Data Protection & Privacy Policy

Brevet Cycling is a free, non-profit application for cycling enthusiasts. This Privacy Policy details how we handle your personal data in compliance with the GDPR.

1. Controller

Brevet Cycling is operated as a personal, non-commercial project. Contact details are available on our Impressum page.

2. Data We Collect

• Account data: Email address (used for login via one-time password)
• Profile data: Display name, country, weight, avatar (voluntarily provided)
• Ride data: Power, heart rate, speed, distance, elevation — recorded during virtual rides
• Connected services: OAuth tokens for Strava, Google Calendar, and Spotify (stored server-side, revocable at any time)

3. How We Use Your Data

• Authenticate your account
• Display your ride statistics, leaderboard rankings, and fitness tracking
• Sync training plans to Google Calendar (only when you explicitly connect)
• Upload rides to Strava (only when you explicitly connect)

4. Third-Party Services

We integrate with Strava, Google Calendar, and Spotify. When you connect these services, we store OAuth tokens to act on your behalf. You can disconnect at any time from the Connections page, which deletes all stored tokens.

5. Data Storage

All data is stored on our self-hosted server in Germany. We do not sell or share your data with third parties.

6. Your Rights (GDPR)

You have the right to access, correct, delete, or export your personal data. Contact us via the email on our Impressum page.

7. Cookies

We use a session cookie for authentication. No tracking or advertising cookies are used.

8. Changes

We may update this policy. Changes will be posted on this page.

Back to Brevet Cycling