1. Information We Collect
We collect the following information when you use Motusphere:
- Account information: name, email address, and password (or OAuth profile data when signing in with Google).
- Profile information: bio, location, riding style, years riding, and profile photo.
- Ride and route data: GPS waypoints, distance, elevation, duration, and GPX files you upload or create.
- User-generated content: posts, comments, photos, marketplace listings, and event details.
- Payment information: billing details processed securely by Stripe. We do not store your full card number.
- Usage data: pages visited, features used, and device/browser information collected automatically.
2. How We Use Your Information
- To operate and improve the Motusphere platform (route planning, feed, marketplace, events).
- To personalise your experience, including route suggestions and feed content.
- To send transactional emails (account verification, password resets, ride notifications).
- To process payments and manage subscriptions.
- To enforce our Terms of Service and protect users.
We do not sell your personal information to third parties.
3. Third-Party Services
We share data with the following service providers solely to operate Motusphere:
- Stripe -- payment processing for subscriptions and marketplace transactions.
- Cloudinary -- image hosting and optimisation for photos you upload.
- Mapbox -- map rendering, route display, and geocoding.
- Google -- OAuth authentication (Sign in with Google).
- Resend -- transactional email delivery.
- Neon -- database hosting (PostgreSQL).
- Vercel -- application hosting and analytics.
Each provider processes data in accordance with their own privacy policy. We only share the minimum data required for each service to function.
4. Cookies
We use a single secure, HTTP-only session cookie to keep you logged in. We do not use tracking, advertising, or third-party analytics cookies.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it. Anonymised, aggregated data (e.g. route popularity statistics) may be retained indefinitely.
6. Security
Passwords are hashed using bcrypt. Sessions are secured with signed tokens transmitted only over HTTPS. All data in transit is encrypted via TLS. We take reasonable technical and organisational measures to protect your data, but no system is 100% secure.
7. Your Rights
- Access: You can view all your data from your profile and settings pages.
- Export: You can request an export of your data by contacting us.
- Correction: You can update your information from your settings page at any time.
- Deletion: You can delete your account from Settings. This removes your profile, posts, and personal data.
8. PIPEDA Compliance (Canadian Users)
Motusphere complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We collect, use, and disclose personal information only with your knowledge and consent, for purposes a reasonable person would consider appropriate. You may withdraw consent at any time by deleting your account or contacting us.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via email or an in-app notice. Continued use of Motusphere after changes constitutes acceptance.
10. Contact
For privacy questions or to exercise your data rights, contact us at privacy@motusphere.app.
