Privacy Policy
1. Data Controller
The data controller for Velolog is:
2Matter OÜHarju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115
Estonia
Registry code: 17464264
Contact:
2. Data We Collect
Velolog collects and processes the following categories of data:
- Account information — your email address and, optionally, a display name, obtained when you sign in with Google.
- Ride and activity data — distance, duration, elevation, date, and a trainer-ride indicator, either entered manually or imported from a service you connect (Strava, intervals.icu or Wahoo). Velolog does not collect or store GPS coordinates, routes, heart-rate, or power data.
- Bicycle and maintenance data — the bikes, components, maintenance logs, and notes you create in the app.
- Subscription information — your subscription tier, status, and renewal or expiry date, and a transaction identifier. Payment is handled by Google Play; Velolog never receives or stores your card or payment details.
- Device and app data — a notification token (so we can send maintenance alerts), a Firebase app-instance identifier, app-interaction events, and crash and diagnostic information. See Section 4.
3. Connected Services
If you choose to connect an activity service, Velolog reads your ride data from it using read-only access that you authorize and can revoke at any time:
- Strava — ride activities and basic profile information. Activity data shown in the app is marked “Powered by Strava”. We keep raw data received from Strava for no longer than 7 days; after that, only the wear-related values Velolog derives from it are retained.
- intervals.icu — ride activities and settings.
- Wahoo — ride activities.
Reading data in from these services counts as collection under applicable rules, even though Velolog only reads and never writes back to them. You can disconnect a service at any time in the app, after which we stop importing new data from it.
4. Analytics, Crash Reporting, and Notifications (Google Firebase)
The Velolog mobile app uses Google Firebase services to keep the app reliable and to let us know when something needs your attention:
- Firebase Analytics — to understand, in aggregate, how the app is used (for example, which features are opened) so we can improve it. This may include a Firebase app-instance identifier and app-interaction events.
- Firebase Crashlytics — to record crashes and diagnostic information so we can fix problems. This may include device type and app state at the time of a crash.
- Firebase Cloud Messaging — to send you maintenance alerts and reminders. This uses a device notification token.
Analytics and crash reporting run only with your consent. You can give or withdraw this consent at any time in the app's settings; if you withdraw it, Velolog stops collecting analytics and crash data. Maintenance notifications are part of the core service and can be controlled through your device's notification settings.
This information is processed by Google acting as our service provider and may be stored on Google's infrastructure. For details of how Google handles it, see Google's Privacy Policy (policies.google.com/privacy) and “How Google uses information from sites or apps that use our services” (policies.google.com/technologies/partner-sites).
We do not use this data for advertising, and Velolog shows no third-party ads.
5. Purpose and Legal Basis
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Velolog service | Performance of contract (Art. 6(1)(b)) |
| Managing your subscription and payments | Performance of contract (Art. 6(1)(b)) |
| Sending maintenance alerts and reminders | Performance of contract (Art. 6(1)(b)) |
| Analytics and crash reporting | Consent (Art. 6(1)(a)) |
| Keeping the service secure and preventing abuse | Legitimate interest (Art. 6(1)(f)) |
| Meeting legal obligations | Legal obligation (Art. 6(1)(c)) |
6. How We Share Data
We do not sell your personal data. We share data only with the service providers needed to operate Velolog, and with authorities where the law requires:
- Google / Firebase — analytics, crash reporting, and push notifications, as described in Section 4 (with your consent for analytics and crash reporting).
- RevenueCat — our subscription-management provider, which processes subscription events using an identifier that is not your name or email address.
- Google Play — processes your payment; Velolog does not receive your payment details.
- Cloud infrastructure providers — hosting within the European Union.
- Connected activity services you authorize (Strava, intervals.icu, Wahoo), for the read-only import described in Section 3.
- Law enforcement or regulatory authorities, when required by applicable law or valid legal process.
7. Data Retention
We retain your data for as long as your account is active. When you delete your account, your personal data is removed within 30 days, except where the law requires us to keep limited records. Raw data received from Strava is kept for no longer than 7 days. After deletion, we keep only a single anonymized record — containing no personal information — to confirm that the deletion took place.
8. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure of your data
- Restrict or object to processing
- Data portability
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with the Estonian Data Protection Inspectorate
To exercise these rights, contact us using the details in Section 1, or delete your account directly as described in Section 9. We will respond within 30 days.
9. Deleting Your Account
You can delete your Velolog account and the data tied to it at any time:
- In the app — go to My Account → Account & Data → Delete My Account and type DELETE to confirm. Your account then enters a 48-hour cancellation window before deletion becomes permanent.
- On the web — if you can't sign in, follow the instructions on our Delete your account page to request deletion by email.
For full details of what is deleted and what is kept, see the Delete your account page.
10. Cookies and Tracking
The Velolog website does not use cookies or any third-party tracking or analytics. The Velolog mobile app does not use cookies; the only usage measurement it performs is the Firebase analytics and crash reporting described in Section 4, which run with your consent.
11. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date.