Privacy Policy

The information we process depends on how you use DropZone. Some parts of the product stay local on your device, while other features only activate if you create an account, sync data, publish routes, use premium tools, contact us, or connect optional integrations.

• Account and access data: name, email, profile image and basic Google data if you use Google Sign-In; email, credentials, sessions, tokens and recovery data if you use email and password or request a password reset.
• Profile and settings data: name or nickname, age, sex, weight, height, weight history, avatar, preferences, language, technical app or device identifiers, and sync state.
• Workout and community data: GPS coordinates, altitude, time, distance, speed, activity type, linked bike, saved routes, attempts, rankings, feedback, and public-route review status.
• Sensor and health data: accelerometer, gyroscope and, if you connect them, Health Connect or Apple Health data such as heart rate, sleep, calories, steps, and compatible workouts.
• Website and support data: if you contact us or use website forms, we may process your name, email, locale, referrer, user agent, source IP hash, and the content of your request.
• Subscription and billing data: plan, status, product id, base plan, management URL, and Google Play purchase metadata needed to enable or validate DropZone Pro. We do not store full card numbers.
• Technical and security data: basic service logs, session events, IP addresses or IP hashes where needed for rate limiting, security, fraud prevention, or operational support.
• Derived or inferred data: performance statistics, readiness, session comparisons, automated terrain detections, review states, commercial flags, and other metrics generated from the data you record or connect.

Where required by law, our main legal bases are: performance of the service for account, sync, route, and support features; consent for health data and optional permissions; legitimate interest for security, moderation, reasonable support, and internal operations; and legal obligation where we must retain or disclose specific information.

By default, much of your data stays on your device and ride tracking can work offline. If you enable sync or use web or remote features, the relevant data is sent over HTTPS and associated with your account or with technical identifiers needed to operate DropZone.

We retain information for as long as needed to provide the service, maintain security, resolve disputes, operate the account, support subscription states, answer requests, and comply with applicable law. Not every category is retained for the same duration, and deletion may leave temporary residual copies in protected backups or logs.

Depending on the provider involved, some processing may happen outside your country of residence, including in the United States or other jurisdictions where our processors operate. Where appropriate, we aim to rely on reasonable contractual, technical, or organizational safeguards for transferred information.

We only request permissions when a feature needs them, and we only share data with infrastructure, processors, or third parties that serve a specific operational purpose or a legal requirement.

• Device permissions may include foreground and background location, notifications, photo library, camera, image saving, motion sensors, and health data access when you enable those features.
• Google may process authentication data if you choose Google Sign-In, under Google's own terms and privacy policy.
• Cloudflare Workers, D1, and related services may process sync data, website form data, legal contact requests, and technical platform operations.
• Google Play handles purchases, renewals, cancellations, refunds, and part of the subscription metadata required to enable or validate DropZone Pro.
• Open-Meteo and OpenTopoData may receive limited coordinates or geographic context for weather and elevation correction without needing your name or health data.
• Our transactional email provider may process your email address and the minimum content needed for password reset, legal contact, or operational messages related to your account.
• If AI summary or AI-based weekly plan is enabled in your build and plan, part of the workout context may be processed by a configured remote service. We also apply HTTPS/TLS, token-based authentication, and reasonable access controls.
• We may also disclose information where necessary to comply with law, answer valid legal requests, investigate fraud or abuse, protect rights and safety, or support claims related to the service.
• We currently do not sell personal information or share it for cross-context behavioral advertising. We also do not maintain a public data-resale or user-data syndication program.
• We apply reasonable technical and organizational security measures, but no system is fully immune to incidents, unauthorized access, or third-party failures.

The controller of personal data related to DropZone is Julian Corsino, an independent developer based in Argentina. For privacy, personal-data, account, or rights requests, you can contact legal@dropzonebike.com.

You can request access, correction, update, export, or deletion of data; you can also revoke permissions, disable sync, and delete your account from the app or through the legal contact identified above. If you are in the EU, EEA, or UK, you may also request portability, restriction, or objection where applicable. Where required, we may request additional information to verify ownership before fulfilling the request.

If you live in California, you may request to know, correct, or delete personal information as allowed by applicable law, and you may do so directly or, where law permits, through an authorized agent subject to reasonable verification. We currently state that we do not sell or share personal information for cross-context behavioral advertising.

DropZone is not directed to children and should not be used if you cannot validly consent in your jurisdiction. If we determine that we process personal data from someone who could not validly consent, we may limit the account or delete the information as appropriate.

We may update this policy to reflect legal, technical, or product changes. If we make material changes, we will publish the updated version and effective date on the website or within the app.