Privacy policy

Ciao Rider is an initiative by Madam Vélo. We are the controller of your personal data and can be reached at info@ciaorider.com.

At sign-up

• Email address and (hashed) password
• First name and last name
• Date of birth — used to verify the 18+ age requirement
• Gender
• Profile photo (required, to build trust between users)
• Role: requester, helper, or both
• Language preference (Dutch or English)

Additional for helpers

• Region (municipality or province)
• Help skills you can offer
• Notification radius in kilometres and the GPS coordinates of your home location — used internally only to match you with nearby requests; never visible to other users

During use

• Help requests: problem type, description and GPS location of the incident
• Messages in 1-on-1 chat after a helper has been accepted
• Responses to requests, reviews and reports

The legal bases under GDPR:

• Performance of the contract (art. 6.1.b) — we need this data to give you an account and to match helpers with requesters.
• Legitimate interest (art. 6.1.f) — platform security, fraud detection and anonymised usage statistics.
• Consent (art. 6.1.a) — for access to your GPS location, uploading your profile photo, and sending app update emails. You can withdraw these consents at any time via your browser or profile settings.

We engage the following processors:

• Supabase — database, authentication and storage of profile photos (EU region)
• Resend — sending transactional emails (notifications) and, if you consented, app update emails
• Vercel — hosting of the web application
• Umami — privacy-friendly web analytics; collects no cookies, no IP addresses and no personal data

We never share your data with third parties for commercial purposes and we do not sell it.

If you consent via your profile settings, we occasionally send you an email with updates about the Ciao Rider app, such as new features. This is entirely optional and off by default.

You can withdraw your consent at any time via the unsubscribe link at the bottom of every email or in your profile. Unsubscribing does not affect transactional emails (such as password reset or account notifications) — those are necessary for your account to work.

• Your first name, last name, profile photo, bio, role and region are visible to other logged-in users.
• Your date of birth, gender and email address are not visible to other users.
• Your home location (helpers) is never visible — it is only used internally for distance-based matching.
• Your GPS location attached to a help request is only shared in the chat after you have accepted a helper.

We use Umami, a privacy-friendly analytics tool that sets no cookies, stores no IP addresses and builds no profiles. We only measure anonymised aggregated statistics: how many people visit which page, from which source, with which type of device. No opt-in is required because no personal data is processed.

• Account data: as long as you have an active account
• Help requests, messages and reviews: as long as your account exists
• If you delete your account: your account is deactivated immediately and all personal data and content (profile, help requests, messages, reviews) is permanently deleted 30 days later. You can cancel during those 30 days by logging in.
• Security logs: 90 days

Under GDPR, you have the right to:

• Access your personal data
• Rectification of incorrect or incomplete data
• Erasure("right to be forgotten")
• Restriction of processing
• Portability — an export of your data
• Objection to processing based on legitimate interest
• Lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be)

To exercise a right: email info@ciaorider.com. We respond within 30 days.

• Encrypted connections (HTTPS)
• Passwords are securely hashed by Supabase Auth — we never see them
• Row Level Security on all database tables: users can only read and modify their own data
• GPS locations have extra protection via separate security rules and are only released in limited, explicitly permitted contexts

If we update our privacy policy, we will notify you via email or an in-app notice before it takes effect.

Questions or concerns? Email info@ciaorider.com.