We built KOMRIDER with a local-first approach. Many route, workout, GPX, Strava import, and activity files stay on your own computer and are not uploaded to the KOMRIDER backend unless a feature clearly requires it.
This Privacy Policy explains which personal data we process, why we process it, where it is stored, which third-party services may be involved, and which rights you have under Swiss data protection law and, where applicable, the EU GDPR.
If anything is unclear, contact us at info@komrider.com.
1. Controller
The controller for your personal data is:
Markus Wilhelm, trading as KOMRIDER
Hauptgasse 15
CH-3280 Murten
Switzerland
Email: info@komrider.com
2. Scope and applicable law
This Privacy Policy applies to the KOMRIDER website, the KOMRIDER desktop app, KOMRIDER accounts, subscriptions, support, route and workout features, Strava integrations, and related online services.
KOMRIDER is operated from Switzerland. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP/DSG). If you are located in the European Union or European Economic Area, the EU General Data Protection Regulation (GDPR/DSGVO) may also apply.
3. Local-first data handling
KOMRIDER separates local app data from cloud data. The desktop app uses local storage for many training and runtime flows. Normal user GPX uploads, imported Strava routes, route files, workout files, and activity exports are intended to remain on your device unless you actively use a feature that transmits them.
KOMRIDER catalogue routes, catalogue workouts, route resources, segment resources, and training plans provided by KOMRIDER are product content. They are not treated as user-owned uploaded content merely because you access or ride them.
4. Data we process
The exact data depends on which features you use. The following overview describes the main categories and storage locations.
| Category | Examples | Main storage | Purpose |
|---|---|---|---|
| Account and login data | Email address, password hash, user ID, profile name, authentication status | KOMRIDER backend | Create and secure your account, authenticate requests, provide paid features |
| Subscription data | Plan, subscription status, renewal status, customer and transaction references | KOMRIDER backend and payment provider | Manage access, invoices, cancellations, and entitlement checks |
| Payment data | Payment method details, billing events, fraud checks | Payment provider | Process payments. KOMRIDER does not store full card details |
| Rewards and account progress | Current points, reward events, achievement progress linked to your account | KOMRIDER backend | Provide reward features and account progress |
| Local app data | GPX uploads, local routes, route geometry, workout files, local training data, local activity exports | Your device / local app storage | Run the desktop app, simulate routes, execute workouts, keep your local training history |
| Activities and training metrics | Distance, duration, speed, power, heart rate, elevation, timestamps, session summaries | Usually local app storage; selected account metadata may be stored in the backend | Display completed activities, calculate progress, support subscriptions and rewards where enabled |
| Strava connection | Connection status, OAuth tokens, athlete ID, imported routes or activities | Primarily local app storage today; backend storage may be used for server-side disconnect and entitlement management | Connect to Strava, import or upload selected activities, disconnect access when requested or required |
| Map and route processing | Coordinates, route points, elevation profiles, map-matching requests | Local app storage; route coordinates may be sent to our backend and map providers for processing | Display maps, snap GPX routes to roads, improve route simulation and elevation handling |
| AI workout requests | Prompt text and training context you submit to generate a workout | Sent to AI provider for generation; KOMRIDER does not currently store AI prompts, draft metadata, accepted-workout metadata, or training-plan instances as account records | Generate the workout or recommendation you requested |
| Support | Email address, message content, support correspondence | KOMRIDER backend and communication providers | Respond to support requests and handle related follow-up communication |
| Technical data | IP address, device type, browser, operating system, app version, server logs, error logs | KOMRIDER backend, hosting, and infrastructure providers | Operate, secure, debug, and improve KOMRIDER |
5. Legal bases
Where the GDPR applies, we rely on the following legal bases:
- Contract performance, Article 6(1)(b) GDPR: account access, subscriptions, app functionality, support, Strava connection, and requested route or workout features.
- Legal obligations, Article 6(1)(c) GDPR: accounting, tax, and legally required records.
- Legitimate interests, Article 6(1)(f) GDPR: security, abuse prevention, debugging, service reliability, and product improvement.
- Consent, Article 6(1)(a) GDPR: optional communications, optional integrations, and other features where we explicitly ask for consent. You can withdraw consent at any time with effect for the future.
Training and fitness data can be sensitive depending on context. Please do not submit health information, diagnoses, or other sensitive details unless a feature clearly requires it and you want that information to be processed.
6. Recipients and third-party services
We only share personal data where this is necessary for the service, where you ask us to do so, or where we are legally required to do so. We do not sell personal data.
- Hosting and infrastructure providers help us operate the website and backend.
- Payment providers, such as Stripe, process subscriptions and payments.
- Strava receives and provides data when you connect your Strava account and use Strava features.
- Map and routing providers, such as Mapbox or equivalent routing services, may process coordinates for maps, routing, elevation, or map matching.
- AI providers process the prompt and training context needed to generate requested workouts or recommendations.
- Email and support providers may process messages that you send to us.
- Authorities or courts may receive data if we are legally obliged to disclose it.
7. International transfers
KOMRIDER is based in Switzerland. The European Commission recognises Switzerland as providing an adequate level of data protection. Some third-party providers may process data in the EU/EEA, Switzerland, the United States, or other countries.
Where data is transferred to a country without an adequacy decision, we rely on appropriate safeguards such as standard contractual clauses, recognised data protection frameworks, or another lawful transfer mechanism.
8. AI features
KOMRIDER may use third-party AI providers to generate workouts, training suggestions, or related recommendations. Only the information needed for the requested generation is transmitted. We do not intentionally transmit payment data or account passwords to AI providers.
Do not include personal data, health information, or sensitive information in AI prompts unless it is necessary for the requested result. AI-generated workouts and plans are KOMRIDER product output and may require manual review before use.
9. Retention
- Account data is kept while your account exists and is deleted or anonymised after account deletion unless legal obligations require longer retention.
- Subscription and billing records are kept as long as required for contractual, accounting, tax, and legal purposes.
- Local app data remains on your device until you delete it in the app, remove the local files, or uninstall/delete the app data.
- Server logs are generally kept only as long as needed for security, debugging, and operation, and normally no longer than 12 months.
- Backups may retain deleted backend data for a limited period, normally no longer than 6 months, before they are overwritten or deleted.
- Strava connection data is kept only as long as required to maintain the connection, comply with your request, or revoke access when the connection or entitlement ends.
- Support correspondence is kept as long as needed to process your request, resolve follow-up questions, and comply with legal obligations.
10. Your rights
Depending on your location and the applicable law, you may have the right to:
- Request access to your personal data and receive a copy.
- Request correction of inaccurate or incomplete personal data.
- Request deletion of personal data where the legal requirements are met.
- Request restriction of processing.
- Object to processing based on legitimate interests.
- Receive personal data that you provided to us in a structured, commonly used, machine-readable format where data portability applies.
- Withdraw consent at any time with effect for the future.
- Lodge a complaint with a competent data protection authority.
To exercise your rights, contact info@komrider.com. We may need to verify your identity before responding.
11. Export and deletion
You can request account deletion or a copy of your personal data by contacting info@komrider.com. If self-service tools are available in the app or account area, you can also use those tools.
Data export covers personal data that is linked to your account and subject to export rights, such as account data, subscription status, rewards or points, and server-side activity or user metadata where available. It does not include KOMRIDER catalogue content, KOMRIDER-owned routes, KOMRIDER training plans, or product-generated workout files that are not stored as your personal account data.
Local GPX uploads, local routes, local Strava imports, local workout files, and local activity exports remain on your device. Deleting your KOMRIDER account does not automatically delete files stored only on your device. You can remove those files in the app or from your local storage.
12. Security
We use appropriate technical and organisational measures to protect personal data, including encrypted transport, password hashing, access controls, and restricted operational access. No system is perfectly secure, but we keep the amount of backend data limited and avoid collecting data we do not need.
13. Children
KOMRIDER is not intended for children under 16. We do not knowingly collect personal data from children under 16.
14. Changes
We may update this Privacy Policy from time to time. Significant changes will be announced in the app, on the website, or by email where appropriate. The latest version is always available at https://www.komrider.com/legal/privacy.
15. Contact
If you have questions or want to exercise your rights, contact: info@komrider.com