Back to home

Privacy Policy

Last updated: 2026‑01‑28

PedalCrew ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use the PedalCrew mobile application.

GDPR Compliance: If you are located in the European Union, you have specific rights regarding your personal data under the General Data Protection Regulation (GDPR).

Data Controller

The data controller responsible for your personal data is:

BiGi Development
Email: developmentbigi@gmail.com
Location: Slovenia, European Union

What Data We Collect

Account Information

  • Google Account Data: When you sign in with Google, we receive your unique user ID (UID), email address, display name, and profile photo URL.
  • Profile Information: Preferred cycling pace, home city (optional).

Usage Data

  • Ride Data: Rides you create or join, including title, description, date/time, meeting location coordinates, route information, and participant lists.
  • Activity & Statistics: Points earned, badges, ride history, and participation records.
  • Comments & Feedback: Any comments you post on rides or feedback you submit.

Location Data

  • Meeting Points: When you create a ride or Quick Beacon, you may share your location to set a meeting point. This location is stored with the ride.
  • No Background Tracking: We do not track your location in the background. Location is only accessed when you actively use location-based features.

Technical Data

  • Crash Reports: If the app crashes, anonymized diagnostic data is sent to Firebase Crashlytics to help us improve stability.
  • Analytics (Optional): If you opt in during onboarding, anonymous usage events (e.g., screen views, feature usage) are collected via Firebase Analytics. Analytics is disabled by default.
  • Push Notification Tokens: Device tokens for sending push notifications about ride updates.

How We Use Your Data

  • To provide and operate the PedalCrew service.
  • To authenticate your account and maintain your session.
  • To display rides, participants, and activity feeds.
  • To send notifications about rides you've joined or created.
  • To improve app stability and fix bugs (via crash reports).
  • To understand usage patterns and improve features (if analytics enabled).

Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to provide the PedalCrew service you requested.
  • Consent: Analytics data collection (opt-in only).
  • Legitimate Interests: Crash reporting for app stability and security.

Data Sharing & Third Parties

We use the following third-party services to operate PedalCrew:

  • Google Firebase: Authentication, database (Firestore), file storage, push notifications (FCM), crash reporting (Crashlytics), and optional analytics.
  • Google Sign-In: For account authentication.
  • OpenStreetMap: For displaying maps (tile requests made directly from your device).

We do not sell your personal data to third parties. We do not share your data with advertisers.

Data Retention

  • Active Accounts: Your data is retained as long as your account is active.
  • Inactive Accounts: If your account is inactive for 2 years, we will send you an email notification. If you do not respond within 30 days, your account and personal data will be deleted.
  • Deleted Accounts: When you delete your account, your personal data is removed immediately. Some data may be retained in backups for up to 30 days.
  • Crash & Analytics Data: Follows Firebase retention policies (typically 90 days to 14 months).

Your Rights (GDPR)

If you are in the European Union, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Delete your account and associated data (Settings → Delete account).
  • Restriction: Request limiting how we use your data.
  • Portability: Receive your data in a structured format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: Disable analytics at any time in Settings.

To exercise these rights, contact us at developmentbigi@gmail.com.

Your Choices

  • Analytics: Opt in or out during onboarding or anytime in Settings.
  • Location: Grant or revoke location permission in your device settings.
  • Notifications: Enable or disable push notifications in Settings.
  • Account Deletion: Delete your account and all associated data anytime via Settings → Delete account.

Data Security

We use industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS).
  • Firebase Security Rules to control data access.
  • Secure authentication via Google Sign-In.

Children's Privacy

PedalCrew is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to have it removed.

International Transfers

Your data is processed by Firebase services which may store data in data centers outside the European Union. Google Firebase complies with GDPR requirements for international data transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated through the app or email. The "Last updated" date above reflects the most recent version.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

developmentbigi@gmail.com