Privacy Policy

Quiver is developed and operated by Allan Noer, a private individual residing in Denmark. Allan Noer is the data controller for all personal data collected through the Quiver mobile application and website (collectively, “the Service”).

You can reach me at allan@noer.biz.

Quiver collects only what is necessary to provide the Service:

• Account data: your email address, used to create and authenticate your account.
• Bike and fleet data: the bikes you add — make, model, type, photo, and odometer readings.
• Component data: the components you track on each bike (chains, cassettes, tyres, brake pads, etc.), including installation dates and your wear thresholds.
• Ride data: rides you log manually, including date, distance, and which bike was ridden.
• Strava connection: if you connect Strava, we store an OAuth access token and refresh token to fetch your ride history on your behalf. We only read ride distance and date — we do not read your Strava profile, followers, segments, or any other Strava data.
• Service log notes: any free-text notes you attach to component replacements or service events.

We do not collect location data, heart rate, power data, or any other fitness or health metrics. We do not use advertising trackers, analytics SDKs, or third-party cookies.

Under the EU General Data Protection Regulation (GDPR), we process your data on the following legal bases:

• Performance of a contract (Article 6(1)(b)): your account, bike, component, and ride data are processed to deliver the core functionality you signed up for.
• Legitimate interest (Article 6(1)(f)): basic server logging (IP address, timestamps) for security and debugging. These logs are retained for at most 30 days.
• Consent (Article 6(1)(a)): connecting your Strava account is entirely optional and requires your explicit approval through the Strava OAuth flow. You can revoke this at any time in the app settings.

Your data is stored on servers located within the European Economic Area. It does not leave the EEA.

Bike photos you upload are stored on the same infrastructure in the EEA.

We retain your data for as long as your account is active. If you delete your account, all personal data — including your profile, bikes, components, rides, and Strava tokens — is permanently deleted within 30 days. Server logs are deleted within 30 days regardless of account status.

We do not sell, rent, or share your personal data with third parties for marketing or commercial purposes.

Your data is accessed only by:

• Strava— only when you initiate a sync; your OAuth token is used to call Strava's API to retrieve your rides.
• Allan Noer — for support and debugging, only when necessary to investigate a reported issue.

You have the following rights regarding your personal data:

• Access: request a copy of all personal data we hold about you.
• Rectification: correct inaccurate data directly in the app, or ask us to correct it.
• Erasure: delete your account from the app settings — this triggers deletion of all your data.
• Portability: request an export of your data in a machine-readable format.
• Object: object to processing based on legitimate interest.
• Withdraw consent: disconnect Strava at any time in the app settings.

To exercise any of these rights, email allan@noer.biz. I will respond within 30 days.

If you believe your data is being handled incorrectly, you have the right to lodge a complaint with the Danish supervisory authority:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
www.datatilsynet.dk

All data in transit is encrypted using TLS. Data at rest is encrypted. Access to the database is restricted so that users can only ever read and write their own data.

Strava OAuth tokens are stored server-side and are never returned in API responses to the app.

Quiver is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please email allan@noer.biz and we will delete it promptly.

If we make material changes to this policy, we will notify you through the app or by email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.