Privacy Policy

Last updated: April 2026

Privacy Policy

Overview

Ride Director (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our iOS application and related services.

Information We Collect

Account Information

  • Apple ID: We receive a unique identifier from Sign in with Apple. We do not receive or store your email address.
  • Display Name: The name you choose to show to other riders during group rides.

Ride Data

  • GPS Location: Location data is processed on your device for real-time commentary. Raw GPS coordinates are never sent to our servers unless you explicitly share a Ghost track.
  • Route Fingerprints: Anonymized route identifiers (SHA-256 hashes) are stored locally for ride-over-ride comparison.
  • Ride Statistics: Duration, distance, and pace data are stored locally on your device.

Ghost Tracks

  • When you create a Ghost Challenge, the GPS track is uploaded to our servers (Cloudflare R2) so other riders can race against it. This data is associated with a challenge code, not your personal identity.

Strava Data

  • With your permission, we read segment definitions and personal records from Strava for AI commentary. We use Strava’s OAuth proxy — your Strava credentials are never stored on our servers.
  • Ride activities are auto-uploaded to Strava after each ride.

How We Use Your Information

  • AI Commentary: Location and historical data processed on-device to generate broadcast commentary.
  • Ghost Challenges: GPS tracks stored on our servers to enable asynchronous competition.
  • Team Radio: Real-time location shared with group members during active team rides only.
  • Service Improvement: Anonymized, aggregated usage statistics.

Data Storage & Security

  • On-Device: All core computation (GPS analysis, broadcast decisions, audio mixing) runs locally on your iPhone.
  • Cloud Storage: Cloudflare Workers (edge computing), Cloudflare D1 (database), Cloudflare R2 (object storage). All data is encrypted in transit (TLS) and at rest.
  • Minimal Server Data: Our database stores only: user ID, display name, Apple subject ID, session metadata, and subscription status.

Third-Party Services

ServicePurposeData Shared
AppleAuthentication, SubscriptionsApple ID token
StravaSegment data, Activity uploadOAuth token (server-side only)
CloudflareInfrastructureEncrypted service data
ElevenLabsVoice synthesisText for TTS generation

Data Retention

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Ghost Tracks: Retained for 90 days after last access, then automatically deleted.
  • Ride History: Stored locally on your device. Deleted when you uninstall the app.

Your Rights

You have the right to:

  • Access your personal data
  • Delete your account and associated data
  • Export your ride data
  • Opt out of Ghost track sharing at any time
  • Revoke Strava connection at any time

Children’s Privacy

Ride Director is not intended for users under 17 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app.

Contact

For privacy inquiries, contact us at privacy@ride.director.

Download Ride Director