Privacy Policy

Last updated: January 2025

Table of Contents

1. Introduction

Welcome to Velovate, a cycling platform operated by Sassy Dog Enterprises LLC ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile applications, and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

Data Controller: Sassy Dog Enterprises LLC
Contact: privacy@velovate.app

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password, profile photo, and biographical information
  • Team Information: Team names, descriptions, member roles, and organizational details
  • Activity Data: Ride details, GPS tracks, distance, duration, elevation, and performance metrics
  • Fundraising Data: Campaign details, donation information (processed by third-party payment processors)
  • Communications: Messages sent through our platform, support requests, and feedback
  • Payment Information: Billing details for premium subscriptions (processed securely by third-party payment processors)

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on platform, click patterns
  • Device Information: Device type, operating system, browser type, IP address, unique device identifiers
  • Location Data: GPS coordinates during ride tracking (only when you explicitly enable location services)
  • Cookies and Similar Technologies: See Section 9 for details

2.3 Information from Third Parties

  • Authentication Services: When you sign in using third-party services (e.g., Google, Apple), we receive basic profile information
  • Fitness Platforms: Activity data from connected services like Strava or Garmin (with your permission)
  • Social Media: Public profile information if you connect your social media accounts

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Provide and maintain our Services
  • Process your ride tracking and activity data
  • Enable team collaboration and communication
  • Facilitate fundraising campaigns and events

3.2 Communication

  • Send you service-related notifications and updates
  • Respond to your inquiries and support requests
  • Send newsletters and marketing communications (with your consent)
  • Notify you about team activities, rides, and fundraising updates

3.3 Improvement and Analytics

  • Analyze usage patterns to improve our Services
  • Conduct research and development
  • Debug and fix technical issues
  • Personalize your experience

3.4 Safety and Security

  • Detect and prevent fraud, spam, and abuse
  • Enforce our Terms of Service
  • Protect the rights and safety of our users
  • Comply with legal obligations

3.5 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contract: Processing necessary to provide our Services
  • Consent: You have given clear consent for specific purposes
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing required by law

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you explicitly consent, such as when you share a ride with your team or make your profile public.

4.2 Service Providers

We share information with third-party vendors who perform services on our behalf:

  • Cloud hosting providers (e.g., Microsoft Azure, Cloudflare)
  • Payment processors for premium subscriptions
  • Analytics services
  • Email and communication services
  • Customer support tools

4.3 Team Members

When you join a team, certain information (name, profile photo, ride data) may be visible to other team members based on team privacy settings.

4.4 Legal Requirements

We may disclose information if required by law or if we believe it is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Velovate, our users, or others
  • Detect, prevent, or address fraud or security issues

4.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy. Specific retention periods include:

  • Account Data: Retained while your account is active and for up to 90 days after deletion
  • Activity Data: Retained indefinitely unless you request deletion
  • Usage Logs: Retained for up to 24 months
  • Payment Records: Retained for 7 years for tax and accounting purposes

You may request deletion of your data at any time. Some information may be retained in backup systems for up to 90 days after deletion requests.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

You can access and download your personal data through your account settings or by contacting us.

6.2 Correction

You can update or correct your account information at any time through your profile settings.

6.3 Deletion

You can request deletion of your account and associated data. Note that some information may be retained as described in Section 5.

6.4 Marketing Opt-Out

You can unsubscribe from marketing emails using the unsubscribe link in our emails or through your account preferences.

6.5 Location Services

You can disable location tracking at any time through your device settings or app preferences.

6.6 Cookie Management

You can manage cookie preferences through your browser settings. See Section 9 for more details.

7. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

7.1 Right to Access

You have the right to request confirmation of whether we process your personal data and to access that data.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances.

7.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

7.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing.

7.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

To exercise your GDPR rights:
Email us at privacy@velovate.app with "GDPR Request" in the subject line. We will respond within 30 days.

8. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

8.1 Right to Know

You have the right to request information about the personal data we have collected about you in the past 12 months.

8.2 Right to Delete

You have the right to request deletion of your personal data, subject to certain exceptions.

8.3 Right to Opt-Out

We do not sell personal information. If our practices change, we will update this policy and provide an opt-out mechanism.

8.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

8.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf.

To exercise your California privacy rights:
Email us at privacy@velovate.app or call our toll-free number (to be added). We will verify your identity and respond within 45 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

9.1 Essential Cookies

Required for the Services to function properly (e.g., authentication, security).

9.2 Analytics Cookies

Help us understand how users interact with our Services (e.g., Google Analytics).

9.3 Preference Cookies

Remember your settings and preferences.

9.4 Marketing Cookies

Used to deliver relevant advertisements (only with your consent).

9.5 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of our Services.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

11. Children's Privacy

Our Services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@velovate.app, and we will delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country's laws.

When we transfer personal data from the EEA to other countries, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Privacy Shield certification (where applicable)

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending you an email notification (for significant changes)

Your continued use of our Services after the effective date of the updated policy constitutes acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sassy Dog Enterprises LLC
Email: privacy@velovate.app
General Support: support@velovate.app
Address: [To be added - company address]

Data Protection Officer: dpo@velovate.app (for GDPR-related inquiries)