Privacy

Privacy Policy.

Last updated: 27 May 2026 · Version 1.2

Who we are

Aegis Riders ("we", "us") is a closed-beta rider-intelligence platform operated from the United Kingdom. For the purposes of UK GDPR and EU GDPR, we are the data controller for personal data processed through this website (aegisriders.com) and the Aegis Riders app.

Aegis Riders is operated by Aegis Rider Technologies Ltd, a company registered in England and Wales under company number 17238393, whose registered address is 33 Ash Hill Road, Aldershot, United Kingdom, GU12 6AD.

Contact our data protection point of contact at privacy@aegisriders.com or hello@aegisriders.com.

What we deliberately do not collect

Rider safety and bike security are core to Aegis, so we are intentionally restrictive about location data that could link a rider to a specific bike at a specific address:

  • No home address. We do not ask for, store or infer your home address. "Home region" in your profile is a broad area (e.g. "South East", "Scotland") — never a street, postcode or pin.
  • No bike ↔ address linkage. Your garage (the bikes on your profile) is never tied to a home address or precise coordinate in our database. There is no field, derived or otherwise, that maps a specific bike to where it is parked overnight.
  • Ride traces are trimmed. When you record a ride, we apply start/end privacy trimming so the exact start and end coordinates of a ride are not exposed to other riders on shared rides or routes. You can also mark a ride as private so its trace is not visible to anyone but you.
  • No continuous background tracking.We do not stream your location to our servers in the background. Location is only sent off-device for the specific cases listed above (recording a ride, submitting a hazard/route, or loading a map tile).

The goal is simple: nothing in Aegis should make it easier for a thief to work out which bike lives at which address.

What personal data we collect and how we use it

Via this website

  • Early access submissions — your first name, email, the rider/builder/partner/investor type you identify with, the UK/Ireland region you ride from, optional interest tags (e.g. routes, hazards, clubs) and any free-text note you choose to share. We use this to manage early-access requests, understand the types of riders and partners interested in Aegis, contact you about your request and improve the product.
  • Marketing attribution — when you submit the onboarding flow, we also record the page you signed up from, the referring URL your browser sends (e.g. instagram.com, google.com), and any campaign tags (utm_source, utm_medium, utm_campaign) present in the link you clicked. We use this only to understand which channels bring riders to Aegis.
  • Technical data — your browser user agent and submission timestamp, used to operate the website, understand basic engagement with the early-access form, prevent spam and abuse, troubleshoot errors and keep the service secure.

Via the Aegis Riders app

  • Account data — email, password hash, display name, sign-in method (e.g. Google). Used to create and manage your account, authenticate you, secure your account, prevent unauthorised access, provide account-related support and send essential service communications.
  • Rider profile — riding style, bike(s), home region, bio. Used to personalise your app experience, show relevant rider features, help you manage your garage and profile, support clubs and community features, and improve recommendations such as routes, rides, hazards and events.
  • Location data — where you opt in, used to provide location-based features such as nearby routes, hazards, clubs, meetups, map views, ride context and local rider intelligence. Your last known pin is cached locally on your device and is not continuously streamed to our servers. Precise coordinates are sent to our servers and/or third parties in specific cases: (a) when you record a ride, the full GPS trace is uploaded and stored against your account; (b) when you submit a hazard report or save a route, the coordinates of that point/route are uploaded; (c) whenever a map tile, route or place search loads, the relevant coordinates are sent to Google Maps Platform to render it. Treat any feature that shows a map or records a ride as sending location data off-device.
  • Maps and geocoding — used to display maps, load map areas, convert coordinates into place or road information, support route planning, show nearby hazards or events and help you understand ride context. Map providers may receive coordinates or map viewport data when maps are loaded.
  • Ride telemetry — GPS traces, distance, duration, speeds (only for rides you choose to record). Used to record and display your rides, calculate ride statistics, generate ride maps, support saved routes, enable sharing where you choose to share and maintain ride-recording reliability.
  • User-generated content — hazard reports, club memberships, meet RSVPs, saved routes, posts, photos and related interactions. Used to provide community and safety features. We may display this content to other users according to the feature and your settings, use it to operate and moderate the service, investigate misuse and keep rider-facing information accurate.
  • AI / Copilot interactions — used to generate AI-assisted responses, provide route, hazard, riding, maintenance or app-related assistance, improve the relevance and safety of Copilot responses, troubleshoot the feature and prevent misuse. Where needed, we send your messages and relevant app context to our AI providers to generate a response.
  • Usage analytics — page views and feature events, only if you opt in, pseudonymous via a random session ID. Used to understand how people use the app, measure feature performance, identify bugs or confusing flows, improve reliability and usability, and decide which beta features to prioritise.
  • Technical data — IP address, browser/device type, timestamps, held for up to 30 days in standard server logs. Used to operate the app and backend services, maintain security, detect and prevent fraud, abuse and unauthorised access, troubleshoot errors, investigate incidents, monitor service performance and comply with lawful requests where required.

Lawful basis (UK GDPR Art. 6)

  • Contract — to provide the app to you (account, garage, rides, saved routes).
  • Consent — early access signup, location personalisation, analytics, marketing communications. You can withdraw at any time.
  • Legitimate interests — security, fraud prevention, basic service operation, and measuring which marketing channels (e.g. Instagram, Facebook, Google, newsletters) bring riders to Aegis so we can focus our effort. You can object at any time by emailing privacy@aegisriders.com.
  • Legal obligation — responding to lawful requests from regulators or law enforcement.

Who can see your data inside the community

Aegis is a social platform, so some of what you do is visible to other riders. You control what you post; you do not control what other riders then do with what they can see. Depending on your privacy settings and the feature, other users may see:

  • Other riders — your display name, public profile, public ride posts, hazard reports, shared routes, photos and any content you publish to the feed, plus any approximate or precise locations attached to that content.
  • Club admins — if you join a club, that club's admins/moderators can see your display name, profile, membership status, RSVPs to that club's meets and any content you post inside the club.
  • Meet organisers — when you RSVP to a meet, the organiser sees your display name and RSVP status.
  • Private by default — your email, password, raw GPS traces of unpublished rides, Copilot chats and any ride you mark private are not visible to other riders.

You can leave a club, delete a post, or delete your account at any time from Settings.

Who we share with (sub-processors)

  • Supabase — database & auth, EU region.
  • Cloudflare — hosting / edge runtime.
  • Resend — transactional email delivery (early access confirmations, app notifications).
  • Google Maps Platform — mapping & geocoding within the app. Receives coordinates when you load maps, search for places or render a route.
  • OpenAI & Google AI — Copilot LLM responses within the app. Receives your chat messages and any context you attach.

Some providers may process personal data outside the UK/EEA, including in the United States. Where we make restricted transfers, we rely on adequacy regulations where available, or appropriate safeguards such as the UK International Data Transfer Addendum (IDTA) and/or EU Standard Contractual Clauses (SCCs). You can request more information by emailing privacy@aegisriders.com. We do not sell your data or share it with third parties for marketing.

AI features

Copilot is an AI-assisted feature. When you use it, we send your messages and relevant app context (such as route or hazard information) to our AI providers to generate a response. Under those API terms, inputs and outputs are not used by OpenAI or Google to train their general foundation models. Providers may retain prompts for a short period for abuse monitoring before deletion. We do not fine-tune any model on your personal data, and we do not sell your prompts.

Copilot is advisory only and should not be relied on for emergency, legal, mechanical, medical, or road-safety decisions. Do not paste data into Copilot that you would not want to leave your device.

Retention

  • Early access submissions — until you ask us to delete them or the early access programme closes.
  • Account data — until you delete your account.
  • Ride telemetry & user content — until you delete it or your account.
  • Analytics events — 13 months.
  • Server logs — 30 days.

Your rights

Under UK and EU GDPR you have the right to:

  • Access a copy of your data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Erase your data (Art. 17) — in the app, see Settings → Delete account.
  • Restrict or object to processing (Art. 18, 21).
  • Data portability (Art. 20) — in the app, see Settings → Export my data.
  • Withdraw consent at any time (does not affect prior processing). You can withdraw consent for location personalisation and analytics in Settings → Privacy.
  • Complain to the UK ICO (ico.org.uk) or your local EU supervisory authority.

To exercise any of these rights against data held by this website, email privacy@aegisriders.com.

Security

Data is encrypted in transit (TLS) and at rest. Database access is gated by row-level security policies tied to your authenticated user ID. Passwords are checked against the Have I Been Pwned database to block known-breached credentials.

Children

Aegis is not directed at people under 16, and we do not knowingly allow users under 16 to create accounts. Do not use the website or the app if you are under 16. If we learn that a user is under 16, we will delete or restrict the account. If you believe a child has provided us with personal data, contact us at privacy@aegisriders.com.

Changes

When we change this policy materially we will re-prompt you for consent and bump the version above.