 days] of account closure.
8. Your rights
Under the GDPR/UK GDPR you have the right to:
- access a copy of your data;
- rectify inaccurate data;
- erase your data ("right to be forgotten");
- restrict or object to processing;
- data portability;
- withdraw consent at any time; and
- lodge a complaint with your local supervisory authority (e.g. your national Data Protection Authority).
To exercise any of these, email [your-contact-email].
9. Cookies & analytics
This site currently uses no advertising or tracking cookies. If we add privacy-friendly analytics in future, we will update this policy and, where required, ask for your consent.
10. Children
The service is not directed at children under [16], and we do not knowingly collect their data.
11. Changes to this policy
We may update this policy from time to time. We will revise the "Last updated" date above and, for significant changes, notify waitlist subscribers by email.
12. Contact
Questions about this policy or your data? Email [your-contact-email].