← Drafto

Privacy Policy — Drafto

Last updated: March 11, 2026

1. Data collected

  • GPS — Location data (GPS): position during rides, used for tracking and mapping. Collection only during active rides.
  • Account — Account data: email, display name, username, avatar (optional)
  • Performance — Performance data: distance, speed, elevation, duration, heart rate (if sensor connected), power, cadence
  • Photos — Ride photos: optional, stored securely
  • Analytics — Usage data: opt-in analytics via PostHog (anonymized)

2. Data NOT collected

  • Financial or banking data
  • Phone contacts
  • SMS or call history
  • Web browsing history
  • Personal files

3. Use of data

  • Tracking and displaying bike rides
  • Calculating statistics and personal records
  • Ghost Racing (comparison with previous times)
  • Leaderboards and segments
  • Social feed (sharing between users)
  • App improvement (anonymized analytics)

4. Storage and security

  • Data stored on Supabase (secure cloud infrastructure)
  • HTTPS/TLS encryption for all communications
  • Authentication tokens stored in Secure Keychain (iOS) / EncryptedSharedPreferences (Android)
  • Row Level Security (RLS) on all tables — each user only accesses their own data

5. Third-party services

Service Usage Data shared
SupabaseBackend & databaseAccount and ride data
RevenueCatSubscription managementUser ID, subscription status
PostHogAnalytics (opt-in)Anonymized events, no PII
SentryCrash reportsStack traces, no personal data
ExpoPush notificationsNotification token

No data is sold to third parties.

6. User rights (GDPR)

  • Right of access: export all your data from the app (Profile → Settings → Export my data)
  • Right of deletion: delete your account and all associated data (Profile → Settings → Delete account)
  • Right of rectification: modify your profile information at any time
  • Right of objection: disable analytics in settings

7. Data retention

  • Data is retained as long as the account is active
  • After account deletion: all data is irreversibly deleted within 48 hours
  • Backups are purged within 30 days

8. Minors

Drafto is not intended for children under 13. We do not knowingly collect data from minors.

9. Contact

For any questions regarding your personal data:

Email: contact@drafto.app