Privacy Policy

Effective date: 20 March 2026

Perfect Chainline ("we", "us", "the service") is a cycling drivetrain analysis tool available at perfectchainline.com. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

When you connect your Strava account via OAuth, we request read access to your activity data. Specifically, we collect and store:

  • Your Strava athlete ID and display name
  • Bike names and gear IDs from your Strava profile
  • Ride activity data including cadence, speed, power, and gradient streams
  • Authentication tokens required to access your Strava data

We do not store GPS coordinates, route maps, or location data. We do not access or store private messages, social data, or any information beyond what is needed for drivetrain analysis.

2. How We Use Your Data

Your ride data is used solely to generate personalised gearing recommendations. We analyse cadence distributions, speed profiles, and power output to score chainring and cassette combinations against your actual riding patterns. Your data is never used for any other purpose.

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Supabase, with the application hosted on Vercel. Both services employ industry-standard encryption in transit and at rest. Authentication tokens are stored securely and are never exposed to the browser.

4. Cookies and Authentication

We use cookies strictly for authentication purposes via NextAuth.js. These cookies maintain your login session so you do not need to re-authenticate on every visit. We do not use advertising cookies, tracking pixels, or any form of cross-site tracking.

5. Analytics and Tracking

We do not use any analytics services, tracking scripts, or third-party monitoring tools. No data about your browsing behaviour is collected or shared.

6. Third-Party Data Sharing

We do not sell, rent, or share your personal data with any third parties. Your data is used exclusively to provide the service to you. The only external services that process your data are Supabase (database hosting) and Vercel (application hosting), both acting as data processors on our behalf.

7. Strava API Compliance

This application complies with the Strava API Agreement. You can revoke access at any time from your Strava connected apps settings. Upon revocation, we will delete your stored data.

8. Data Retention and Deletion

Your data is retained for as long as your account is active. You may request deletion of all your data at any time by contacting us (see below). Upon receiving a deletion request, we will remove all your personal data and ride information from our database within 30 days.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke Strava access at any time
  • Withdraw consent for data processing

10. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact

For any questions about this privacy policy, data deletion requests, or other enquiries, please reach out via Ko-fi.