Legal

Privacy Policy

Last updated: 1 January 2026

1. Who we are

Tim Schaefer ("RYDN", "we", "us", or "our") operates the RYDN indoor cycling platform available at rydn.io and through the RYDN desktop application. This policy explains how we collect, use, and protect your personal data.

If you have any questions about this policy or about how we handle your data, contact us at contact@rydn.io.

2. Data we collect

We collect the following information when you use RYDN:

  • Account information — your email address and password (stored as a secure hash) when you register.
  • Subscription data — billing status and subscription tier managed through our payment processor. We do not store full card numbers.
  • Ride and workout data — power output, cadence, duration, and workout selections recorded during sessions on your device. This data is stored locally and, where you choose to sync, on our servers.
  • Device information — operating system, application version, and anonymised diagnostic data used to identify and fix bugs.
  • Usage data — feature interactions and session frequency, collected in aggregate to improve the product.

3. How we use your data

We use the data we collect solely to:

  • Create and maintain your account.
  • Provide and improve the RYDN service.
  • Send transactional emails (account confirmation, billing receipts, password resets). We do not send marketing email without your explicit opt-in.
  • Detect and resolve technical issues.
  • Comply with legal obligations.

We do not sell your personal data to third parties, ever.

4. Third-party services

RYDN uses the following third-party services to operate:

  • AWS Cognito — authentication and user management. Your email and credentials are stored securely within AWS infrastructure. See AWS Privacy Notice.
  • Payment processor — subscription billing. Your payment details are handled entirely by our processor and are never stored on RYDN servers.

5. Data retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g. billing records, which we keep for 7 years).

6. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Receive your data in a portable format.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at contact@rydn.io. We will respond within 30 days.

7. Security

We use industry-standard measures to protect your data, including encrypted connections (TLS), hashed credential storage, and access controls limiting who within our team can access user data. No system is perfectly secure; if you suspect your account has been compromised, contact us immediately.

8. Cookies

The RYDN website uses a minimal set of cookies strictly necessary for authentication (session tokens) and security (CSRF protection). We do not use advertising or tracking cookies. No cookie consent banner is shown because we only use essential cookies.

9. Children

RYDN is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the application. The "Last updated" date at the top of this page will always reflect the current version.

11. Contact

For privacy-related questions or data requests, contact us at contact@rydn.io.