1) What we collect
We collect only what we need to operate Apex250:
- Account & profile: username (rider name), country and board type (user data you select), and login details (passwords are stored hashed — never as plain text).
- Run data (telemetry): precise GPS location track points (route), timing, speed, distance and related run statistics, plus basic technical info needed to process uploads (e.g., timestamps and file identifiers). We collect this while tracking is enabled in the app.
- Location permissions: the app may request access to your precise location. If you allow background location (e.g., “Always” on iOS), tracking can continue while the screen is off.
- Debug telemetry (optional): if enabled in the app, we may receive additional telemetry for failed runs to help troubleshoot issues. Debug uploads do not appear on the public leaderboard. If you enable this, you can disable it again in the app.
- Website technical data: basic server logs (IP address, user agent, request time) for security and reliability, and session/cookie data required for login.
2) Why we collect it
We use your data to:
- Authenticate users and manage accounts
- Process uploads and calculate results
- Show leaderboards and rider/run pages
- Improve accuracy and stability (including optional debug telemetry)
- Prevent abuse and keep the service secure
3) Public vs private information
- The leaderboard and rider pages are public and may show rider name, country, board type, and best time(s).
- Run pages may show a map/track and run statistics. If you upload runs, you understand the route may reveal where you rode.
If you want your account or runs removed, contact us (see “Contact”).
4) Legal basis (GDPR)
Where applicable, we process data based on:
- Performance of a contract (providing the service you request)
- Legitimate interests (security, fraud prevention, service improvement)
- Consent (only where required, e.g., optional debug telemetry settings)
5) Sharing your data
We do not sell personal data.
Hosting & data location: The Apex250 backend runs on a server managed by us and physically hosted in a TransIP (Netherlands) data center. This means your data is stored in the Netherlands (EU). TransIP provides the hosting infrastructure; they may have limited access only as required to operate and maintain the infrastructure.
We may share limited data with service providers needed to run the platform (e.g., hosting infrastructure, email delivery for support). These providers only process data on our instructions.
6) Data retention
- We keep account and run data as long as your account remains active, or as needed to operate the service.
- Debug telemetry (if enabled) may be retained for up to 90 days for troubleshooting, then deleted/aggregated.
7) Security
We take reasonable measures to protect your data (access controls, secure storage, and standard web security practices). No system is 100% secure, but we work to reduce risk.
8) Your rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your data. To exercise these rights, contact us.
If you are in the EU/EEA, you may also lodge a complaint with your local data protection authority.
9) Children
Apex250 is not intended for children under 13. If you believe a child has provided data, contact us to remove it.
10) Changes
We may update this policy occasionally. The “Last updated” date will change when we do.