WatchMyBike

Privacy Policy

WatchMyBike

Last Updated: December 27, 2025

Introduction

WatchMyBike ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at watchmy.bike (the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

Personal Information You Provide

When you create an account and use our Service, we may collect:

  • Account Information:Email address, username, password (encrypted)
  • Profile Information:Display name, profile photo, custom URL/username, location (optional)
  • Bike and Component Data:Bike details (make, model, year), component information, usage data, maintenance records, replacement schedules
  • Documents:Manuals, warranties, purchase receipts you choose to upload
  • Communication Data:Messages you send to our support team

Information Collected Automatically

  • Usage Data:Pages visited, features used, time spent on the Service, click patterns
  • Device Information:Browser type, operating system, device identifiers, IP address
  • Cookies and Similar Technologies:Session cookies, authentication tokens, preference settings

Third-Party Integration Data

When you connect third-party services:

Strava Integration:

If you connect your Strava account, we access and store:

  • Your Strava activities (rides)
  • Activity data (distance, date, duration, route data if applicable)
  • Basic Strava profile information (name, profile photo)
  • We only access data you explicitly authorize through Strava's OAuth process

AI Assistant (in-app chat):

When you use the in-app chat at /chat, we send the following to our AI provider (OpenRouter, which routes requests to model providers such as Anthropic) so it can respond:

  • The messages you type
  • The conversation history of the active chat (so replies have context)
  • Results of tool calls the assistant makes on your behalf — e.g. when you ask "list my bikes", the list of your bikes is sent so the assistant can summarise it

Your full WatchMy.bike data is not uploaded — only the specific records the assistant needs to answer your current question. Your chat conversations are stored in our database under your account so you can revisit them; you can delete any conversation at any time from the chat sidebar. The chat is rate-limited per plan (see Pricing) and is not used to train third-party models.

Connecting an external AI client via the Model Context Protocol (MCP) at mcp.watchmy.bike uses OAuth — the third-party AI service (e.g. Claude Desktop, ChatGPT) accesses your data on your behalf under their own privacy policy. We do not receive your messages from those clients.

How We Use Your Information

We use the information we collect to:

  • Provide the Service:Track components, calculate usage, send maintenance alerts
  • Sync with Strava:Automatically update component usage based on your rides
  • AI Assistant:Power the in-app chat at /chat — only when you actively send a message — by forwarding your prompt and the relevant gear data to our AI provider so it can answer
  • Communicate:Send service notifications, maintenance alerts, and respond to inquiries
  • Improve the Service:Analyze usage patterns, fix bugs, develop new features
  • Security:Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance:Comply with applicable laws and legal obligations

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:

  • Contract Performance:Processing necessary to provide the Service you requested
  • Legitimate Interests:Improving our Service, security, and fraud prevention
  • Consent:When you opt-in to optional features like Strava integration or public profiles
  • Legal Obligation:When required by law

How We Share Your Information

Public Information

If you enable a public profile:

  • Your bike builds, components, and public profile information are visible to anyone with your profile URL
  • You control what information is public through your privacy settings

Third-Party Service Providers

We share data with trusted service providers who assist us:

  • Supabase: Database hosting and authentication (see Supabase Privacy Policy)
  • Cloudflare: Hosting, CDN, and security services (see Cloudflare Privacy Policy)
  • Strava: When you connect your account (see Strava Privacy Policy)
  • OpenRouter: AI gateway that routes in-app chat requests to underlying model providers (e.g. Anthropic). Only used when you actively send a message in the in-app chat at /chat. See OpenRouter Privacy Policy.

These providers are contractually obligated to protect your data and use it only for providing services to us.

Legal Requirements

We may disclose your information if required by law, court order, or to:

  • Comply with legal process
  • Enforce our Terms of Service
  • Protect rights, property, or safety of WatchMyBike, users, or others
  • Detect and prevent fraud or security issues

Data Storage and Security

Where We Store Data

  • Database:Supabase (cloud-hosted PostgreSQL)
  • Hosting:Cloudflare Pages
  • Uploaded Documents:Cloud storage (encrypted)

Your data may be transferred to and stored on servers located outside your country of residence, including the United States. By using the Service, you consent to this transfer.

How We Protect Data

We implement appropriate technical and organizational security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted password storage (hashing)
  • Database access controls
  • Regular security updates and monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your information.

Data Retention

We retain your information for as long as:

  • Your account is active
  • Necessary to provide the Service
  • Required by law

When you delete your account:

  • Personal information is deleted within 30 days
  • Some information may be retained for legal compliance, dispute resolution, or fraud prevention
  • Publicly shared content may remain in backups for up to 90 days

Your Privacy Rights

Depending on your location, you may have the following rights:

General Rights

  • Access:Request a copy of your personal data
  • Correction:Update inaccurate or incomplete information
  • Deletion:Request deletion of your account and data
  • Export:Download your data in a portable format
  • Opt-out:Unsubscribe from marketing emails (service emails may still be sent)

GDPR Rights (EEA Residents)

  • Right to restriction:Limit how we use your data
  • Right to object:Object to processing based on legitimate interests
  • Right to withdraw consent:Withdraw consent at any time
  • Right to lodge a complaint:File a complaint with your data protection authority

CCPA Rights (California Residents)

  • Right to know:What personal information we collect and how it's used
  • Right to delete:Request deletion of your information
  • Right to opt-out:Opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination:Equal service regardless of exercising privacy rights

How to Exercise Your Rights

To exercise any of these rights:

  • Visit your account settings for direct access to many features
  • Email at: marien@watchmy.bike
  • We will respond within 30 days

Cookies and Tracking Technologies

We use cookies and similar technologies:

  • Essential Cookies:Required for authentication and core functionality
  • Preference Cookies:Remember your settings and preferences
  • Analytics Cookies:Understand how you use the Service (if implemented)
  • Anonymous Session Cookie (wmb_anon_id):A short-lived (30-day) UUID we set on marketing pages when you start adding a bike before creating an account. We use it solely to tie that draft to your account if you sign up. It contains no identifying information and is not used to track you across other websites.

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes (if you have an account)

Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy:

Email: marien@watchmy.bike

For GDPR-related requests: Include "GDPR Request" in your subject line

For CCPA-related requests: Include "CCPA Request" in your subject line

Summary of Key Points

  • We collect information you provide (account, bikes, components) and from Strava if you connect it
  • We use your data to provide component tracking and maintenance alerts
  • You can make your profile public or keep it private
  • We use Supabase and Cloudflare for hosting
  • We do not sell your personal information
  • You can request your data, correct it, or delete your account
  • We protect your data with industry-standard security measures
  • Contact marien@watchmy.bike for privacy questions

Cookie Preferences

We use cookies to enhance your experience and analyze site traffic. You can customize your preferences or accept all cookies.