▼ Privacy Policy

This Privacy Policy describes how XY Bike Calculator ("we", "our", or "the application") handles information when you use our application. We are committed to protecting your privacy and ensuring you understand how your information is managed.

Data Controller

The data controller responsible for your personal data is:

XY Bike Calculator
Email: admin@xybikecalc.com

1. Information Collection and Storage

Our application collects and stores information in two ways:

Locally on Your Device (Browser Storage):

• User preferences (such as dark/light mode settings)
• Temporary calculator settings and measurements
• Session-specific information for persistence across page refreshes

Cloud Storage (Firebase - for registered users):

• User account information (email, authentication data)
• Saved rider profiles
• Saved bike configurations and measurements
• Client names associated with saved profiles

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR:

• Consent: When you create an account and use our services, you provide consent for us to process your data as described in this policy
• Contractual Necessity: Processing is necessary to provide the services you requested (calculator functions, saved data)
• Legitimate Interests: We use analytics to improve our service, which serves our legitimate interest in understanding user behavior while respecting your privacy rights

3. How We Use Your Information

The information stored is used solely for:

• Saving your calculator configurations and measurements
• Maintaining your preferences between sessions
• Providing a convenient way to access your previous calculations
• Improving your user experience by remembering your settings

4. Data Storage and Security

We use both local device storage and secure cloud services to store your data:

• Local Storage:
  • Calculator settings and temporary calculations
  • User preferences (like dark/light mode)
  • Session-specific information
• Cloud Storage (Firebase):
  • User account information
  • Saved bike positions and measurements
  • Client data associated with saved fits

All cloud data is stored securely using Firebase's infrastructure, which implements industry-standard security practices and encryption. Your saved data is only accessible through your authenticated account.

5. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for 90 days after account deletion
• Local Storage Data: Retained until you clear your browser storage or delete it manually
• Analytics Data: Retained according to Google Analytics retention settings (up to 26 months)
• Payment Records: Retained for 7 years to comply with financial regulations

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through our use of:

• Google Firebase: Data stored on servers that may be located outside the EEA. Google complies with GDPR through Standard Contractual Clauses (SCCs) and other approved transfer mechanisms
• Google Analytics: Analytics data processed by Google, which adheres to the EU-U.S. Data Privacy Framework
• Stripe: Payment processing that complies with GDPR and uses appropriate safeguards

These services implement appropriate safeguards to protect your data in accordance with GDPR requirements.

7. Third-Party Services

We use the following third-party services:

• Google Sheets API: Used exclusively for retrieving bike database information
• Google Analytics: Used to collect anonymous usage data to help us understand how users interact with our application and improve our service. This includes information such as:
  • Pages visited and time spent on each page
  • Your device type and browser information
  • Geographic location (country/region level)
  • How you found our website
• Firebase Authentication: Used to manage user accounts and secure access to saved bike positions. This service collects:
  • Email addresses for account creation
  • Authentication timestamps
  • Basic profile information (if provided)

8. Payments

We use Stripe as our third-party payment processor to handle donations. When you make a donation, your payment information is processed directly by Stripe and is subject to their privacy policy. We do not store or have access to your full payment details.

For more information, please review the Stripe Privacy Policy.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following data protection rights:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, subject to certain exceptions
• Right to Restrict Processing: You can request that we limit how we use your personal data
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
• Right to Object: You can object to our processing of your personal data, including for direct marketing purposes
• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time
• Right to Lodge a Complaint: You have the right to file a complaint with your local Data Protection Authority

To exercise any of these rights, please contact us at admin@xybikecalc.com. We will respond to your request within 30 days.

10. How to Control Your Data

You can manage your data in the following ways:

• Clear all locally stored data using your browser's settings
• Use the application's reset/clear functions to remove specific data
• Delete your account to remove all cloud-stored data
• Opt out of analytics tracking using browser extensions or privacy settings
• Request data deletion by contacting us directly

11. Cookies and Tracking Technologies

Our application uses the following cookies and storage technologies:

• Essential Cookies: localStorage and sessionStorage for calculator functionality, user preferences, and authentication
• Analytics Cookies: Google Analytics cookies to understand usage patterns (you can opt out using browser settings or extensions like uBlock Origin)
• Authentication Cookies: Firebase authentication tokens to maintain your login session

By using our service, you consent to the use of essential cookies. You can disable analytics cookies through your browser settings, though this may affect our ability to improve the service.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Secure authentication through Firebase
• Regular security assessments
• Access controls and monitoring

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Children's Privacy

Our service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. Any changes will be reflected on this page with an updated revision date. For material changes, we will provide notice through our service or by email.

15. Contact Us and Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us at:

Email: admin@xybikecalc.com

We will respond to all requests within 30 days as required by GDPR.

16. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your local authority through the European Data Protection Board.

Last updated: October 13, 2025