Privacy Policy

Last updated: March 13, 2026

1. Data Controller

The operator of the website rigbook.app, the mobile application RigBook (hereinafter "Application") and the controller of your personal data within the meaning of Art. 4(7) of Regulation (EU) 2016/679 (hereinafter "GDPR") is:

PeNiVar s.r.o.
Registered address: Chrastné 206, 044 44 Chrastné, Slovakia
IČO: 54 496 675
Registered in the Commercial Register of the Municipal Court Košice, Section: Sro, Insert No.: 53926/V
E-mail: info@rigbook.app

2. Personal Data We Collect

When using the Application and website, we may process the following categories of personal data:

a) Registration and profile data

  • Email address — serves as your login and for communication
  • Nickname — displayed on your public tracks
  • Password — stored exclusively in hashed (encrypted) form
  • Language preference — for interface localization

b) Track and ride data

  • GPS coordinates (latitude and longitude) — recorded during rides
  • Vehicle tilt data (roll, pitch) — from device gyroscope and accelerometer
  • Timestamps — start time, end time, and individual track points
  • Track events — manually marked points of interest (fords, obstacles, viewpoints)
  • Surface type — manually or automatically determined track surface

c) Technical data

  • IP address — when accessing the website
  • Device data — device type, operating system version (for compatibility purposes)
  • Cookies — session cookies for login, analytics cookies only with consent

d) Payment data

  • Payments for premium features are processed exclusively through Apple App Store and Google Play Store. The Controller does not have access to your payment card details.

3. Legal Basis and Purpose of Processing

PurposeLegal basis (GDPR)
Registration and user account managementArt. 6(1)(b) — performance of a contract
Recording and storing GPS tracksArt. 6(1)(b) — performance of a contract
Displaying public tracks to other usersArt. 6(1)(a) — consent (track visibility setting)
Sending newslettersArt. 6(1)(a) — consent
Website analytics (Google Analytics)Art. 6(1)(a) — consent (cookie bar)
Security and abuse preventionArt. 6(1)(f) — legitimate interest
Processing payments for premium featuresArt. 6(1)(b) — performance of a contract

4. GPS and Location Data — Special Provisions

GPS data is the core functionality of the Application. Please note the following:

  • Location recording occurs exclusively during active track recording, not in the background.
  • Track visibility — each track is set as private by default. Only you decide whether to make it public.
  • Public tracks — if you set a track as public, its GPS coordinates, events, and surface data will be visible to other users on the map and in track listings.
  • Link sharing — public tracks can be shared via a unique link. Anyone with the link can view the track without logging in.

5. Data Retention Period

  • Account and track data — retained for the duration of your account.
  • Upon account deletion — all your personal data including tracks, track points, events, settings, and favorite tracks are immediately and irreversibly deleted from the database. We do not use soft-delete or deferred anonymization.
  • Payment records — retained for the period required by Slovak tax and accounting regulations (10 years).
  • Newsletter subscription — until withdrawal of consent (unsubscribe).

6. Data Transfer and Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared exclusively with:

  • Hetzner Online GmbH (Germany/EU) — server infrastructure provider. Data remains within the EU.
  • Google Ireland Limited — Google Analytics 4 (with consent only) and Google Fonts (legitimate interest).
  • Mapbox, Inc. (USA) — map tile provider. When viewing the map, your IP address and map viewport are transmitted to Mapbox servers. Transfer to the USA is covered by Standard Contractual Clauses under Art. 46(2)(c) GDPR.
  • Apple Inc. / Google LLC — payment processing via App Store / Google Play (premium purchases only).
  • Law enforcement authorities — if required by law or a valid court order.

7. Cookies and Analytics

  • Essential cookies — session cookies for login and security. Legal basis: legitimate interest.
  • Analytics cookies — Google Analytics 4. Activated only after explicit consent via the cookie bar. Legal basis: consent.

You can withdraw cookie consent at any time by clearing cookies in your browser.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR) — you have the right to obtain confirmation as to whether your personal data is being processed, and if so, to access it.
  • Right to rectification (Art. 16 GDPR) — you have the right to correct inaccurate data. You can change your nickname and settings directly in the Application profile.
  • Right to erasure (Art. 17 GDPR) — you have the right to have your personal data deleted. You can exercise this right directly in the Application by deleting your account (Profile → Security → Delete Account), or by contacting us at info@rigbook.app.
  • Right to restriction of processing (Art. 18 GDPR) — under conditions set out in GDPR.
  • Right to data portability (Art. 20 GDPR) — you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) — against processing based on legitimate interest.
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — with the supervisory authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk. If you are a resident of another EU member state, you have the right to lodge a complaint with the supervisory authority in your member state pursuant to Art. 77 GDPR.

To exercise your rights, contact us at info@rigbook.app. We will respond to your request within 30 days at the latest.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted communication (HTTPS/TLS) between the Application, website, and server
  • Passwords stored exclusively in hashed form (bcrypt)
  • Database access restricted to authorized services
  • Regular backups and infrastructure monitoring

10. Children's Privacy

The Application is not intended for persons under 16 years of age. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a person under 16, we will delete such data without delay.

11. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of material changes via an in-app notification or email. By continuing to use the Application after changes are published, you agree to the updated policy.

12. Contact

If you have any questions regarding the processing of your personal data, contact us at:

PeNiVar s.r.o.
E-mail: info@rigbook.app