PRIVACY POLICY

Effective Date: June 15, 2026

YOUR PRIVACY IS IMPORTANT TO US

We are committed to protecting your privacy and handling your personal information responsibly. We collect personal information to operate our platform and provide navigation, weather forecasting, route planning, and related services to motorcyclists worldwide.

Your use of the Services is governed by this Privacy Policy and our Terms of Service. By using epicride.ai, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

PERSONAL INFORMATION WE COLLECT

We collect personal information that can identify you or be associated with you, including but not limited to:

Contact and Account Information

• Name (first and last name)
• Email address
• Telephone number
• Date of birth
• Emergency contact information (name, phone number, relationship)
• Unique personal identifier/customer number
• Online username or alias

Location and Riding Data

• GPS coordinates and geolocation data
• Routes created, saved, and navigated
• Navigation session data (start/end times, speed, duration)
• Route history and riding patterns
• Waypoints and points of interest
• Location tracking data during active rides

Vehicle and Riding Preferences

• Motorcycle make, model, year, and license plate
• Vehicle specifications (engine size, weight, type)
• Riding style and experience level
• Rider profile (tourer, sport, cruiser, adventure)
• Weather and risk tolerance preferences
• Scenic bias and route preferences
• Motorcycle license information (optional)

Biometric and Health Data (Optional)

If you choose to connect a wearable device (such as an Oura Ring) or Apple Health (HealthKit), we collect the following health and fitness data to provide personalized ride timing and readiness insights. Apple Health data is read on-device, only with your explicit permission, and we never access clinical or medical records:

• Readiness scores: Daily readiness, sleep quality, and activity scores
• Sleep metrics: Total sleep duration, deep sleep, REM sleep, sleep efficiency
• Heart rate data: Resting heart rate, heart rate variability (HRV)
• Recovery indicators: Body temperature deviation, respiratory rate
• Activity metrics: Daily steps, calories burned, activity duration
• Provider metadata: OAuth tokens (encrypted), provider user ID, sync timestamps

Your Control: You can disconnect your wearable device at any time from your Garage → Personal Info settings. Upon disconnection, you may optionally request deletion of all stored biometric data. We never use your health data for advertising. We share it only with: (a) your wearable provider, for syncing; and (b) Google's Gemini API, which receives a summary of your readiness metrics (such as sleep duration, HRV, and resting heart rate) solely to generate your written riding recommendation — this is processed under Google's API terms and is not used to train Google's models.

How We Use This Data: Biometric data is used exclusively to:

• Recommend optimal ride timing based on your recovery and readiness
• Provide warnings when readiness is low to promote safety
• Learn your personal patterns (e.g., "you ride best in mornings")
• Track recovery after rides to optimize future planning
• Display biometric context in your ride history and analytics

Data Security: All biometric data is encrypted at rest and in transit. OAuth tokens are encrypted using AES-256-GCM. We comply with applicable health data regulations including HIPAA (where applicable), GDPR, and Swiss nFADP.

Data Retention: Biometric and readiness data is retained while your account is active and your wearable is connected. It is deleted when you disconnect the wearable, delete your account, or request deletion at any time.

Content You Provide

• Content you create, upload, or share — such as photos, messages, or information about rides and routes you choose to share with others

Technical and Analytics Information

• IP address
• Device identifiers (UUID)
• Browser type and version
• Operating system
• Screen resolution and device type
• Pages viewed and actions taken
• Access times and visit duration
• Referral sources
• Log file information
• App crash reports and software error logs, via Sentry (if enabled) — diagnostics about the app, not motorcycle or traffic incidents; may include your account identifier and email
• App usage patterns and feature interactions
• Cookies, web beacons, and tracking technologies

HOW WE COLLECT INFORMATION

Information You Provide Directly

We collect information when you:

• Create an account or update your profile
• Plan, save, or navigate routes
• Enter personal information, emergency contacts, or vehicle details
• Create, upload, or share content within the app
• Contact customer support or request technical assistance
• Participate in surveys, promotions, or beta testing
• Connect a wearable device or other third-party service
• Communicate with us via email, chat, or other channels

Information Collected Automatically

When you use our Services, we automatically collect:

• GPS location data when you use navigation features
• Device and browser information
• Pages viewed, features used, and actions taken
• Time spent on pages and within the app
• Referral sources and exit pages
• Search queries and interactions
• Weather API requests and responses
• Route generation and optimization data

Cookies and Tracking Technologies

We use cookies, web beacons, tracking pixels, and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Cookies are small data files stored on your device that help us:

• Remember your preferences and settings
• Provide personalized route recommendations
• Analyze platform performance and user behavior
• Maintain security and prevent fraud

You can manage cookie preferences through your browser settings at aboutcookies.org or allaboutcookies.org.

Product Analytics (PostHog)

We use PostHog to understand how riders interact with the app — screens viewed, features used, device and usage patterns — so we can improve it. These events are linked to your account identifier. PostHog is a privacy-focused product-analytics provider, and we do not use it for advertising.

PostHog's processing is governed by the PostHog Privacy Policy. You can opt out of analytics in Settings > Legal & Privacy.

Third-Party Services

We integrate with third-party services that may collect information:

• Mapping & navigation (Google Maps Platform): location and route data for maps, geocoding, routing, and navigation
• AI provider (Google): route/location data and related inputs to power AI-assisted features
• Weather data providers: location coordinates to retrieve forecasts and conditions
• Analytics & crash reporting (PostHog, Sentry): usage and diagnostic data to operate and improve the app
• Resend: your email address, to send sign-in codes
• Expo: push-notification delivery
• Oura / Apple Health (if connected): wearable biometric data
• Apple: app distribution (App Store / TestFlight) and push delivery (APNs)

These services have their own privacy policies and may collect data independently.

HOW WE USE YOUR PERSONAL INFORMATION

Core Platform Services

• Navigation: Provide turn-by-turn directions, route planning, and waypoint management
• Weather Forecasting: Deliver real-time weather data, alerts, and riding condition assessments
• Route Optimization: Generate scenic routes, avoid hazards, and optimize for weather conditions
• Safety Features: Store emergency contacts for potential use in accidents or emergencies

Personalization and Machine Learning

• Personalize your experience based on your preferences and riding history (if machine-learning personalization is enabled)
• Generate AI-assisted descriptions and summaries
• Use aggregated, de-identified data to improve our services

Analytics and Improvement

• Analyze platform usage to improve features and user experience
• Monitor performance, stability, and error rates
• Conduct research and development for new features
• Generate anonymized insights about riding trends and patterns

Security and Fraud Prevention

• Detect and prevent fraudulent activities
• Verify user identities and prevent unauthorized access
• Protect against security threats and vulnerabilities
• Investigate and respond to user reports and violations

Communication

• Send important updates about your account and rides
• Provide customer support and respond to inquiries
• Notify you about severe weather alerts relevant to your routes
• Send platform updates, new features, and announcements (if opted in)

Aggregated and De-identified Information

We may aggregate or de-identify your information so it can no longer be linked to you personally. This anonymized data may be used for any purpose, including research, analytics, and sharing with third parties to improve motorcycle safety and riding experiences.

HOW WE SHARE YOUR PERSONAL INFORMATION

Public Information

Certain information you provide is publicly visible by default or upon your action:

• Shared Routes: Routes you share are accessible via public links
• Content you share: Content you choose to make public or share with others may be visible to them

You control what you share publicly. Do not post sensitive personal information you don't want others to see.

Service Providers

We share information with trusted service providers who help us operate the platform:

• Cloud hosting and infrastructure providers
• Database and storage services
• Payment processors (for future paid features)
• Email and communication services
• Analytics and monitoring tools
• Customer support platforms

These providers are contractually obligated to use your information only for providing services to us and must protect it according to this Privacy Policy.

Third-Party APIs and Integrations

We share necessary information with third-party APIs to provide features:

• Mapping & navigation (Google Maps Platform): location and route coordinates for geocoding, routing, maps, and navigation
• AI provider (Google): route/location data and related inputs, processed to generate AI results (not used to train Google's models on the paid API tier)
• Weather data providers: location coordinates to retrieve forecasts and conditions
• Resend: your email address, to send sign-in codes
• Expo: your push token, to deliver notifications

These third parties are governed by their own privacy policies.

Legal Compliance and Protection

We may disclose your information when required by law or to protect our rights:

• To comply with legal obligations, court orders, or government requests
• To enforce our Terms of Service and other agreements
• To protect the rights, property, and safety of epicride.ai, our users, or the public
• To detect, prevent, or address fraud, security, or technical issues
• In connection with emergency services if we believe there is a safety threat

Emergency Situations

In the event of an accident or emergency during a ride, we may share your emergency contact information with first responders, medical personnel, or authorities to facilitate assistance. This sharing occurs only when we have a reasonable belief that it is necessary for safety purposes.

Business Transactions

If epicride.ai is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you explicitly consent, such as when connecting social media accounts or authorizing integrations with other services.

GEOLOCATION TRACKING AND PRIVACY

epicride.ai relies on geolocation data to provide navigation, route planning, and weather forecasting. Understanding how we collect and use location data is crucial to your privacy.

How We Collect Location Data

• GPS Tracking: During active navigation sessions, we continuously track your GPS coordinates
• Route Planning: When you plan routes, we collect start/end locations and waypoints
• Background Tracking: If enabled, we may track location in the background for features like automatic ride recording
• Manual Input: You can manually enter locations when planning routes

How We Use Location Data

• Provide turn-by-turn navigation and route guidance
• Generate weather forecasts specific to your route and current position
• Share your live position with others when you choose to
• Analyze riding patterns to improve route recommendations
• Create heatmaps and statistics about popular riding areas (anonymized)

Location Privacy Controls

You have control over location tracking:

• Device Permissions: Grant or revoke location access through your device settings
• Background Tracking: Disable background location tracking in app settings
• History Deletion: Delete your route history at any time
• Offline Use: Some features work without continuous location tracking

Location Data Retention

• Active navigation sessions: Retained until you delete the route or your account
• Route history: Retained until you delete specific routes or your entire account
• Aggregated location data: May be retained indefinitely in anonymized form for research and improvement

YOUR PRIVACY RIGHTS AND CHOICES

Access and Data Portability

You have the right to access your personal information and receive a copy of your data in a portable format. You can export your data at any time through Settings > Legal & Privacy > Export My Data. This will generate a JSON file containing all your personal information, routes, vehicles, and activity history.

Correction and Updates

You can update your personal information, vehicle details, preferences, and emergency contacts at any time through the Settings screen. Changes are saved immediately and reflected across the platform.

Deletion and Account Closure

You have the right to request deletion of your personal information and closure of your account. To delete your account:

1. Go to Settings > Legal & Privacy
2. Click "Delete My Account"
3. Confirm twice that you want to permanently delete your account

Your account and all associated personal information are permanently deleted immediately upon confirmation. This action cannot be undone — there is no recovery period. Deleted data includes:

• Profile information and account credentials
• Route history and saved routes
• Vehicle information and preferences
• Biometric and readiness data (if connected)
• Content you've shared

Note: Limited data may persist briefly in routine encrypted backups until overwritten in the normal backup cycle. De-identified, aggregated data that can no longer be linked to you may be retained. Publicly shared content (e.g., shared routes) may remain visible but will be disassociated from your identity.

Opt-Out of Machine Learning

You can disable machine learning features that automatically adjust your weather comfort thresholds based on riding patterns. Go to Settings > Legal & Privacy and toggle off "Auto-Learn Weather Comfort Levels".

Opt-Out of App Crash Reports

You can disable automatic app crash reporting (Sentry) by toggling off "App Crash Reports" in Settings > Legal & Privacy. These are software error diagnostics about the app, not motorcycle or traffic incident reports. Note that this may limit our ability to identify and fix bugs.

Marketing Communications

If we offer marketing communications in the future, you will have the option to opt out through unsubscribe links in emails or through your account settings.

Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request confirmation of what personal data we process
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Opt out of certain data processing activities
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Your Rights Under Swiss Law (nFADP)

Under the Swiss Federal Act on Data Protection (nFADP), you have the following rights:

• Right to Information: Request confirmation of whether we process your personal data
• Right to Access: Obtain a copy of your personal data in a commonly used format
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Lodge a Complaint: File a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC)

Your Rights Under CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without facing discrimination

Exercising Your Rights

To exercise any of your privacy rights, contact us at founder@epicride.ai. We will respond to your request within:

• Swiss Law: 30 days (extendable by 30 days if complex)
• GDPR: 1 month (extendable by 2 months if complex)
• CCPA: 45 days (extendable by 45 days if necessary)

We may require verification of your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

DATA RETENTION

We retain your personal information for as long as necessary to provide Services and fulfill the purposes described in this Privacy Policy:

SECURITY

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, loss, misuse, or alteration. These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest, including AES-256-GCM encryption of wearable access tokens
• Access controls and authentication mechanisms
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

CHILDREN'S PRIVACY

epicride.ai is not intended for users under the age of 18. You must possess a valid motorcycle license to use our Services. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us at founder@epicride.ai.

INTERNATIONAL DATA TRANSFERS

Data Processing Location

epicride.ai is headquartered in Morges, Switzerland. Your personal information may be transferred to, stored, and processed in Switzerland, the European Union, the United States, or other countries where our service providers operate.

Swiss Data Protection Framework

Switzerland has been recognized by the European Commission as providing an adequate level of data protection. Data transfers within Switzerland and to the European Economic Area (EEA) are therefore subject to strong privacy protections.

Transfers Outside Switzerland and the EEA

When we transfer personal data to countries outside Switzerland and the EEA (such as the United States), we implement appropriate safeguards to protect your information, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission and Swiss Federal Data Protection and Information Commissioner (FDPIC)
• Data Processing Agreements: With service providers requiring them to protect your data according to Swiss and European standards
• Swiss-US Data Privacy Framework: For transfers to certified US organizations
• EU-US Data Privacy Framework: For transfers to certified US organizations

Your Rights Regarding Data Transfers

You have the right to obtain information about the safeguards we use for international data transfers. You may also object to certain transfers in specific circumstances. Contact us at founder@epicride.ai for more information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Updating the "Effective Date" at the top of this Privacy Policy
• Displaying a prominent notice within the app or on our website
• Sending an email notification to the address associated with your account

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

DATA PROTECTION AUTHORITY

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the appropriate data protection authority:

• Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC)
  Website: www.edoeb.admin.ch
• European Union: Your local data protection authority
  List: European Data Protection Board

CONTACT US