CafeRide

Privacy Policy

Last Updated: 12 December 2025

1. Introduction

Welcome to Cafe Ride ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: When you register, we collect your name, email address, password (stored in encrypted form), and optionally your country and region.
  • Profile Information: You may provide additional information such as a bio, location, website, and profile image.
  • Content: We collect content you create, including cafe reviews, ratings, photos, ride reports, route information, club posts, and comments.
  • Club and Ride Data: Information about clubs you create or join, rides you organize or attend, and RSVP status.

2.2 Information from Third-Party Services

  • Strava Integration: If you connect your Strava account, we access your activity data, routes, and photos (with your explicit consent). This includes ride activities, route information, and associated metadata.
  • Facebook Login: If you sign in with Facebook, we receive your basic profile information (name, email, profile picture).

2.3 Automatically Collected Information

  • Usage Data: Information about how you use the Service, including pages visited, features used, and interactions.
  • Location Data: When you create routes, review cafes, or participate in rides, we collect location information (coordinates, addresses) necessary to provide the Service.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Session Data: Authentication tokens and session information stored in cookies.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To create and manage your account, provide access to features, and deliver the Service.
  • Route and Ride Management: To help you plan routes, organize rides, and find nearby cafes.
  • Social Features: To enable club membership, following other users, activity feeds, and social interactions.
  • Communication: To send you account-related emails (verification, password resets, review reminders), notifications about club activities, and service updates.
  • Content Display: To show your reviews, ride reports, and other content to other users (according to your privacy settings).
  • Analytics and Improvement: To understand how the Service is used, identify issues, and improve functionality.
  • Legal Compliance: To comply with legal obligations and protect our rights and the rights of our users.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent (e.g., connecting Strava, subscribing to notifications).
  • Contract Performance: To fulfill our contract with you (providing the Service you requested).
  • Legitimate Interests: To improve the Service, ensure security, and prevent fraud.
  • Legal Obligation: To comply with applicable laws and regulations.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

5.1 Third-Party Service Providers

  • Hosting and Infrastructure: Netlify (hosting), Neon (database hosting), AWS S3 (image storage).
  • Email Services: Mailgun (for sending transactional and notification emails).
  • Mapping Services: Google Maps (for route planning and location services).
  • Authentication: NextAuth (session management), Strava and Facebook (OAuth providers).

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Public Information

Some information you provide is publicly visible by default (e.g., cafe reviews, ride reports, club posts). You can control visibility through your profile settings and privacy preferences.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

6. Cookies and Local Storage

We use cookies and similar technologies to:

  • Authentication: Session cookies to keep you logged in.
  • Preferences: Local storage to remember your settings and preferences.
  • Functionality: To enable core features of the Service.

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data, except where we are required to retain it for legal purposes. Some content (e.g., reviews, ride reports) may remain visible if it was shared publicly, but will be disassociated from your account.

8. Your Rights (GDPR)

Under GDPR and other data protection laws, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time (e.g., disconnect Strava).

To exercise these rights, please contact us using the information provided in Section 11. We will respond within one month.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of passwords and sensitive data
  • Secure HTTPS connections
  • Regular security assessments
  • Access controls and authentication
  • Secure cloud storage with access controls

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for services like Netlify, AWS, and Google). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with GDPR.

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@caferide.co.uk

Website: https://caferide.co.uk

You also have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

← Back to Home