Privacy Policy

Last updated: February 22, 2026

1. Who We Are

MTBSloth ("we", "us", "our") operates the website mtbsloth.com and the MTBSloth Android application. We provide a mountain biking trail discovery, route planning, and ride tracking platform.

2. Data We Collect

We collect the following categories of personal data:

  • Account information: Email address and name provided via Google OAuth sign-in.
  • Profile information: Username you choose during registration.
  • GPS tracks: Location data (latitude, longitude, elevation, speed, timestamps) recorded during rides you upload.
  • Photos: Trail photos you upload, including their GPS coordinates.
  • Routes: Custom routes you create and save.
  • Trail interactions: Trail ratings, difficulty votes, and condition reports you submit.
  • Usage data: Basic request logs and error reports for service reliability.

3. How We Use Your Data

  • To provide and operate our trail mapping, routing, and ride tracking services.
  • To authenticate your identity and maintain your account.
  • To display your rides, achievements, and statistics on your profile.
  • To contribute trail information (ratings, conditions) to the community.
  • To generate leaderboards and community features.
  • To improve service reliability through error tracking.

4. Google OAuth

We use Google OAuth 2.0 for authentication. When you sign in with Google, we receive your email address and Google account identifier. We do not receive or store your Google password. Google's privacy policy applies to data Google processes: https://policies.google.com/privacy.

5. Data Sharing

We do not sell your personal data. We share data only in these circumstances:

  • Public routes and leaderboards: Routes you mark as public and leaderboard times are visible to other users.
  • Trail photos: Approved trail photos are visible to all users on the map.
  • Trail votes and conditions: Community contributions are aggregated and displayed anonymously.
  • Service providers: We use Google Cloud Platform for hosting and photo storage.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data (rides, routes, photos, votes, achievements, and statistics) is permanently deleted.

7. Account Deletion

You can delete your MTBSloth account and all associated data at any time. To request account deletion:

  1. Open the MTBSloth app or visit mtbsloth.com.
  2. Sign in to your account.
  3. Go to your Profile page.
  4. Tap or click "Delete Account".
  5. Confirm the deletion when prompted.

Alternatively, you can email privacy@mtbsloth.com from the email address associated with your account, and we will process your request within 30 days.

Data that is permanently deleted:

  • Your account and profile information (email, username)
  • All recorded rides and GPS tracks
  • All saved routes
  • All uploaded trail photos
  • Trail ratings, difficulty votes, and condition reports
  • Achievements and rider statistics
  • Leaderboard entries
  • Strava connection (if linked)

Data that is retained:

  • No personal data is retained after account deletion.
  • Anonymised, aggregated trail statistics (e.g. average difficulty ratings) may persist but cannot be linked back to your account.

Account deletion is immediate and irreversible. There is no additional retention period for personal data.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data. Use the "Export My Data" button in your profile.
  • Rectification: Update your profile information at any time.
  • Erasure: Delete your account and all associated data (see section 7 above).
  • Data portability: Export your data in a machine-readable JSON format.
  • Restriction/Objection: Contact us to restrict or object to specific processing.

9. Security

We use HTTPS encryption for all connections, secure session tokens, and follow security best practices including Content Security Policy headers, rate limiting, and input validation.

10. Cookies

We use a single session cookie (session) to keep you logged in. This is a functional cookie essential for authentication and does not track you across other websites.

11. Children

Our service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us.

12. Changes

We may update this privacy policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page.

13. Contact

For privacy-related questions or to exercise your rights, contact us at: privacy@mtbsloth.com