Privacy Policy — Social Ride
Last updated: May 12, 2026
This policy describes how Social Ride ("the app", "we") collects, uses and protects the personal data of its users ("you", "the user").
1. Data controller
Social Ride. For any inquiry about your data you can write to us at support@socialride.net.
2. Data we collect
2.1 Data you provide
- Email, username, name, profile picture and bio.
- Garage vehicles (make, model, year, power, etc.).
- Photos and videos you upload (stories, meetup photos, view-once
"single-look" messages).
- Messages you send in private or group chats.
2.2 Data generated when using the app
- GPS location during route recording (latitude, longitude, speed,
altitude, timestamp). Collected only while you have an active recording or have consented to share your live location.
- Derived metrics: distance, duration, top and average speed,
consumption, completed segments, KOR (King of the Road).
- Reactions, comments, likes and story views.
2.3 Technical data
- Device identifier (for session and push notifications).
- Operating-system version, device model.
- Anonymized error logs (via Sentry, with no personal content).
3. Legal basis for processing
- Contract performance: we need your account and your data to
provide the service (Art. 6.1.b GDPR).
- Consent: location, push notifications, camera, gallery
(revocable at any time from the system settings).
- Legitimate interest: abuse detection and content moderation.
4. Who we share your data with
- Supabase (database and authentication provider, hosted in the
EU). Privacy: https://supabase.com/privacy
- MapTiler / OpenFreeMap (map tiles and geocoding).
Privacy: https://www.maptiler.com/privacy-policy/
- Stadia Maps (Valhalla route calculation).
Privacy: https://stadiamaps.com/privacy/
- OpenStreetMap contributors (road data, speed limits and fixed
cameras — ODbL license).
- Apple / Google (premium in-app purchases, push notifications).
- Sentry (error logs, with no personal content).
We do not sell your data to third parties for commercial purposes.
5. Your rights
Under GDPR you have the right to:
- Access: request a copy of all your data.
- Rectification: correct inaccurate data.
- Erasure ("right to be forgotten"): you can delete your account
from Profile → Privacy and security → Delete account. Deletion is permanent and irreversible.
- Portability: ask us for your data in a machine-readable format.
- Objection and restriction of processing.
To exercise any of these rights, write to us at support@socialride.net.
6. Retention
- Account data: while the account is active.
- Driving sessions (routes): until you delete them yourself or delete
the account.
- View-once messages: deleted as soon as the recipient views them.
- Meetup chats: 12 hours after the event.
- Error logs: 90 days.
7. Minors
Social Ride is not directed at children under 16. If we detect an account belonging to a minor, we will suspend it.
8. Security
- TLS 1.2+ on all client–server traffic.
- RLS (Row Level Security) enabled on every Supabase table.
- Passwords hashed with bcrypt + checked against HaveIBeenPwned
(when the Pro plan is enabled).
- No local plain-text password storage.
9. International transfers
Data is stored in the EU region. If in the future we engage sub-processors outside the EEA, we will notify you and rely on Standard Contractual Clauses (SCCs) from the European Commission.
10. Changes to this policy
We will notify you in-app when we make material changes. The date at the top of this document always reflects the latest version.