BikeQuestHome

BikeQuest legal

Privacy Policy

Last updated: June 20, 2026

This policy explains what personal data BikeQuest uses to run accounts, quests, badge unlocks, payments, and support.

1. Controller

BikeQuest is operated by Alexis Mouville EI, micro-enterprise, SIREN 101 626 927. Alexis Mouville is the data controller for the app data described here. Privacy requests can be sent to alexis.mouville@gmail.com.

2. Data we collect

  • Account data, including email address, authentication identifiers, and login events.
  • Profile data, including username, riding styles, preferred language, and optional profile photo.
  • Quest data, including selected quests, unlocked badges, submissions, proof image files, filenames, file type, hashes, validation status, AI summaries, and missing evidence notes.
  • Payment data, including Stripe customer, checkout session, payment intent, price, and purchase status identifiers.
  • Technical data needed for security, rate limiting, debugging, and service operation.

3. Why we use it

  • To create accounts, authenticate riders, and keep profiles available.
  • To provide quests, validate proof images, unlock badges, and prevent duplicate or abusive submissions.
  • To process one-time access payments and keep purchase records.
  • To answer support requests, debug errors, secure the app, and comply with legal obligations.

4. Legal bases

BikeQuest uses data to perform the service contract with you, comply with legal obligations, protect the app through legitimate interests such as security and fraud prevention, and ask for consent where consent is required, such as non-essential cookies or marketing.

5. Processors and recipients

  • Supabase provides authentication, database, and storage infrastructure.
  • Stripe processes checkout and payment events.
  • OpenAI may process proof image content and validation prompts when automated proof validation is enabled.
  • Vercel hosts and serves the web application.
  • BikeQuest admins may review submissions and support requests.

6. International transfers

Some providers, including Supabase, Stripe, OpenAI, and Vercel, may process data outside France or outside the European Economic Area. Where required, BikeQuest relies on provider safeguards such as contractual transfer terms. Exact production regions should be confirmed before public launch.

7. Retention

Account, profile, quest, and badge data are kept while your account is active. Proof images and validation metadata are kept while needed to validate badges, handle disputes, prevent abuse, and maintain your collection. When an account is deleted, BikeQuest aims to delete or anonymize app content within 30 days unless it must be kept for legal, tax, accounting, dispute, or fraud-prevention reasons. Payment and accounting records may be kept for up to 10 years. Technical security logs may be kept for up to 12 months.

8. Your rights

Depending on where you live, you can ask to access, correct, export, delete, restrict, or object to the use of your personal data. You can also withdraw consent where processing is based on consent. If you are in France or the EU, you can complain to the CNIL or your local data protection authority.

9. Cookies

BikeQuest should only use essential cookies or similar storage for login, security, checkout, language preference, and app operation unless a consent flow is added. If analytics, advertising, or marketing cookies are added, this policy and the cookie consent flow must be updated first.

10. Children

BikeQuest is not designed for children. Minimum age and parental consent rules must be finalized before public launch based on the countries where the app is offered.

TermsPrivacyLegal notice