Skip to main content

Privacy Policy

Last updated: January 19, 2026

RideDat is committed to protecting your privacy in accordance with Vietnam's Decree 13/2023/ND-CP on Personal Data Protection and applicable international standards. This policy explains how we collect, use, store, and protect your personal data. We offer both offline-only and cloud-connected modes, giving you full control over your data.

Data We Collect

RideDat uses Firebase for authentication (Google, Apple, or Email sign-in) and crash reporting. When signed in with cloud sync enabled, your bike information and ride sessions sync to our secure servers. You can use the app completely offline without an account - in this mode, no data leaves your device. We do not use advertising or behavioral tracking.

Personal data we may collect includes: email address, display name, bike MAC addresses, bike nicknames, encrypted bike passwords, and ride session summaries (distance, duration, energy consumption). We do not collect sensitive personal data such as health information, biometric data, political views, or location tracking.

Data Storage

Without an account: Your bike password, preferences, and ride data are stored locally using secure Android storage APIs. With an account (cloud sync enabled): Your bike password is encrypted with AES-256 using a key derived from your account, then stored on our servers to enable multi-device access. Ride sessions and bike metadata also sync to our servers. You can disable cloud sync in Settings at any time. Uninstalling the app deletes all local data; cloud data can be deleted by contacting us.

Data Retention

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes described in this policy. Specifically: Account data (email, display name) is retained until you request deletion. Bike data and ride sessions are retained until you delete them or request account deletion. Crash reports and diagnostic logs are retained for 90 days. Upon account deletion request, we will delete your data within 30 days, except where retention is required by law.

Cross-Border Data Transfer

When you enable cloud sync, your personal data is transferred to and stored on servers located outside Vietnam. Our service providers include: Railway (backend hosting and database, Singapore) and Firebase/Google (authentication and crash reporting, United States). By enabling cloud sync, you explicitly consent to this cross-border transfer of your data to Singapore and the United States. We ensure appropriate safeguards are in place, including HTTPS encryption for all data in transit and encryption at rest. You may withdraw consent at any time by disabling cloud sync in Settings, which will stop future transfers but will not delete previously synced data (you can request deletion separately).

Bike Telemetry

When connected to your bike, RideDat receives real-time telemetry via Bluetooth including battery status, cell voltages, temperatures, and diagnostics. This data is displayed in the app. If you're signed in with cloud sync enabled, ride session summaries (distance, duration, energy used) may sync to our servers. Raw telemetry data stays on your device.

App Permissions

  • Bluetooth: Required to connect to your DatBike via BLE
  • Location: Required by Android for Bluetooth scanning (we do not track, store, or transmit your location)
  • Storage: Optional, only used if you choose to export ride logs

Cloud Services

When signed in, RideDat connects to our backend hosted on Railway (api.ridedat.com) with a PostgreSQL database. Data transmitted includes: your email and display name, bike MAC addresses and nicknames, encrypted bike passwords, and ride session summaries. All connections use HTTPS encryption. Your account and data can be deleted upon request.

Third-Party Services

RideDat uses: Firebase (Google, USA) for authentication and crash reporting; Railway (Singapore) for our backend API and database. These providers process data on our behalf under contractual obligations to protect your data. We do not use advertising services or behavioral tracking. Optional features like leaderboards require opting in to share your stats publicly.

Your Rights

Under Vietnam's Decree 13/2023/ND-CP and applicable data protection laws, you have the following rights regarding your personal data:

  • 1.Right to Know: You may request information about what personal data we collect and how it is processed.
  • 2.Right to Consent: We will obtain your consent before collecting or processing your personal data, except where permitted by law.
  • 3.Right to Access: You may request a copy of your personal data that we hold.
  • 4.Right to Withdraw Consent: You may withdraw your consent at any time by disabling cloud sync or deleting your account.
  • 5.Right to Delete: You may request deletion of your personal data. We will comply within 30 days.
  • 6.Right to Restrict Processing: You may request that we limit how we use your data.
  • 7.Right to Data Portability: You may request your data in a structured, commonly used format.
  • 8.Right to Object: You may object to certain types of data processing.
  • 9.Right to Complain: You may file a complaint with Vietnam's Ministry of Public Security, Department of Cybersecurity and Hi-tech Crime Prevention, or other competent authorities.
  • 10.Right to Compensation: You may claim compensation if you suffer damages due to violations of data protection regulations.
  • 11.Right to Self-Defense: You may take lawful measures to protect your personal data rights.

To exercise any of these rights, please contact us via Discord, GitHub, or email. We will respond to your request within 30 days. For complaints to Vietnamese authorities, contact the Department of Cybersecurity and Hi-tech Crime Prevention under the Ministry of Public Security.

Feedback & Bug Reports

When you submit feedback through the app, we may collect diagnostic information including app version, device model, and relevant error logs to help resolve issues. This data is only used for debugging and is not shared with third parties.

Children's Privacy

RideDat is not directed at children under 13. We do not knowingly collect any information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us to request deletion.

Legal Basis for Processing

We process your personal data based on: (1) Your explicit consent when enabling cloud sync or creating an account; (2) Performance of our service contract with you; (3) Our legitimate interests in improving our services and preventing fraud, provided these do not override your data protection rights. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. Significant changes will be announced in the app and may require renewed consent. We encourage you to review this policy periodically.

Vietnam-Specific Provisions

This privacy policy complies with Vietnam's Decree 13/2023/ND-CP on Personal Data Protection. As a data controller, Ca Phe Digital is responsible for the processing of your personal data. We have implemented appropriate technical and organizational measures to protect your data. For Vietnamese citizens, cross-border transfer of your data requires your explicit consent, which you provide when enabling cloud sync. You may withdraw this consent at any time.

Contact Us

If you have questions about this privacy policy, want to exercise your data protection rights, request data deletion, or have concerns about RideDat's privacy practices, please contact us via Discord or open an issue on our GitHub repository. For complaints regarding personal data protection in Vietnam, you may also contact the Department of Cybersecurity and Hi-tech Crime Prevention under the Ministry of Public Security.

Privacy Policy - RideDat