Privacy policy.

Drais provides software for managing bikes, components, maintenance, ride history, gear and community features. For personal data processed within Drais, Drais acts as the data controller unless a feature states otherwise.

Data controller: Lukasz Klemens (KVK: 64745239). For privacy questions and GDPR requests: info@drais.app.

• Account data. Email address, display name, authentication IDs, language, settings and support messages.
• Device permissions. Depending on your device and settings, Drais may use: GPS (for solo ride tracking and live group ride location), microphone (for voice messages in chat), photo gallery (for bike and maintenance photos), camera (optional for photography), and location data (for live tracking in group rides and SOS). You can manage device permissions at any time in your device settings.
• Bike and component data. Bike names, photos, serial numbers (if you add them), component details, installation dates, costs, weight, wear estimates and service intervals.
• Maintenance data. Service logs, reminders, notes, receipts (if you upload them) and cost records for DIY or workshop work.
• Ride data. Distance, duration, date, linked bike, imported ride metadata and manually entered rides. For a solo ride, the app uses GPS on your device to calculate distance and speed. The full GPS trace is processed locally and is not sent to other users; summary data (distance, duration, date) syncs to your account.
• Live location during group rides and SOS. If you participate in a group ride and enable live tracking, the app shares your current GPS position in real time with other participants. Live tracking is opt-in and off by default, active only during the group ride, and stops as soon as you leave the ride. Live location data is stored on your device during the ride and is automatically deleted from Drais servers 24 hours after the group ride ends. During SOS, your location is shared with your selected emergency contacts. Live location data is not used for advertising or sold.
• Advertising identifier (Apple IDFA). On Apple devices, the app may use your Apple Identifier for Advertising (IDFA) to track ad conversions and measure advertising performance (only if you've consented to analytics tracking). You can opt out via Settings → Privacy → Tracking and select our app.
• Integration data. Limited tokens and imported activity data from services you connect (such as activity trackers).
• Voice messages. If you send a voice message in chat, the app uses your microphone. Recordings are stored only if you send them and are deleted when you or the recipient deletes the message.
• Community data. Profile data, forum posts, chat messages, marketplace listings, group rides, club activity and moderation signals.
• Technical data. Device type, app version, logs, crash diagnostics, security alerts and sync metadata.
• Website analytics. When you visit drais.app, Google Analytics (GA4) collects page views, an approximate location derived from IP, browser/device type, referring URL and session duration — only after you accept the cookie notice.

We do not sell personal data. We do not use bike, ride, maintenance, or device data for targeted advertising profiling, creating audience segments sold to marketers, or sharing data with ad partners.

• To create and secure your account.
• To store, sync and display your bikes, parts, rides, gear, maintenance and costs.
• To calculate component mileage, wear estimates, service reminders and ownership insights.
• To provide community, chat, marketplace, club and group ride features when you use them.
• To connect optional integrations you authorize.
• To respond to support, security and privacy requests.
• To improve reliability, prevent abuse and meet legal obligations.

• Contract. To deliver the Drais app and account features you request.
• Consent. For optional integrations, certain communications and website analytics (Google Analytics) when you accept the cookie notice.
• Legitimate interests. To secure the service, prevent fraud, understand app reliability and improve product quality.
• Legal obligation. When we must retain or share limited information to comply with applicable law.

If you connect a third-party service (such as an activity tracker), Drais only imports the data necessary for the feature you authorize — distance, date, duration and linked gear where available. Drais uses this data to update ride history, bike mileage, component wear and maintenance reminders. Drais does not write activities back to activity trackers and does not sell or share activity tracker data for advertising.

Strava. When you connect Strava, Drais requests the following OAuth scopes with your explicit consent on Strava's authorisation screen:

• profile:read_all — your Strava athlete profile (name, profile photo, and bikes/gear registered on your Strava account).
• activity:read — your activity list and summaries (distance, date, duration, gear used). This is the default.
• activity:read_all — requested only if you opt in to importing your private activities. If you do not opt in, Drais uses activity:read only and cannot see activities you have marked private on Strava.

When you open an imported ride, Drais fetches that activity's detail from Strava. That detail can include heart rate, power, cadence, energy, suffer score, achievement and PR counts, the GPS route (map polyline), and the recording device. This is your own Strava data, shown only to you, and cached transiently — raw Strava records are purged automatically after no more than 7 days.

Drais uses your Strava data solely to (1) maintain your bike mileage automatically when a Strava activity logs mileage against a linked bike, and (2) populate your Drais ride timeline and inform maintenance schedules. We do not use your Strava data, or any data derived from it, for artificial-intelligence or machine-learning training, evaluation, grounding, embeddings, retrieval, or operation; for analytics, customer-insight generation, product improvement, benchmarking, advertising, or resale; or for disclosure to any person other than you. Strava may monitor and collect usage data related to Drais's use of the Strava API — see the Strava API Policy.

Strava-derived mileage. The component-wear mileage Drais calculates from your Strava activities is kept only while your Strava connection is active. When you disconnect or revoke access, this derived mileage is deleted or recalculated from your non-Strava data within 48 hours. Strava access and refresh tokens are stored securely server-side (not on your device and never in app builds) and are deleted when you disconnect or revoke access.

Disconnect and deletion. You can withdraw consent and remove all Strava data at any time via Profile → Connected Apps → Disconnect. This revokes Drais's access at Strava, deletes your tokens, removes rides imported from Strava, and deletes or recomputes any Strava-derived mileage. You can also revoke access directly in Strava's app settings — Drais receives an automatic deauthorisation notification and deletes your Strava data within 48 hours. To confirm deletion, contact us at info@drais.app.

Strava and the Strava marks are trademarks of Strava, Inc. Drais uses these marks under the Strava API Agreement and Strava Brand Guidelines solely to identify Strava as the source of imported activity data. Drais is not affiliated with, endorsed by, or sponsored by Strava, Inc.

You can disconnect integrations in the app at any time. If you revoke access through an external provider, Drais stops using that connection and deletes tokens in accordance with the provider's deauthorization flow and our retention periods.

Drais stores core data locally on your device and syncs it with cloud infrastructure so that your account works across multiple devices. We use service providers for hosting, authentication, database, storage, support, security and diagnostics: Supabase (auth, database, storage), PowerSync (offline sync), Sentry (crash reporting) and Resend (email delivery). We have executed Data Processing Agreements (DPAs) with all processors as required under GDPR Article 28, ensuring they commit to appropriate security measures.

Sentry processes crash logs, stack traces and device context (model, OS, app version). Sensitive fields — access tokens, refresh tokens, encrypted payloads, GPS coordinates and chat messages — are stripped before transmission. Crash data is processed on Sentry infrastructure in the EU (Frankfurt) or the US.

Open-Meteo provides weather forecasts for ride planning features. When the app needs a forecast, we send your approximate latitude and longitude to the public API. No account identifier, device identifier or API key is sent along. Open-Meteo states that it does not log personal data.

Depending on your location and infrastructure availability, data may be processed in the EEA, the US or other regions where our providers operate. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions as approved by the European Commission. Where these are unavailable, we implement additional technical and organisational safeguards.

We retain account and app data for as long as your account is active or as long as needed to provide the service. You can delete your account in the app or via info@drais.app. Data on your device is erased at the time of deletion. Server-side account records are deleted or anonymized within 30 days unless a longer period is required by law. Backup copies expire as backups rotate.

Crash logs and diagnostics (Sentry) are retained for up to 90 days and then automatically deleted.

Depending on where you live, and if GDPR applies, you may have the right to access, rectify, erase, restrict, export or object to processing of your personal data. You may also withdraw consent where processing is based on consent.

You can withdraw consent for optional processing (analytics, integrations) via Settings → Privacy → Consent in the Drais app, or by emailing info@drais.app.

To exercise other rights, email info@drais.app and we will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

Drais is not intended for children under 16. If you believe a child has provided personal data without appropriate consent, please contact us so we can review and remove it.

We may update this policy as Drais evolves. Material changes will appear on this page and, where appropriate, in the app.