Privacy Policy

Effective Date: March 18, 2026

1. Data Controller

Tiiks ("Company", "we", "us", "our") is the data controller responsible for your personal data.

Contact: contact@tiiks.com
Website: https://tiiks.com

2. Information We Collect

We collect the following categories of personal data:

a) Account Information

• Strava user ID and authentication tokens
• Display name and profile photo (from Strava)
• Email address (if provided)
• Language and distance unit preferences

b) Activity & Bicycle Data

• Ride activities synced from Strava (distance, date, duration)
• Bicycle details (brand, model, year, frame size, frame number)
• Component information (type, brand, model, installation date, mileage)
• Service and maintenance records
• Component reviews and ratings you submit

c) Subscription and Payment Data

• Subscription status, plan, renewal date, and entitlement state (via RevenueCat)
• Transaction metadata from app stores (for Apple/Google in-app purchases)
• Limited billing identifiers and payment status metadata from Stripe where web payments are available
• We do not store full card numbers or card security codes

d) Device & Usage Data

• Device type, operating system, and version
• App version and crash reports (via Sentry)
• Usage analytics and feature engagement (via PostHog)
• Push notification tokens
• IP address (processed but not stored long-term)

3. Legal Basis for Processing (GDPR - EU/EEA Users)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide the App's core functionality - syncing rides, tracking components, and sending service reminders.
• Legitimate Interest (Art. 6(1)(f)): Analytics to improve the App, fraud prevention, and security. We balance our interests against your rights and do not process data where your interests override ours.
• Consent (Art. 6(1)(a)): Marketing communications, push notifications, and optional data sharing. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal Obligation (Art. 6(1)(c)): Where required to comply with applicable laws, regulations, or legal proceedings.

4. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve the App
• Sync your ride data from Strava and calculate component wear
• Send service reminders and replacement recommendations
• Display component reviews and ratings from the community
• Maintain your bicycle and maintenance history
• Process subscription payments and manage your account
• Send push notifications (with your consent)
• Analyze usage patterns to improve the App experience
• Detect, prevent, and address technical issues and abuse
• Communicate updates, security alerts, and support messages

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following categories of recipients:

• Strava, Inc. - to authenticate your account and sync ride data (governed by Strava's API Agreement and Privacy Policy)
• Google Firebase / Firestore - cloud database and authentication infrastructure (data processed in the EU/US per Google Cloud's Data Processing Terms)
• RevenueCat - subscription status management, entitlement validation, and billing event synchronization
• Stripe - payment processing infrastructure where web checkout is available
• Sentry - error tracking and crash reporting (processes device and error data)
• PostHog - product analytics (processes anonymized usage events)
• Apple / Google - push notification delivery and in-app purchase processing
• Supabase - supplementary database services

All third-party service providers act as data processors on our behalf and process personal data only in accordance with our instructions. All third-party processors are bound by data processing agreements that require them to protect your data in accordance with GDPR standards.

We may also disclose your data if required by law, subpoena, or court order, or to protect our rights, safety, or property.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country or region of residence, including the European Economic Area (EEA), the United Kingdom, and the United States. When we transfer data internationally, we apply appropriate safeguards, including:

• EU-U.S. Data Privacy Framework certification of our processors, where applicable
• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Addendum (IDTA) or equivalent UK-approved safeguards, where applicable
• Adequacy decisions issued by competent authorities, where applicable

You may request a copy of the relevant transfer safeguards by contacting us.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account and bicycle data: retained until you delete your account
• Activity data: retained while your account is active
• Analytics data: anonymized or deleted within 24 months
• Crash reports: retained for 90 days
• Push notification tokens: deleted when you disable notifications or delete your account

After account deletion, we may retain certain data for up to 30 days in backups, after which it is permanently deleted. We may retain anonymized, aggregated data indefinitely for statistical purposes.

8. Your Rights Under GDPR (EU/EEA Users)

If you are located in the EU/EEA, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18): Request that we restrict the processing of your data in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest, including profiling.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.
• Right to Lodge a Complaint: You may file a complaint with your local Data Protection Authority (e.g., UODO in Poland, CNIL in France, ICO in the UK).

To exercise these rights, contact us at contact@tiiks.com. We will respond within 30 days.

9. Your Rights Under US and Other Regional Privacy Laws

a) California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

• Right to Know: Request the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at contact@tiiks.com. We will verify your identity before processing. You may also designate an authorized agent to make requests on your behalf.

b) Other US States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with consumer privacy laws have similar rights to access, delete, and correct their data, and to opt out of targeted advertising.

c) Other Regions

Depending on your jurisdiction (for example, the UK, Canada, Brazil, Australia, or other countries with applicable privacy laws), you may have rights to access, correct, delete, restrict, object to certain processing, withdraw consent, and lodge complaints with local supervisory authorities. Where required by local law, we honor those rights and provide the applicable response timelines.

To exercise any of these rights, contact us at contact@tiiks.com.

10. Children's Privacy

The App is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

Where local law sets a different age threshold (for example, under 13 in certain jurisdictions), we apply the stricter requirement required by applicable law.

If you believe we have collected data from a child under the applicable legal age, please contact us at contact@tiiks.com.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Firebase Authentication with secure token management
• Access controls and authentication for administrative systems
• Regular security reviews and monitoring
• Incident response procedures

In the event of a personal data breach, we will notify affected users and relevant authorities where required by applicable law.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

12. Push Notifications

Push notifications are optional and require your explicit consent. With your consent, we send push notifications for service reminders, component alerts, and app updates. You can manage or disable push notifications at any time through your device settings or within the App.

13. Analytics and Tracking

We use PostHog for product analytics to understand how the App is used and to improve the user experience. Analytics events are associated with your user ID for feature improvement purposes.

We use Sentry for crash reporting and error tracking to maintain App stability.

Where required by applicable law, we obtain your consent before collecting analytics data on your device.

We do not use cookies for advertising purposes. We do not use tracking technologies for advertising purposes. We do not participate in cross-app tracking or serve targeted advertisements.

14. Do Not Track

The App does not respond to "Do Not Track" browser signals, as there is no industry-standard technology for mobile apps. However, we provide you with choices about data collection as described in this Privacy Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice within the App or sending you a notification at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AT Software
Legal name: Anton Temchenko Software
Tax ID (NIP): 5252891432
REGON: 520944158
Address: Zeganska Street 21/23, 04-713 Warsaw, Poland
Website: https://tiiks.com
Support: support@tiiks.com
Other inquiries: contact@tiiks.com

For GDPR-related inquiries, you may also contact your local Data Protection Authority.