1. Data Controller

Your personal data is processed by Velopod ("Velopod", "we", "us", "our"), operating from Portugal, European Union. ​Our Services are intended for adults. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a minor's data has been submitted to us, please contact us immediately so we can delete it.

​

2. Data We Collect

We collect information that directly and indirectly identifies you. Most of this is provided by you directly when you sign up and use our Services.

​

When you register, we collect:

• Name, email address, password

• Location (city/region), nationality

• Gender, date of birth

• Profile photo and biography (optional)

• Cycling preferences (road, MTB, gravel, etc.) and fitness goals

​

When you use the platform, we collect:

• Cycling routes, activities, rides attended or organised

• Posts, comments, likes, and group memberships

• Messages sent via the in-app chat feature

• Club or group affiliations (where applicable, provided by a club administrator who is responsible for obtaining appropriate consent)

​

When you browse the platform, we collect automatically:

• IP address, browser type, device model and operating system

• Login dates, pages visited, time spent on pages

• GPS/location data when you use location-enabled features (you can disable this at any time in your device settings)

​

Important: Velopod does not collect or process biometrics or health data, such as heart rate, power output (watts), or medical conditions. If you connect a third-party service (like Strava), we only sync the activity metadata you explicitly authorize, excluding any health-related metrics. We do not sell your personal data to third parties.

​

3. How We Use Your Data

We use your personal data to:

​

• Create and manage your account and profile

• Provide, personalise and improve our Services

• Show nearby cycling activities, routes, clubs and events relevant to your location

• Allow you to organise, join or discover cycling rides, events and groups

• Enable communication between users (messaging, notifications)

• Send you service updates, platform news, and relevant cycling content (with your consent)

• Process payments for premium features or partner offers

• Perform analytics to monitor and improve the platform

• Comply with legal obligations and defend legal claims

​

Legal bases for processing (GDPR Art. 6):

​

• Consent — for marketing, optional features, and location sharing

• Contract performance — to deliver the Services you signed up for

• Legal obligation — to comply with applicable EU/Portuguese law

• Legitimate interests — for platform analytics, fraud prevention, and service improvement

​​

4. Who We Share Your Data With

We share data only with trusted service providers who help us operate Velopod, bound by confidentiality and data processing agreements:

​

Provider Purpose / Cloud hosting provider (e.g. AWS/EU region) / Data hosting and storage /

Mapbox or equivalent / Map and route display / Stripe Payment processing (we do not store card details) / Mailchimp or equivalent / Email communications / Google Firebase / Analytics / Analytics and crash reporting / Bettermode Community platform infrastructure.

 

We may also share data with legal authorities when required by law, or with professional advisers (lawyers, auditors) bound by confidentiality. We will never sell your data to third parties for marketing or commercial purposes.

​

5. Public Profile & Community Features

When you participate in rides, events or groups on Velopod:

​

• Your public profile (name, photo, cycling interests) is visible to other users

• Your approximate location (within a randomized radius, not your exact address) may be shown to nearby users when searching for rides

• Posts, comments and ride history you share publicly are visible to the community

• Your exact home address or precise GPS location is never disclosed to other users​

​

6. Data Retention

We retain your personal data for as long as necessary to provide our Services. Upon account deletion:

​

• Your profile and activity data are deleted within 30 days

• Essential identification and transaction data may be retained for up to 3 years to comply with legal obligations or defend legal claims

• Anonymized/aggregated data (not identifying you) may be retained for analytics purposes indefinitely.

​

7. Data Storage & Transfers

Your data is primarily stored on secure servers within the European Economic Area (EEA). However, some of our technical service providers may process data in countries outside the EEA (such as the United States). In such cases, we ensure a high level of protection by entering into Standard Contractual Clauses (SCCs) approved by the European Commission with these providers, ensuring your data receives the same protection it has within the EU.

​

8. Your Rights (GDPR)

As a user based in the EU, you have the right to:

​

• Access — obtain a copy of your personal data

• Rectification — correct inaccurate data

• Erasure ("right to be forgotten") — request deletion of your data

• Restriction — limit how we process your data

• Portability — receive your data in a machine-readable format

• Objection — object to processing based on legitimate interests

• Withdraw consent — at any time, without affecting prior processing

​

To exercise your rights or ask questions about your data, please contact us via our CONTACT FORM. We will respond to all verified requests within 30 days. We will respond within 30 days (extendable by 2 months in complex cases, with notice). You also have the right to lodge a complaint with the Portuguese data protection authority: CNPD – Comissão Nacional de Proteção de Dados. Website: www.cnpd.pt | Tel: +351 21 392 84 00

​

9. Cookies

We use cookies and similar technologies to operate and improve our Services. You can manage cookie preferences via your browser settings.

​

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse — including encryption of sensitive data and access controls. No method of internet transmission is 100% secure, and we cannot guarantee absolute security. We have breach notification procedures in place and will notify you and the CNPD as required by law.

​

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, technical providers, or applicable law.

​

• Minor Changes: For non-material updates (such as correcting typos or updating service provider categories), we will post the revised policy on this page.

• Significant Changes: If we make material changes that affect your rights or how we use your personal data, we will provide a prominent notice within the Velopod Community, app or via email before the changes take effect.

​

By continuing to use our Services after being notified of a material change, you acknowledge that you have read and understood the updated terms. If you do not agree with the changes, you may close your account at any time via the account settings.