Information you provide

• Email address — for authentication via sign-in code or password. Used to send login codes and essential account notifications.
• Display name and avatar — provided during onboarding for your public profile visible to other riders.
• Ride content — titles, descriptions, GPX routes, ride images, meetup locations, and ride settings you create.
• Messages — ride group messages and direct messages you send to other users.

Information collected automatically

• Location — used to show rides near you and center the map. Collected via browser geolocation with your permission. You can disable precise location in Settings.
• Timezone — detected from your browser to display ride times correctly.
• Distance unit preference — metric or imperial, stored in your profile.
• Device and usage data — browser type, pages visited, interactions with features.
• Error data — when something goes wrong, we capture error details and a session replay of the interaction to help us fix bugs.

Information from third parties

• Strava — if you connect your Strava account, we import activity data you select (route, distance, title). We do not access your Strava data without your explicit action. You can disconnect at any time in Settings.

Your data is used solely to provide the ridito service:

• Showing rides near you based on your location
• Letting you host, RSVP to, and message about rides
• Displaying your profile to ride participants
• Sending essential notifications (login codes, ride updates)
• Improving the app by understanding usage patterns and fixing errors

We do not sell your data. We do not run ads. We do not share your data with third parties for marketing purposes.

We use trusted third-party providers to operate ridito. These include services for:

• Hosting and infrastructure — our app and database are hosted on cloud platforms that may process your data (including IP address) to serve requests.
• Authentication — login and session management are handled by a dedicated auth provider.
• Analytics and error tracking — we use an analytics provider to understand usage patterns and capture errors. When an error occurs, a session replay may be recorded to help us diagnose the issue.
• Image hosting — ride photos and avatars are stored and served via a cloud image service.
• Maps and location — map tiles and location search are provided by third-party mapping services.
• Activity import — if you choose to connect Strava, we import only the activity data you select. You can disconnect at any time.

We use cookies for:

• Authentication — session tokens for login
• Preferences — timezone, location, distance unit, dismissed UI states
• Analytics — anonymous session identifier

We do not use tracking or advertising cookies.

• Account data is retained as long as your account is active.
• Ride data for past rides is retained indefinitely (ride history is a feature).
• Messages are retained as long as the associated ride or conversation exists.
• Analytics datais retained per our analytics provider's standard retention policy.

• Access — contact us to request a copy of your data.
• Correction — update your profile information at any time in Settings.
• Deletion — delete your account from Settings. All associated data is permanently deleted immediately. This action is irreversible and cannot be undone.
• Strava disconnect — revoke Strava access at any time in Settings. We delete the connection data immediately.
• Location — disable precise location in Settings. The app will use approximate location from your IP address instead.

• All data is transmitted over HTTPS.
• Authentication uses email sign-in codes or hashed passwords via a dedicated auth provider.
• Database access is protected by row-level security — users can only access their own data and public ride information.
• We do not store raw passwords.

ridito is not intended for users under 18. We do not knowingly collect data from minors.

We may update this policy. If we make material changes, we will notify you via email or an in-app notice. Your continued use of ridito after changes constitutes acceptance.