Privacy Policy

Overview

Moterra ("we", "our", or "us") is a motorcycle ride tracking application that prioritizes your privacy. This privacy policy explains how we collect, use, store, and protect your personal information when you use the Moterra mobile app.

By using Moterra, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account with Moterra, we collect:

• Email address (for account authentication and communication)
• User ID (automatically generated to identify your account)
• Authentication method (email/password or Google OAuth)
• Account creation and login timestamps

1.2 Location Data

Moterra is a GPS-based ride tracking app. We collect precise location data, including:

• GPS coordinates (latitude and longitude) collected during active rides
• Speed data (maximum speed recorded during rides)
• Ride timestamps (start time, end time, and last update time)

Important: Location data is only collected when you actively start ride recording. We do not track your location when the app is closed or when you are not recording a ride.

1.3 Motorcycle Information

You can optionally provide information about your motorcycles:

• Bike nickname (e.g., "My Yamaha")
• Make, model, and year (optional)

This information is entirely user-provided and is used to help you organize your rides.

1.4 App Preferences

We store your app settings locally and optionally in the cloud:

• Distance and speed unit preferences (miles/kilometers, mph/km/h)
• Theme preferences (light, dark, or system)
• Screen settings (e.g., keep screen on during rides)
• Country code (for regional settings)
• Explore overlay preferences

1.5 Sync Metadata

For users who opt into cloud sync, we store:

• Last updated timestamps for all data entities
• Deletion markers (to synchronize deletions across devices)

2. How We Use Your Information

We use your information for the following purposes:

2.1 Core App Functionality

• Ride tracking: Recording GPS coordinates and speed during rides
• Ride history: Displaying your past rides, statistics, and maps
• Bike management: Associating rides with specific motorcycles

2.2 Account Management

• Authentication: Verifying your identity when you log in
• Account recovery: Allowing you to reset your password via email
• Communication: Sending important service-related notifications (not marketing)

2.3 Data Synchronization (Optional)

• Multi-device access: Syncing your rides, bikes, and settings across devices (only if you enable cloud sync)
• Backup: Providing cloud backup of your data to prevent data loss

2.4 App Improvement

• Debugging: Using crash reports and error logs to fix bugs (anonymous where possible)
• Analytics: Understanding how users interact with the app to improve features (no personally identifiable data in analytics)

We do NOT:

• Sell your personal information to third parties
• Use your location data for advertising or marketing
• Share your ride data with third parties (except our service providers, as described below)
• Track your location when you're not recording a ride

3. Third-Party Services and Data Storage

Moterra uses the following third-party services to provide functionality:

3.1 Supabase (Authentication Service)

• Purpose: User authentication only (email/password and Google OAuth)
• Data shared: Email address, authentication credentials (hashed), user ID
• Data NOT stored with Supabase: Your ride data, GPS coordinates, bikes, and settings are NOT stored with Supabase
• Data protection: Authentication data is encrypted in transit (HTTPS) and at rest
• Privacy policy: https://supabase.com/privacy

3.2 Private API Server (Data Storage)

• Purpose: Cloud storage and synchronization of your ride data, bikes, and settings
• Location: Currently hosted on a private server (not a third-party cloud provider)
• Data shared: When you enable cloud sync, your rides, bikes, and settings are stored on our private API server
• Data protection: Data is encrypted in transit using HTTPS/TLS
• Access control: Only accessible with valid authentication (via Supabase)
• User control: Cloud sync is optional—you can use Moterra entirely offline without sending data to our server

3.3 OpenStreetMap

• Purpose: Providing map tiles for displaying ride routes
• Data shared: When you view maps, the app requests map images from OpenStreetMap servers. Your IP address may be logged by OpenStreetMap (standard HTTP logging)
• Data NOT shared: We do not send your GPS coordinates or ride data to OpenStreetMap
• Privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

3.4 Google OAuth (Optional)

• Purpose: Alternative authentication method (you can also use email/password)
• Data shared: If you choose to sign in with Google, we receive your email address and Google user ID
• Privacy policy: https://policies.google.com/privacy
• User control: Signing in with Google is entirely optional

4. Data Storage and Security

4.1 Local Storage

• All data is stored locally on your device first (offline-first architecture)
• Local data is stored in the app's protected storage area (Android app data)
• Your device's built-in security protects this data

4.2 Cloud Storage (Optional)

• If you enable cloud sync, your ride data is stored on our private API server
• Authentication is handled by Supabase (separate from ride data storage)
• Data is encrypted in transit using HTTPS/TLS
• Data storage is currently on a private server (not a third-party cloud provider)
• Cloud sync is optional—you can use Moterra entirely offline if you prefer

4.3 Security Measures

• Passwords are hashed and never stored in plain text
• API communication uses HTTPS encryption
• Access to your data requires authentication
• We follow industry best practices for data security

4.4 Beta Testing Disclaimer

Important: Moterra is currently in beta. While we take security seriously, beta software may contain bugs that could lead to data loss or security vulnerabilities. Additionally:

• The API server is currently hosted privately (not enterprise cloud infrastructure)
• Server uptime and availability are not guaranteed during beta
• We recommend not storing sensitive or critical information in the app during beta
• Regularly back up important ride data
• Consider using a non-primary email address if you're concerned about data exposure

5. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

5.1 GDPR Rights (European Users)

• Right to access: You can view all your data within the app
• Right to rectification: You can edit or correct your rides, bikes, and settings
• Right to erasure: You can delete your account and all associated data
• Right to data portability: You can export your rides as JSON data
• Right to withdraw consent: You can delete your account or disable cloud sync at any time
• Right to object: You can object to data processing (by deleting your account)

5.2 CCPA Rights (California Users)

• Right to know: You can request a summary of data we've collected about you
• Right to delete: You can request deletion of your personal information
• Right to opt-out of sale: We do NOT sell personal information, so no opt-out is needed

5.3 How to Exercise Your Rights

• Access your data: Open the app and view your rides, bikes, and settings
• Edit your data: Use the app's built-in editing features
• Delete your account: Go to Profile > Delete Account (this permanently deletes all your data)
• Export your data: Contact us at beta@moterra.app to request a data export
• Other requests: Email us at beta@moterra.app

We will respond to requests within 30 days.

6. Data Retention Policy

6.1 Active Data

• We retain your data as long as you have an active account
• Rides and bikes are stored indefinitely unless you delete them

6.2 Deleted Data

• When you delete a ride or bike, it is "soft deleted" (marked as deleted but retained temporarily for sync purposes)
• Soft-deleted data is permanently removed within 7 days after all devices have synced
• When you delete your account, all data is permanently removed within 30 days

6.3 Inactive Accounts

• We do not automatically delete inactive accounts
• If you want your account deleted, use the in-app "Delete Account" feature

7. Children's Privacy

Moterra is not intended for use by children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us at beta@moterra.app and we will delete the account and data.

8. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements.

8.1 Notification of Changes

• Material changes: We will notify you via email or in-app notification
• Minor changes: We will update the "Last Updated" date at the top of this policy
• Beta updates: During beta testing, this policy may change frequently

8.2 Continued Use

By continuing to use Moterra after changes are posted, you accept the updated privacy policy.

9. Contact Information

If you have questions about this privacy policy or how we handle your data, please contact us:

• Email: beta@moterra.app
• App: Use the "Send Feedback" feature in the Profile screen

Data Protection Officer: [To be determined if required for GDPR]

10. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing your data is:

• Contract performance: Processing account data to provide the sync service you requested
• Legitimate interest: Processing GPS data locally to provide ride tracking (core app functionality)
• Consent: Cloud sync is optional and requires your explicit consent (enabled by creating an account)

11. International Data Transfers

If you are located outside the United States, please note:

• Authentication data: Handled by Supabase, which may store authentication data in the United States or other countries. Supabase complies with applicable data protection laws, including GDPR.
• Ride data: Stored on our private API server, currently located in the United Kingdom. By using cloud sync, you consent to the transfer and storage of your data at this location.