BikeManager is an iOS app for bicycle maintenance with Strava integration. We only collect what is necessary to make the app work. Your data is stored locally on your device. Firebase is used exclusively for push notifications when new Strava activities are detected. We use no analytics, advertisements, or tracking cookies. We do not sell your data.
1. Who we are
BikeManager is developed by Dynamic Stability Training, based in the Netherlands.
| App | BikeManager for iOS |
| Bundle ID | com.dst.bikemanager |
| Contact | contact@bikemanager.io |
2. What data we collect
2.1 Via Strava (with your permission)
When you connect your Strava account, we request access with the scopes read and activity:read_all. We retrieve the following:
| Category | Data |
|---|---|
| Profile | Athlete ID, username, first and last name |
| Bikes | Name, brand, model, total distance, primary bike |
| Activities | Name, type, distance, elevation gain, moving time, date, linked bike |
| Statistics | Year-to-date total distance |
The Strava API returns additional fields by default (such as speed, calories, and route polyline). These are not stored — only the fields listed above are cached locally.
Tokens: Strava access and refresh tokens are securely stored in the iOS Keychain (kSecAttrAccessibleWhenUnlockedThisDeviceOnly).
2.2 Entered by you
| Category | Data |
|---|---|
| Bike components | Name, type, icon, maximum kilometres, replacement date, width |
| Maintenance log | Task name, date, odometer reading, notes |
| Settings | Maintenance thresholds, notification preferences, sync settings |
| Feedback | Title, description, category (voluntarily submitted) |
2.3 Collected automatically
| Data | Purpose |
|---|---|
| FCM device token | Delivering push notifications |
| App version & iOS version | Only when submitting feedback |
| Device model | Only when submitting feedback |
2.4 What we do NOT collect
- No current location or GPS tracking
- No contacts or address book
- No device identifiers (UDID, IMEI, advertising ID)
- No IP addresses
- No browsing or usage behaviour
- No health data (beyond what Strava provides)
- No payment information (handled by Apple)
- No analytics or crash reports
- No cookies
3. Where your data is stored
3.1 Locally on your device
The majority of your data is stored locally via CoreData on your iPhone:
- Bikes, components, and maintenance logs
- Activities (cached from Strava)
- App settings (via UserDefaults)
- Strava tokens (via iOS Keychain, encrypted)
This means: Your bikes, components, maintenance logs, and settings never leave your device.
3.2 Firebase (Google Cloud)
Firebase is used for authentication and push notifications. No settings, maintenance logs, or activities are synced to Firebase.
| Service | Data | Region |
|---|---|---|
| Firestore | FCM device token, push preference | europe-west1 |
| Firebase Auth | Strava athlete ID (as user ID) | Europe |
| Cloud Messaging | Device token for push notifications | Google infrastructure |
| Cloud Functions | Webhook events, OAuth exchange, feedback | europe-west1 |
Access control: Firestore rules ensure that only you (authenticated via your Strava account) can read and write your own data.
3.3 External services
| Service | Purpose | Data shared |
|---|---|---|
| Strava API | Retrieve activities, bikes, and profile | OAuth tokens, API requests |
| Firebase (Google) | Authentication, push notifications, cloud functions | See table above |
We do not share your data with advertisers, data brokers, or other third parties.
Strava may monitor and collect data related to your use of the Strava API through BikeManager, in accordance with the Strava Privacy Policy.
4. Why we process your data
| Purpose | Legal basis (GDPR) |
|---|---|
| App functionality (bikes, maintenance) | Performance of contract |
| Strava integration | Your consent (OAuth) |
| Push notifications for activity sync | Your consent (in-app setting) |
| Processing feedback | Legitimate interest |
| Security and error prevention | Legitimate interest |
5. Data retention
| Data | Retention period |
|---|---|
| Local data (CoreData, Keychain) | Until you log out or delete the app |
| FCM token (Firestore) | Overwritten on new token; deleted on logout or account deletion |
| Webhook deduplication (Firestore) | Activity IDs for deduplication; deleted on account deletion |
| Strava data | Deleted within 48 hours after you disconnect Strava |
| Feedback tickets | Retained as long as necessary for support purposes |
6. Your rights
Regardless of where you live, we provide you with the following rights (in accordance with the GDPR):
| Right | How |
|---|---|
| Access | View your data in the app or request an export |
| Rectification | Edit your data directly in the app |
| Erasure | Delete your account via app settings |
| Disconnect Strava | Disconnect in the app or via strava.com/settings/apps |
| Portability | Request a data export via email |
| Objection | Contact us to object to processing |
| Complaint | File a complaint with the Dutch Data Protection Authority |
Response time: Within 1 month, free of charge.
7. Security
We take the following measures to protect your data:
- Keychain storage: Strava tokens are stored encrypted using iOS Keychain, accessible only when your device is unlocked
- Firestore security rules: Only authenticated users can read/write their own data
- OAuth 2.0: Secure authentication with Strava via industry-standard protocol
- Firebase Auth: Custom token authentication linked to your Strava account
- HTTPS: All communication with external services is encrypted in transit
- No server-stored passwords: We do not store passwords; authentication is handled entirely via Strava OAuth
No method of electronic transmission or storage is 100% secure. We do our best, but cannot guarantee absolute security.
8. Children
BikeManager is not intended for children under 16 years of age. We do not knowingly collect data from children. If you believe a child under 16 has provided their data, please contact us so we can delete it.
9. International data transfers
Your data may be processed in countries outside the European Economic Area (EEA), specifically:
- Google/Firebase: Servers in
europe-west1(Belgium), but Google is a US-based company. Transfers are protected by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
10. Changes to this policy
We may update this privacy policy from time to time. In the event of substantial changes, we will inform you via:
- A notification in the app
- An update to the "last updated" date at the top of this document
We recommend reviewing this policy periodically.
11. Contact
For questions about this privacy policy or your data:
Email: contact@bikemanager.io
Supervisory authority: Dutch Data Protection Authority — autoriteitpersoonsgegevens.nl