Privacy Notice

This privacy notice explains how MotoTribe ("we", "us") processes personal data when you use joinmototribe.com and related services (the "Service"). We process personal data in accordance with the Swiss Federal Act on Data Protection of 25 September 2020 (revFADP / nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Controller

Controller within the meaning of the revFADP and, where applicable, Art. 4(7) GDPR:

If we are established outside Switzerland and process data of persons in Switzerland on a large scale, we will appoint a representative in Switzerland in accordance with Art. 14 revFADP.

2. Categories of personal data

• Account data: name, email, password hash, language and notification preferences.
• Profile data: display name, photo, bike, riding style, location (city/region), bio.
• Content data: rides you create or join, posts, comments, photos, routes and meeting points.
• Usage and technical data: IP address, device and browser information, timestamps, log files, basic analytics.
• Communication data: messages you send through the Service and contact requests.

3. Purposes and legal basis

We process personal data for the following purposes:

• Providing the Service, your account and rider features (contract performance).
• Securing the Service, fraud prevention and abuse detection (legitimate interest).
• Sending service-related and, with consent, marketing communications.
• Improving the Service through aggregated analytics (legitimate interest).
• Complying with legal obligations under Swiss and applicable foreign law.

Under the revFADP, processing of personal data of private persons does not generally require a specific legal basis, but must comply with the principles of lawfulness, good faith, proportionality, purpose limitation and data security (Art. 6 revFADP). Where the GDPR applies, we rely on Art. 6(1)(a), (b), (c) and (f) GDPR.

4. Cookies and analytics

We use strictly necessary cookies to operate the Service (e.g. authentication and session management). Where we use optional analytics or marketing cookies, we will ask for your consent beforehand and you can withdraw it at any time.

5. Disclosure to third parties

We share personal data with carefully selected processors that help us operate the Service, under written agreements that meet Art. 9 revFADP requirements:

• Cloud hosting and database (Supabase / Lovable Cloud).
• Email delivery, push notification and infrastructure providers.
• Authentication providers if you choose to sign in via them.

We do not sell personal data. Disclosure to authorities only occurs where required by law.

6. International transfers

Personal data may be processed in countries outside Switzerland and the EEA. Where the recipient country does not provide an adequate level of protection as recognised by the Swiss Federal Council (Annex 1 of the FADP Ordinance), we ensure appropriate safeguards in accordance with Art. 16 revFADP, such as the Standard Contractual Clauses approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and, where relevant, the Swiss-U.S. Data Privacy Framework.

7. Retention

We retain personal data only as long as necessary for the purposes set out above or as required by law. Account and profile data are kept while your account is active and deleted or anonymised within a reasonable period after account deletion. Backups are overwritten on a rolling basis.

8. Your rights

Subject to legal restrictions, you have the right to information (Art. 25 revFADP), rectification, deletion, restriction of processing, data portability (Art. 28 revFADP) and to object to certain processing. Where processing is based on consent, you may withdraw it at any time with effect for the future.

To exercise these rights, contact us at info@joinmototribe.com. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) or, if the GDPR applies to you, with your local supervisory authority.

9. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access, in accordance with Art. 8 revFADP and Art. 32 GDPR.

10. Automated decision-making

We do not carry out automated individual decisions within the meaning of Art. 21 revFADP that produce legal effects on you or significantly affect you in a similar way.

11. Changes

We may update this privacy notice to reflect changes in our Service or legal requirements. The current version is always available at joinmototribe.com/privacy.