Privacy Policy for The Bike Mechanic

Last Updated: November 11, 2025

1. Controller Information

This privacy policy is issued by K-Interactive EURL, the data controller responsible for your personal data.

Company: K-Interactive EURL

Address: 14 rue Youenn Drezen, 29000 Quimper, France

Email: privacy@themechanic.bike

Data Protection Officer: privacy@themechanic.bike

2. Introduction

K-Interactive EURL, operating The Bike Mechanic app ("we," "our," or "us") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable European privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use The Bike Mechanic mobile application and services.

3. Personal Data We Process

3.1 Data We Collect and Store

Email Address

  • Purpose: Account creation, service communications, receipts, customer support
  • Legal Basis: Contract performance (Article 6(1)(b) GDPR)
  • Retention: Until account deletion or 3 years after last activity

3.2 Data We Do Not Store

  • Payment Information: Credit card details, CVV codes, and complete billing addresses are processed directly by our payment processor Stripe and are not stored on our systems
  • Billing Address: Transmitted directly to Stripe for payment verification

3.3 Data We Receive from Stripe

  • Last four digits of payment card
  • Transaction status and amount
  • General location (country) for fraud prevention
  • Legal Basis: Contract performance (Article 6(1)(b) GDPR)
  • Retention: 7 years for accounting and legal obligations

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance (Article 6(1)(b)): To provide our bike mechanic services
  • Legal Obligation (Article 6(1)(c)): To comply with accounting, tax, and other legal requirements
  • Legitimate Interest (Article 6(1)(f)): To improve our services and prevent fraud

5. How We Use Your Personal Data

We use your personal data to:

  • Create and manage your account in The Bike Mechanic app
  • Process and fulfill bike service bookings
  • Send service-related communications and receipts
  • Provide customer support for The Bike Mechanic services
  • Comply with legal and regulatory obligations
  • Improve our application and services (based on legitimate interest)
  • Prevent fraud and ensure security (based on legitimate interest)

6. Data Sharing and Recipients

6.1 Third-Party Processors

  • Stripe, Inc. (Payment processing) - operates under EU-US Data Privacy Framework
  • Cloud service providers (if applicable) - all within EU or with adequate protections

6.2 Legal Disclosures

We may disclose personal data when required by law or to:

  • Comply with legal process or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats

6.3 International Transfers

Any transfers of personal data outside the EU are protected by:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework certification

7. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

8. Data Retention

Data Type Retention Period Legal Basis
Email address Until account deletion or 3 years after last activity Contract performance
Transaction records7 yearsLegal obligation (accounting law)
Support communications3 years after resolutionLegitimate interest

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

Request confirmation of processing and a copy of your personal data

9.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data

9.3 Right to Erasure (Article 17)

Request deletion of your personal data (with certain exceptions)

9.4 Right to Restrict Processing (Article 18)

Limit how we use your personal data in certain circumstances

9.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

9.6 Right to Object (Article 21)

Object to processing based on legitimate interest

9.7 Right to Withdraw Consent

Where processing is based on consent, withdraw it at any time

9.8 How to Exercise Your Rights

Contact us at: privacy@themechanic.bike

We will respond within one month of receiving your request.

10. Complaints

You have the right to lodge a complaint with a supervisory authority:

  • France: Commission Nationale de l'Informatique et des Libertés (CNIL) - www.cnil.fr
  • Your EU country: Contact your local data protection authority

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

12. Children's Privacy

Our services are not intended for children under 16 years of age (or the minimum age in your EU country). We do not knowingly collect personal data from children.

13. Cookies and Local Storage

13.1 Essential Cookies

We use strictly necessary cookies and local storage to:

  • Authentication tokens: Store your login session to keep you signed in
  • Session management: Maintain your logged-in state across app sessions

13.2 Cookie Details

Cookie/Storage Type PurposeDurationLegal Basis
Authentication tokenUser session managementUntil logout or expiry Contract performance (Article 6(1)(b))

13.3 Your Cookie Choices

  • Essential cookies: Cannot be disabled as they are necessary for the app to function
  • No tracking cookies: We do not use analytics, advertising, or tracking cookies
  • Browser controls: You can clear cookies through your device settings, but this will log you out

These cookies are essential for the basic functionality of our service and do not require separate consent under GDPR as they are strictly necessary for the service you have requested.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Notify you of material changes via email or app notification
  • Post the updated policy with a new "Last Updated" date
  • Obtain your consent for changes that require it under GDPR

15. Third-Party Services

15.1 Stripe Payment Processing

Stripe, Inc. processes payments on our behalf and is certified under the EU-US Data Privacy Framework. Their data practices are governed by their Privacy Policy at https://stripe.com/privacy.

16. Contact Information

Data Controller: K-Interactive EURL

Address: 14 rue Youenn Drezen, 29000 Quimper, France

Email: privacy@themechanic.bike

Data Protection Officer: privacy@themechanic.bike

For data protection inquiries, please contact us at privacy@themechanic.bike. We are committed to resolving any concerns promptly and transparently.