Privacy Policy
Last updated: June 2026
1. Minimalist Data Collection
Rubbyside™ operates with a strict, privacy-first data footprint. We do not require passwords, email addresses, or social media linkages. We only collect the minimal parameters required to run a secure marketplace:
- Phone Number: For secure OTP code verification and direct WhatsApp-to-buyer chat coordination, as well as automated Paddock notification alerts.
- Name: To identify you as a rider handle on listings and Paddock posts.
- City Location: To display listing proximity for local handoffs.
- Social Data: We store photos, videos, text descriptions, comments, and "Revs" (likes) that you voluntarily post on The Paddock or Flybys feeds.
2. How We Use Your Data & Legal Basis
Data protection laws require a "Legal Basis" to collect and use your data. We process your information under the following legal bases:
- To Provide Rubbyside Services: Displaying your listings to buyers, managing your Paddock and Flyby posts, and verifying your identity via SMS/WhatsApp OTP are strictly necessary to perform our Terms of Service.
- Legitimate Interests: We log aggregate platform interactions to monitor security, prevent fraud, and improve the platform's UI/UX.
- Consent: When you voluntarily upload photos, videos, or write comments on The Paddock or Flybys, you explicitly consent to displaying them to other riders.
- AI and Machine Learning: We may use automated systems or machine learning to detect abusive behavior, filter spam, or suggest trending content.
3. Information Sharing & Third-Parties
We do **not** sell, lease, trade, or share user profile details or phone numbers with advertising networks or third-party marketing companies. Data is strictly shared with infrastructure service providers necessary for operation:
- Supabase: For database hosting, authentication structures, and listings storage.
- Cloudinary: For hosting user-uploaded images and photos.
- Meta (WhatsApp Business API): For sending secure OTP verification codes and automated platform notifications (e.g., when someone comments on your post). Your phone number and notification text pass through Meta's servers.
4. Cookies & Analytics
We use secure HTTP-only cookies and local storage to persist your active rider session and log aggregate interactions. We do not use persistent cross-site tracking cookies or third-party ad trackers. For a detailed breakdown of exactly what cookies we use, please read our Cookie Policy.
5. Security
Our API endpoints communicate over secure HTTPS connections. Database access is governed by Row Level Security (RLS) configurations, ensuring that only authenticated users can update or modify their own listings.
6. Data Deletion & GDPR / DPDP Compliance
Riders can delete their listings at any time through the 'My Listings' interface. If you wish to request a permanent deletion of your rider account profile and all associated personal data under the General Data Protection Regulation (GDPR) and the DPDP Act 2023, please reach out to us at mountainmotoclub@gmail.com. We will process your deletion request and permanently erase your account data within 30 days. Please note that to maintain platform integrity, security logs, and regulatory compliance records, certain metadata may be retained for up to 90 days after account deletion before being completely purged.
7. Grievance Officer
In compliance with the Information Technology Rules 2021, you may contact our Grievance Officer regarding any privacy-related concerns or data processing enquiries:
- Name: Kunal Khanna
- Email: mountainmotoclub@gmail.com
We will acknowledge your request within 24 hours and endeavour to resolve it within 15 days.
