Privacy Policy

Last updated: 11 February 2026

Pedal Chronicle ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use pedalchronicle.com (the "Service").

This Service is currently operated by an individual based in Australia.

If you have any questions about this policy or your data, contact us at: privacy@pedalchronicle.com

1. Information We Collect

1.1 Information You Provide

We may collect:

• Waitlist: Email address
• Account Information: Email address; authentication details (handled by Amazon Cognito)
• Bike & Component Data: Bicycle details; component information; usage thresholds and alerts

1.2 Information from Strava

If you connect your Strava account, we collect and store:

• Strava athlete ID
• Gear ID
• Ride distance
• Access and refresh tokens (to maintain your connection)

We do not store:

• Ride titles
• GPS maps
• Locations
• Activity notes

Strava data is used solely to update component usage in Pedal Chronicle.

1.3 Automatically Collected Data

We collect limited technical information:

• IP address
• Browser and device information
• Pages visited
• Usage events

This is collected via Google Analytics for product improvement and performance monitoring. Authentication sessions may use cookies or local storage managed by Amazon Cognito. We do not set marketing cookies ourselves.

2. How We Use Your Information

We use your data to:

• Operate and maintain the Service
• Manage accounts and authentication
• Update component usage based on Strava activity
• Send important service emails
• Notify you of component alerts
• Communicate during the waitlist period
• Improve product performance and reliability
• Process payments (when subscriptions are introduced)

We do not sell your personal data.

3. Legal Basis for Processing (GDPR)

If you are located in the EU/UK, we process personal data under the following lawful bases:

• Consent - waitlist signup, Strava connection
• Contract - providing the Service
• Legitimate interests - product improvement, security, analytics
• Legal obligations - compliance with applicable laws

4. Disclosure of Information

We may share your information with:

Service Providers

• Amazon Web Services (hosting and infrastructure)
• Amazon Cognito (authentication)
• Google Analytics (usage analytics)
• Stripe (payment processing - when implemented)
• Email delivery services (for account and service emails)

Legal Requirements

• Where required by law or legal process
• To protect our legal rights
• To prevent fraud or abuse

We do not share your data with advertisers.

5. Data Storage and Security

Your data is stored on infrastructure hosted by Amazon Web Services (AWS).

We take reasonable steps to protect your information using:

• Encryption in transit
• Secure credential handling
• Access controls
• Industry-standard security practices

No system is 100% secure, but we actively work to safeguard your data.

6. International Data Transfers

Your data may be processed or stored outside Australia (e.g. AWS or Google infrastructure in other regions). Where applicable, we take reasonable steps to ensure appropriate safeguards are in place for international transfers.

7. Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Withdraw consent
• Object to certain processing
• Lodge a complaint with a regulator

You can request deletion of your account and associated data by contacting privacy@pedalchronicle.com.

Data export functionality is not yet available, but we can assist with reasonable access requests.

8. Retention

We retain personal information only as long as necessary to:

• Provide the Service
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Waitlist emails will be deleted upon request or after they are no longer required.

9. Children's Privacy

Pedal Chronicle is not directed at children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Third-Party Services

Pedal Chronicle integrates with third-party services, including:

• Strava
• Google Analytics
• Stripe (planned)
• Amazon Cognito

We are not responsible for third-party privacy practices.

11. Cookies

We do not use marketing cookies. Authentication and analytics tools may use cookies or local storage to maintain login sessions and measure site usage. You can control cookies via your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date. If changes are material, we will notify users where reasonable.

13. Contact

Privacy enquiries can be sent to: privacy@pedalchronicle.com