Skip to content
MotoVaultMotoVault
Trip Planning
Multi-day routes & GPX export.
Diagnóstico IA
Snap a photo, get the answer.
Garagem
Unlimited bikes, one vault.
Aprendizado
Go from novice to expert.
Explorar rotasFAQPro
EntrarBaixar o App

Política de Privacidade

Last updated: April 30, 2026

Introduction

MotoVault ('we', 'us', 'our') respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how MotoVault, established in the Slovak Republic (European Union), collects, uses, discloses, and safeguards information when you use the MotoVault mobile application, the motovault.app website, and related services (together, the 'Service'). For purposes of the EU/UK General Data Protection Regulation (GDPR), MotoVault is the data controller of your personal data. If you have any questions about this policy or our data practices, contact us at [email protected].

Information We Collect

We collect the following categories of personal information: (1) Account & authentication data — email address, display name, profile photo, and federated identifiers when you sign in via Supabase Auth (Google, Apple, or email/password); (2) Motorcycle & garage data — make, model, year, VIN, mileage, maintenance records, expenses, and photos you add to your garage; (3) Diagnostic images & inputs — photos and descriptions you submit for AI-assisted diagnostic analysis; images are processed in real time and not stored permanently after analysis; (4) Location & ride data — when you use trip planning, the ride logging HUD, GPX export, or 'Explore Routes', we process precise GPS coordinates, speed, heading, altitude, distance, duration, and ride traces. Location is collected only while the relevant feature is active and only after you grant explicit operating-system permission; (5) Community & user-generated content — public rider handle, profile bio, posts, comments, likes, follows, photos, and routes you choose to share with the community; (6) Subscription & purchase data — receipts, subscription status, and entitlement information processed through Apple App Store and Google Play; we do not store full payment-card numbers on our servers; (7) Usage analytics — feature interactions, screens viewed, performance metrics, and aggregated engagement signals collected via PostHog; (8) Crash & error data — stack traces, device state, and error context collected via Sentry; (9) Device & technical data — device model, operating system, app version, language, time zone, IP address, and device identifiers needed for authentication and security; (10) Communications — emails, support tickets, and feedback you send us.

How We Use Your Information

We use your information to: (1) provide, operate, and maintain the Service, including account management, the garage, AI diagnostics, learning content, ride logging, trip planning, route exploration, and community features; (2) process subscription purchases and manage entitlements; (3) personalize your experience and remember your preferences; (4) generate AI-assisted diagnostic results and educational content; (5) communicate with you about service updates, security alerts, and important policy changes, and (with your consent where required) product news; (6) understand how the Service is used so we can improve features, performance, and reliability; (7) detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms; (8) comply with legal obligations, enforce our agreements, and respond to lawful requests from public authorities. We do not sell your personal data, and we do not share it for cross-context behavioural advertising. We do not rent your data to third parties for their own marketing purposes.

Legal Basis for Processing (EU/UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following lawful bases of GDPR Article 6: (1) Performance of a contract — to create and operate your account, deliver the features you request (garage, diagnostics, ride logging, trip planning), and provide subscription benefits; (2) Consent — for processing that requires opt-in, including precise location collection, push notifications, optional marketing emails, and non-essential analytics or cookies. You can withdraw consent at any time without affecting prior lawful processing; (3) Legitimate interests — to secure the Service, prevent fraud and abuse, debug crashes, conduct aggregated analytics, and improve our products, where these interests are not overridden by your rights and freedoms; (4) Legal obligations — to comply with tax, accounting, consumer protection, and law-enforcement obligations under Slovak and EU law. We do not use the Service to make solely automated decisions producing legal or similarly significant effects on you within the meaning of GDPR Article 22.

Service Providers and Sub-processors

We share personal data only with vetted service providers who act as our processors and are bound by written data-processing agreements. Current sub-processors include: (1) Supabase — database, authentication, and file storage (EU/US regions); (2) Anthropic — Claude AI for diagnostic and educational content generation (United States; submitted data is not used to train foundation models); (3) Mapbox — maps, geocoding, and route rendering for trip planning and explore (United States); (4) Sentry — application error and crash monitoring (United States/EU); (5) PostHog — product analytics and feature usage telemetry (EU region); (6) Apple App Store and Google Play — in-app purchases and subscriptions; (7) a transactional email provider — service-related emails; (8) NHTSA vPIC — public motorcycle catalog (no personal data shared). We may also disclose information when required by law, in response to lawful requests by public authorities, to protect our rights and the safety of our users, or in connection with a corporate transaction (e.g., merger, acquisition) where the recipient agrees to honor this Privacy Policy. An up-to-date list of sub-processors is available on request.

Cookies and Similar Technologies

Our website uses cookies and similar technologies (local storage, session storage, device identifiers) to keep you signed in, remember preferences such as language, measure aggregated traffic, and protect against fraud. Strictly necessary cookies are set by default. Analytics and other non-essential cookies are loaded only after you provide consent through our cookie banner where required by EU/UK ePrivacy rules. You can withdraw consent at any time via 'Cookie Settings' in the website footer or by clearing cookies in your browser. The mobile app uses native device identifiers and on-device storage rather than HTTP cookies; you can reset advertising identifiers in your device settings.

Data Retention

We retain personal data only as long as necessary for the purposes described above or as required by law: (1) Account profile and garage data — kept while your account is active; deleted within 30 days of account deletion (with up to 90 days in encrypted backups); (2) Ride and location data — kept while your account is active; you can delete individual rides at any time; (3) Diagnostic images — processed and deleted within 24 hours of analysis; only the resulting text-based diagnosis is kept with your account; (4) Subscription and billing records — retained for the period required by Slovak tax and accounting law (currently up to 10 years for invoices); (5) Usage analytics — retained for up to 12 months in identifiable form, then aggregated; (6) Crash and error logs — retained for up to 90 days; (7) Support communications — retained for up to 24 months after the issue is closed; (8) Backups — disaster-recovery backups are rotated within 30 days. Where required by law (litigation hold, regulatory request, fraud investigation), we may retain specific records for longer.

Data Security and Breach Notification

We implement appropriate technical and organisational measures to protect personal data, including: TLS 1.2+ encryption in transit; encryption at rest for databases and file storage; JWT authentication validated locally; secure native key storage on mobile (expo-secure-store; never AsyncStorage); least-privilege access controls and audit logging for staff; mandatory security training; and regular dependency, infrastructure, and code-review processes. Despite these safeguards, no system can guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (the Slovak Office for Personal Data Protection) without undue delay and, where feasible, within 72 hours of becoming aware, in line with GDPR Articles 33–34. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay.

Your Privacy Rights

Depending on where you live, you may have the following rights: (1) Access — obtain a copy of the personal data we hold about you; (2) Rectification — correct inaccurate or incomplete data; (3) Erasure / 'right to be forgotten' — request deletion of your data; (4) Restriction — limit how we process your data in specific circumstances; (5) Portability — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller; (6) Objection — object to processing based on legitimate interests, including profiling; (7) Withdraw consent — at any time where processing is based on consent; (8) Lodge a complaint — with a supervisory authority. EU/EEA users can complain to the Slovak Office for Personal Data Protection (Úrad na ochranu osobných údajov SR, https://dataprotection.gov.sk) or to the authority of their EU country of residence. UK users can complain to the Information Commissioner's Office (ICO). California residents have additional CCPA/CPRA rights: the right to know what personal information we collect and how it is used and shared, the right to delete, the right to correct, the right to opt out of 'sale' or 'sharing' of personal information (we do not sell or share for cross-context behavioural advertising), and the right to limit the use of sensitive personal information (which includes precise geolocation). California residents may exercise these rights at [email protected] and may designate an authorized agent. We will not discriminate against you for exercising any of these rights. We respond to verifiable requests within 30 days for GDPR (extendable by up to 60 additional days for complex requests) and within 45 days for CCPA/CPRA (extendable by 45 additional days with notice).

Children's Privacy

MotoVault is intended for adults and is not directed at children. We do not knowingly collect personal data from children below the age of digital consent in their country: 16 years for users in the European Union (16 in Slovakia, with some EU member states having lowered the age to 13–15), 13 years in the United States and the United Kingdom, and the equivalent local minimum elsewhere. If we learn that we have collected personal data from a child below the applicable age without verifiable parental consent, we will delete that data promptly. Parents or guardians who believe their child has provided us with personal data should contact [email protected] immediately so we can investigate and delete the data.

International Data Transfers

MotoVault is established in Slovakia (European Union). Some of our service providers are located outside the EEA, including in the United States (Anthropic, Mapbox, Sentry, parts of Supabase). Where we transfer personal data outside the EEA/UK/Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards under GDPR Chapter V — primarily the European Commission's Standard Contractual Clauses (Decision 2021/914) supplemented, where appropriate, by additional technical and organisational measures (encryption in transit and at rest, pseudonymisation, transfer impact assessments). For transfers from the United Kingdom, we use the UK International Data Transfer Addendum. You can request a copy of the safeguards in place by emailing [email protected].

Account Deletion

You can delete your account at any time from within the mobile app: Settings → Privacy & Data → Delete My Account. You can also request deletion by visiting motovault.app/account-deletion or by emailing [email protected]. After confirmation, we will permanently delete or irreversibly anonymise your personal data within 30 days from active systems and within 90 days from encrypted backups, except for records we are required to keep by law (e.g., tax invoices) and aggregated/anonymised data that can no longer identify you. Deleting your account does not refund any active subscription; manage subscriptions through the App Store or Google Play.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by displaying a prominent notice in the app or on our website at least 14 days before the changes take effect. The 'Last updated' date at the top of this policy reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

Data Controller

The data controller responsible for your personal data is MotoVault, established in the Slovak Republic, European Union. For privacy-related inquiries, contact us at [email protected]. While we are not currently required to appoint a Data Protection Officer, all privacy questions are routed to our internal privacy lead at the same address. EU/UK users may also lodge a complaint with their local supervisory authority — see 'Your Privacy Rights' above.

Contact Us

If you have questions, concerns, or want to exercise any of your rights, contact the MotoVault Privacy Team at [email protected]. We aim to respond within 30 days. A postal address is available on request. EU residents may also lodge a complaint with the Slovak Office for Personal Data Protection (https://dataprotection.gov.sk) or the supervisory authority of their EU country of residence; California residents may contact the California Attorney General.

MotoVaultMotoVault

O companheiro do motociclista. Planeje, registre, faça a manutenção e diagnostique — tudo em um app gratuito, feito por motociclistas.

App StoreGoogle Play
Produto
Planejamento de ViagensDiagnóstico por IAControle de ManutençãoControle de DespesasRegistro de Pilotagens
Recursos
FAQMotociclistasContato
Jurídico
PrivacidadeTermos
MotoVault
© 2026 MotoVault · Feito por motociclistas, para motociclistas.motovault.app