At Cyclonauts, accessible from https://cyclonauts.net, one of our main priorities is the privacy of our visitors and users. This Privacy Policy document contains types of information that is collected and recorded by Cyclonauts and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

The data protection officer of Cyclonauts is Marko Schilde and can be reached at [email protected]

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect and process

Data that is collected when you create an account

We ask you to provide us with an email address, a Strava Oauth authorization and either a Google Oauth authorization or a password. In addition we automatically create and store a username and avatar image for you.

The email address is verified before being used, unless it was already verified by a trusted 3rd party such as Google. It serves as your primary identifier and is used to send you notifications. Due to the nature of this service many processes happen in the background and we need to be able to contact you when the computation is finished.

Passwords, if provided are securely hashed. Only the hashes are stored in the database.

If you chose to base authentication on your Google account, we store the authorization tokens and use them to retrieve your Google profile info such as email address, username and profile picture. This data is used to initially seed your Cyclonauts user account.

If you chose to base authentication on email/password, we access you Strava athlete profile and seed your Cyclonauts user account with the Strava profile data.

Strava 3rd party authorization

By authorizing Cyclonauts to access your Strava account, we gain access to your activities, segments, athlete profile and other data. We use this data to analyze and compute statistics about your cycling activities, in compliance with the Strava API agreements.

Both past and future activities are processed, until the authorization is revoked or you delete your Cyclonauts account.

None of your private Strava data (such as raw GPS tracks, private segments etc.) is shared with 3rd parties or made public without your consent.

Data that is collected when you use the website

When you visit our website, we collect the data your browser sends when requesting a resource from our server.

We use this data to analyze and improve our website and services.

Cookies

This website uses cookies to improve your experience while you use the service. Cookies are used to store your user session and cache data locally on your device.

Emails

We use a 3rd party email service provider to send emails to you. This provider may track engagement activity related to emails sent on our behalf, such as opens, clicks and unsubscribes.

Data Storage and Security

Your data is stored on a server in the European Union. We take all reasonable steps to protect your data from unauthorized access, loss, misuse, alteration or destruction.

Data is encrypted in transit and at rest using industry standards such as TLS. Passwords are never stored in plain text.

Retention of Personal Data

We will retain your personal data as long as your account is considered active. You can deactivate your account and delete all associated data at any time, either through this website or by email.

Please see also your rights under the GDPR or CCPA below.

Third Party Privacy Policies

Cyclonauts' Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

Third Party Data Disclosure

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties, unless a) required by law, b) to enforce our site policies, c) to protect ours or others' rights, property, or safety or d) to implement critical service functionality using a 3rd party service provider.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Cyclonauts does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Privacy Policy Updates

We may update our Privacy Policy from time to time to address changes in law or our product offerings. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

This policy is effective as of 2022-11-15