Log in Try for free

Privacy Policy

Version: 2.0 — Effective date: 10/06/2026

Key points

  • rydrway is the controller of your personal data.
  • Data processed: account, road trips (including GPS coordinates), community, payments, technical logs.
  • Purposes: service delivery, security, support, billing, AI-assisted generation.
  • Main processors: Stripe, GraphHopper, Google (sign-in/reCAPTCHA), configured AI providers, OVH.
  • GDPR rights: access, rectification, erasure, objection, restriction, portability — privacy@rydrway.com.

1. Data controller

The company (« rydrway », « we ») acts as data controller for personal data collected via the rydrway website and application.

  • Legal form: Sole proprietorship (Entreprise Individuelle)
  • Registered office: 47 rue Vivienne, 75002 Paris, France
  • SIRET / SIREN: 43175360700024
  • Privacy / GDPR contact: privacy@rydrway.com
  • General support: support@rydrway.com

rydrway has not appointed a Data Protection Officer (DPO). Privacy requests are handled at privacy@rydrway.com.

Use of the Service is also governed by the Terms of Use and, where applicable, the Terms of Sale.

2. Scope and minors

This policy applies to website visitors, registered users and paying customers.

The Service is for adults (18+) only. rydrway does not knowingly collect data from minors. Contact privacy@rydrway.com if you believe a minor has provided data.

3. Categories of data processed

3.1 Account and identity data

  • identity (name if provided);
  • contact details (email address);
  • login credentials (hashed password);
  • Google sign-in (Google ID, verified email, avatar if provided);
  • user role, verification status, language and UI preferences;
  • referral code and referral history where applicable.

3.2 Usage, content and location data

  • road trips: title, description, stages, addresses, geographic coordinates, route preferences;
  • vehicle and navigation preferences;
  • community data: friendships, invitations, comments, likes, favorites, shared content;
  • prompts and parameters sent to the AI generator;
  • support tickets (subject, message, contact email);
  • invitee emails in the referral program.

Route coordinates may reveal travel patterns. They are not public by default unless you use sharing features.

3.3 Technical, security and transactional data

  • IP address, security logs, connection timestamps;
  • device type, OS, browser, technical identifiers;
  • payment and subscription data: Stripe IDs, status, amounts, currency (rydrway does not store full card numbers);
  • anti-bot tokens (reCAPTCHA) where applicable;
  • strictly necessary cookies and local storage (session, preferences).

4. Purposes and legal bases (GDPR Art. 6)

  • Contract performance (Art. 6.1.b): account, route planning, exports, community, support, subscriptions and credits.
  • Legal obligation (Art. 6.1.c): accounting, tax retention, regulatory requests, disputes.
  • Legitimate interest (Art. 6.1.f): platform security, fraud prevention, service improvement, aggregated internal analytics, referral/loyalty, subject to your rights.
  • Consent (Art. 6.1.a): non-essential cookies, marketing communications where applicable.

5. AI features

When you use the AI generator, rydrway sends the information needed for generation to the configured provider (e.g. Google Gemini or compatible API): your prompt, road trip preferences, geographic or vehicle constraints, and minimal technical context.

  • Purpose: assisted route or content suggestions.
  • Legal basis: contract performance and/or legitimate interest.
  • Important: do not include sensitive or unnecessary third-party data in prompts.

rydrway does not make solely automated decisions with legal or similar significant effects under GDPR Art. 22. AI suggestions require your validation.

AI providers may process data outside the EEA; see section 7.

6. Recipients and processors

Your data is accessible to authorised rydrway teams and our processors acting on documented instructions, including:

  • Stripe — payments, subscriptions, billing;
  • OpenStreetMap — map data;
  • Google — OAuth sign-in, reCAPTCHA (anti-fraud), and where applicable (AI);
  • Email providers (SMTP) — notifications, invitations, support;
  • OVH — infrastructure hosting.

Processors use your data only to provide their services to rydrway, under data protection agreements.

7. Transfers outside the European Economic Area

Some processors (notably Stripe, Google) may process data in the United States or other third countries.

In such cases, rydrway implements appropriate safeguards, including Standard Contractual Clauses of the European Commission or equivalent recognised mechanisms, supplemented where necessary by technical and organisational measures.

8. Retention periods

  • Active account: for the duration of Service use.
  • Deleted account: erasure or anonymization within 30 days, except legal obligations or documented legitimate interest (dispute, security).
  • Billing/accounting: 10 years from fiscal year-end (French accounting obligations).
  • Security logs: up to 12 months, unless extended for incident investigation.
  • Support tickets: as long as needed for handling and follow-up, then limited archiving or deletion.
  • Community content: while account is active; may be anonymized on deletion if interactions with others require it.

9. Cookies and trackers

We use cookies and local storage to operate the Service.

9.1 Strictly necessary (no consent)

  • session / authentication;
  • language and UI preferences;
  • navigation state (e.g. sidebar).

9.2 Consent or limited legitimate interest

  • Google reCAPTCHA — bot protection on sign-up/login;
  • analytics or marketing trackers, if enabled, only after consent.

You may withdraw consent or configure your browser. Refusing essential cookies may limit access.

10. Data security

rydrway implements appropriate technical and organisational measures, including:

  • TLS/HTTPS encryption;
  • irreversible password hashing;
  • access controls, logging and security policies;
  • hosting with a recognised provider (OVH).

No Internet transmission is entirely risk-free; we cannot guarantee absolute security.

11. Your rights

Under GDPR, you have the following rights, within applicable legal limits:

  • access and copy of your data;
  • rectification of inaccurate data;
  • erasure (« right to be forgotten »);
  • restriction of processing;
  • objection on legitimate grounds (including marketing);
  • portability of data provided, in a structured format where applicable;
  • withdrawal of consent at any time for consent-based processing.

You may also define instructions regarding your data after your death (France).

12. Exercising your rights

Send your request to privacy@rydrway.com stating the subject and, if possible, your account email.

We may request ID verification if we have reasonable doubt about your identity. We respond within one month, extendable by two months if needed (complexity or volume).

13. Complaint to supervisory authority

If you believe, after contacting us, that your rights are not respected, you may lodge a complaint with the competent supervisory authority.

In France: CNILwww.cnil.fr

14. Changes to this policy

rydrway may update this policy to reflect changes to the Service or legal obligations. The version in force is published on the website with its effective date.

Material changes may be notified to registered users by email or in-app notification.

15. Contact

Questions about your personal data: privacy@rydrway.com