Privacy
Policy.

Drais provides software for managing bikes, components, maintenance, ride history, gear, and cycling community features. For personal data processed inside Drais, Drais acts as the data controller unless a feature states otherwise.

• Account data. Email address, display name, authentication identifiers, language, settings, and support messages.
• Bike and component data. Bike names, photos, serial numbers if you add them, component details, installation dates, costs, weight, wear estimates, and service intervals.
• Maintenance data. Service logs, reminders, notes, receipts if uploaded, and DIY or shop cost records.
• Ride data. Distance, duration, date, linked bike, imported ride metadata, and manually entered rides. When you record a solo ride, the app accesses GPS on your device to calculate distance and speed. The full GPS track is processed on-device and is not transmitted to other users; summary metrics (distance, duration, date) sync to your account so you can access your history across devices.
• Live location during group rides and SOS. If you join a group ride and choose to enable live tracking, the app broadcasts your current GPS position to other participants of that ride in real time so you can see each other on the map. Live tracking is opt-in and off by default, only active while the group ride is in progress, and stops when you leave the ride or disable it. You can also opt in to persistent ride beacons, which store position points server-side for the duration of the ride. If you trigger the SOS feature, your current precise location is shared with the emergency contacts you have selected. Live location data is used solely for these features and is not used for advertising or sold.
• Integration data. Limited tokens and imported activity data from services you choose to connect, such as activity trackers.
• Voice messages. When you send a voice message in chat, the app accesses your microphone to record the audio clip. Voice recordings are stored only after you choose to send them and are deleted when you or the recipient removes the message. Audio is not used for any purpose beyond delivering the message.
• Community data. Profile details, forum posts, chat messages, marketplace listings, group rides, club activity, and moderation signals.
• Technical data. Device type, app version, logs, crash diagnostics, security events, and sync metadata.
• Website analytics. When you visit drais.app, Google Analytics (GA4) collects page views, approximate geographic location derived from IP address, browser and device type, referrer URL, and session duration. This data is collected on our website only — not in the app — and only after you accept the cookie notice. It is processed by Google LLC under Google's own privacy policy and used solely to understand how visitors use the site.

We do not sell personal data. We do not use bike, ride, or maintenance data for third‑party advertising.

• To create and secure your account.
• To store, sync, and display your bikes, parts, rides, gear, maintenance, and costs.
• To calculate component mileage, wear estimates, service reminders, and ownership insights.
• To provide community, chat, marketplace, club, and group ride features when you use them.
• To connect optional integrations that you authorize.
• To respond to support, security, and privacy requests.
• To improve reliability, prevent abuse, and comply with legal obligations.

• Contract. To provide the Drais app and account features you request.
• Consent. For optional integrations, certain communications, permissions you can withdraw, and website analytics (Google Analytics) where you accept the cookie notice on drais.app.
• Legitimate interests. To secure the service, prevent fraud, understand app reliability, and improve product quality.
• Legal obligation. When we must retain or disclose limited information to comply with applicable law.

If you connect a third‑party service such as an activity tracker, Drais imports only the data needed for the feature you authorize, such as activity distance, date, duration, and linked gear where available. Drais uses this data to update ride history, bike mileage, component wear, and maintenance reminders. Drais does not write activities back to any activity tracker and does not sell or share activity tracker data for advertising.

You can disconnect integrations from the app at any time. If you revoke access through a third‑party provider, Drais will stop using that connection and remove tokens according to the provider's deauthorization flow and our retention rules.

Drais stores core app data locally on your device and syncs it to cloud infrastructure so your account can work across devices. We use service providers for hosting, authentication, database, storage, support, security, and diagnostics, including Supabase (authentication, database, and storage), PowerSync (offline sync), and Sentry (crash reporting and diagnostics). These providers process data on our instructions and must apply appropriate security measures.

Sentry processes crash logs, stack traces, device context (model, OS version, app version), and breadcrumbs leading up to errors so we can fix bugs quickly. Sensitive fields — including access tokens, refresh tokens, encrypted payloads, ride GPS coordinates, and message content — are scrubbed before transmission. Crash data is processed on Sentry infrastructure in the EU (Frankfurt) or United States. See Sentry's privacy policy and Data Processing Addendum.

Open-Meteo provides weather forecasts for ride planning features. When the app needs a forecast — for example, the rain nudge before a planned ride — we send your approximate latitude and longitude to Open-Meteo's public weather API and receive the forecast in return. No account identifier, device identifier, or API key is transmitted with the request. Open-Meteo is operated from Germany and states it does not log personal data. See Open-Meteo's terms.

Depending on your location and infrastructure availability, data may be processed in the European Economic Area, the United States, or other regions where our providers operate. Where GDPR applies and data leaves the EEA, we use appropriate safeguards such as contractual protections offered by our processors.

We keep account and app data while your account is active or as needed to provide the service. You can delete your account in the app or by contacting support@drais.app. On‑device data is removed when the app completes account deletion or when you uninstall and remove local app data. Server‑side account records are deleted or anonymized within 30 days unless a longer period is legally required. Backup copies expire as backups rotate.

Crash logs and diagnostics (Sentry) are retained for up to 90 days and then automatically deleted from Sentry's systems. We do not export Sentry data to other systems.

Depending on where you live, including if GDPR applies, you may have the right to access, correct, delete, restrict, export, or object to processing of your personal data. You may also withdraw consent where processing is based on consent.

To exercise these rights, email support@drais.app. You also have the right to lodge a complaint with your local data protection authority.

Drais is not intended for children under 16. If you believe a child has provided personal data without appropriate consent, contact us so we can review and remove it.

We may update this policy as Drais evolves. Material changes will be reflected on this page and, where appropriate, communicated in the app.