RideTayoBack to site

Legal

Privacy Policy

Effective date: March 25, 2026  ·  Last updated: March 25, 2026

1. Introduction

RideTayo ("we", "us", or "our") operates the RideTayo mobile application and supporting backend services (collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have regarding your information.

By creating an account or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

For questions or concerns, contact us at [email protected].

2. Information We Collect

2.1 Information You Provide Directly

When you register or use the Service, you may provide:

Account & Identity: email address, full name, username (permanent once set), password (stored as a hash), profile photo, date of birth, nationality, and a short bio.

Motorcycle & Garage Data: bike details (name, brand, model, year, plate number, purchase date, story), bike photos, modification records (name, category, description, photos), and bike status.

User-Generated Content: posts (text and images), comments, route reviews (rating and text), route waypoints and metadata (name, description, region, coordinates, distance).

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

Session Data: IP address, user agent (browser/device type), and last-active timestamps collected server-side with each authenticated request.

Device Information: app version and device type collected via Expo Application Services (EAS) during builds and over-the-air updates.

The mobile app does not use cookies. No cross-app or cross-site tracking is performed.

2.3 Information from Third-Party Sign-In Providers

If you sign in with Google, Apple, or Facebook, we receive your name, email address, and profile photo from those providers. OAuth identity tokens are exchanged for a session token and are not stored on your device beyond that exchange. We do not receive your password from these providers.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service — account management, route display, navigation features, and the rider passport system. • Authenticate and secure your account — verifying identity, issuing session tokens, and detecting suspicious activity. • Enable social features — displaying your posts, profile, follower counts, and route reviews to other riders as governed by your privacy settings. • Send push notifications — for social activity (likes, comments, follows) and route updates, when you have opted in. Certain safety-critical notifications may be non-optional while your account is active. • Comply with legal obligations and enforce our Terms & Conditions.

4. How We Share Your Information

We do not sell your personal data to data brokers or advertisers.

Public Profile Data: Your name, username, avatar, bio, badge, and follower/following counts are visible to other riders by default. You can set your profile to private in Settings.

Posts and Route Reviews: Content you post is visible to other users of the Service.

Third-Party Service Providers: We share data with the following providers solely to operate the Service: • Google Maps SDK & APIs — for map display, route distance calculation, and reverse geocoding (waypoint coordinates and search queries are shared). • Firebase / Google Cloud Messaging — for push notification delivery (device token and notification metadata). • Expo Application Services — for app builds and over-the-air updates (device type and app version). • Cloud hosting provider — for server and database infrastructure.

Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal process.

5. Data Storage and Security

Server-side data is stored on secured infrastructure with encryption in transit (HTTPS/TLS) and encryption at rest. We implement standard security practices including access controls, authentication, and monitoring.

On your device: • Your session token is stored in the device's secure keychain via expo-secure-store. • Route data is cached locally in a SQLite database (ridetayo.db) and automatically evicted after 24 hours. • App settings and UI preferences are stored in AsyncStorage on your device only and are not transmitted to our servers beyond what is needed to sync your preferences.

No security measure is perfect. If you discover a security vulnerability, please report it to [email protected].

6. Data Retention and Deletion

Account Deletion: You may delete your account at any time from the Settings screen. A 7-day grace period applies, after which all of your data — including profile, posts, comments, likes, routes, bikes, modifications, and follower relationships — is permanently deleted from our servers.

Session Tokens: Cleared from your device when you sign out, or automatically invalidated upon a 401 authentication error.

Cached Route Data: Auto-evicted from your device after 24 hours.

Server Logs and Backups: Server access logs and database backups may be retained for a limited period (typically 30–90 days) for operational and security purposes, after which they are deleted or anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you. Most of your data is accessible directly within the app (profile, settings, passport). • Correct: Update your profile, posts, and settings at any time within the app. • Delete: Delete your account and all associated data (7-day grace period applies). • Export: We plan to implement a data export feature (GET /api/riders/me/export). This is not yet available. • Opt out: Disable non-essential push notifications in Settings > Notifications. • Control visibility: Set your profile to private or require approval for followers in Settings > Privacy.

To exercise rights that are not available in-app, contact us at [email protected].

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at [email protected] and we will delete that information.

Users in certain jurisdictions (e.g., the European Union) must be at least 16 years old to consent to data processing, or have parental consent.

9. International Data Transfers

The Service is operated from the Philippines. Your data may be transferred to and stored on servers located in other countries where our cloud infrastructure and service providers operate. By using the Service, you consent to this transfer.

We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

10. Cookies and Tracking

The RideTayo mobile application does not use cookies. The app does not perform cross-app or cross-site tracking. No advertising identifiers are collected or shared.

If a web-based version of the Service is offered in the future, a separate cookie policy will be provided.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the app or sending an email to your registered address. The "Last Updated" date at the top of this page reflects the most recent revision.

Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

12. Contact Information

For privacy-related questions, requests, or complaints, contact us at:

Email: [email protected] Platform: RideTayo mobile app — Settings > Help & Support