Privacy Policy

Last updated: April 3, 2026

Overview

Trail Hits LLC ("we", "our", or "us") respects your privacy. This policy explains how we collect, use, and protect your information when you use the Trail Hits mobile app and website. Trail Hits LLC is the data controller responsible for your personal data.

Contact: support@trailhits.com

Information We Collect

Account Information

  • Email address (for account creation and communication)
  • Phone number (when provided by a bike shop during service check-in, for service notifications)

Bike and Component Data

  • Bike names and types you create
  • Component information (type, brand, model)
  • Maintenance records and service history
  • Setup diary entries (PSI, pressure, notes)

Ride Data

  • GPS coordinates and elevation data
  • Ride duration, distance, and conditions
  • Bike-specific ride characteristics (e.g., assist mode for eBikes)
  • Data synced from connected services (Strava, Ride with GPS, Apple Health, Garmin Connect)

Device Information

  • Device type and operating system version
  • App version
  • Anonymous usage analytics
  • Device diagnostics (collected automatically when submitting bug reports)

How We Use Your Information

  • Provide maintenance tracking and service recommendations
  • Send maintenance reminders and service alerts
  • Sync data across your devices
  • Process bug reports and respond to support requests
  • Improve the app based on anonymous usage patterns

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

DataLegal Basis
Account data (email)Contract performance: necessary to provide the service (Art. 6(1)(b))
Bike, component, and ride dataContract performance: core functionality of the app (Art. 6(1)(b))
Connected services (Strava, Garmin, etc.)Consent: you choose to connect each service (Art. 6(1)(a))
Analytics (Google Analytics)Consent: only collected when you accept analytics cookies (Art. 6(1)(a))
SMS notificationsConsent: provided verbally at shop check-in (Art. 6(1)(a))
Payment dataContract performance: required to process subscriptions (Art. 6(1)(b))
Error monitoring (Sentry)Legitimate interest: maintaining service reliability (Art. 6(1)(f))
Bug reports and diagnosticsConsent: submitted at your discretion (Art. 6(1)(a))
Data shared with linked bike shopsConsent: you choose to link to each shop and control sharing toggles (Art. 6(1)(a))

Third-Party Services and Sub-Processors

Trail Hits uses the following third-party services to operate. These services may process your data on our behalf:

  • Supabase: Secure database, authentication, and serverless functions
  • Vercel: Website and web app hosting
  • Stripe: Payment processing for web subscriptions
  • Apple App Store: iOS payment processing and subscription management
  • Google Play: Android payment processing and subscription management
  • Google Analytics: Website analytics, only with your consent
  • Sentry: Error monitoring and crash reporting
  • 99 Spokes: Bike catalog and specification data
  • Twilio: SMS/text message delivery for service notifications
  • Resend: Transactional email delivery
  • GitHub: Bug report processing
  • Strava: Ride sync, connected at your discretion
  • Ride with GPS: Ride sync, connected at your discretion
  • Apple Health: Ride sync, connected at your discretion
  • Garmin Connect: Ride sync, connected at your discretion
  • Hammerhead (SRAM): Ride sync from Karoo devices, connected at your discretion
  • Anthropic (Claude API): AI-assisted categorization of voice-transcribed inspection findings inside Trail Hits Hub. Voice content is processed for transcription and structured categorization only; not used to train Anthropic's models. See Anthropic's Privacy Policy.
  • Lightspeed Retail (Lightspeed Commerce Inc.): Point-of-sale integration for bike shops using Trail Hits Hub. Hub reads customer records, sales, work orders, estimates, item catalog data, and employee hours from Lightspeed, and writes back estimates, work order status changes, and customer profile updates at the shop's direction. Each shop authorizes this exchange via OAuth. See Lightspeed's Privacy Policy.

Trail Hits Hub: Data Practices for Bike Shops

Trail Hits Hub is the B2B service tool used inside independent bike shops. When a shop runs Hub, the shop is the data controller for its customer records, work orders, inspections, and related service data. Trail Hits processes that data on the shop's behalf to deliver the Hub product.

What Hub collects from shops

  • Customer records: Names, phone numbers, email addresses entered by the shop or imported from Lightspeed.
  • Bike and component data: Make, model, year, frame size, serial number, fit measurements (cockpit, saddle, dropper), component history.
  • Work order content: Inspection findings (text and voice-transcribed), photos, line items, notes, status timeline.
  • Service request data: Submissions from connected riders (the consumer Trail Hits app) including pre-selected worn components and customer notes.
  • SMS conversation content: Two-way messages between the shop and its customers, delivered via Twilio.
  • Rental fleet data: Fleet bike records, departure / return condition photos, ride profiles selected at check-out.
  • Build sheets: Itemized custom build specifications including pricing.
  • Reports data: Derived metrics from the above (profitability, turnaround time, tech performance).

How Lightspeed data flows

When a shop authenticates a Lightspeed Retail connection inside Hub, data flows in both directions:

  • Hub receives from Lightspeed: Customer records, sales history, work orders, estimates, items / catalog data, employee records, employee hours.
  • Hub sends to Lightspeed: Estimates created in Hub's Estimate Builder, work order status updates that complete a transaction, customer profile changes when the shop chooses to push them back.
  • Lightspeed is the system of record for the data above. When the shop disconnects Hub from Lightspeed, the Lightspeed-sourced data remains in Lightspeed; Hub stops syncing.
  • Lightspeed's own privacy policy governs Lightspeed's handling of the data, separate from Trail Hits' obligations.

Voice transcripts and AI processing

Hub's AI inspection categorization uses Anthropic's Claude API to turn dictated voice findings into structured, editable text and category tags. Voice content is transmitted to Anthropic for processing only and is not used to train Anthropic's models. Shops can disable voice-to-text in Hub settings if they prefer manual entry.

Connected riders and consumer-app data exchange

When a customer using the Trail Hits consumer app connects to a shop running Hub, the customer authorizes the shop to view their bike profile, component health, and service history. The customer can disconnect from the shop at any time inside the consumer app; doing so removes the shop's access to future data but does not delete service records already created during the connected period.

Shop accounts and data retention

Shop data is retained for the duration of the shop's subscription and for a 90-day grace period after cancellation, after which it is deleted unless the shop requests export or extended retention. Shops can request export of their full data set at any time by contacting shops@trailhits.com.

International Data Transfers

Trail Hits LLC is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data is transferred to and processed in the United States through our sub-processors listed above.

These transfers are protected by appropriate safeguards, including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) where applicable. By using Trail Hits, you acknowledge that your data will be processed in the United States.

Data Storage and Security

Your data is stored securely using Supabase, which provides enterprise-grade security including encryption at rest and in transit. We use row-level security to ensure users can only access their own data.

Data Sharing

We do not sell your personal information. We only share data in these limited circumstances:

  • With service providers who help operate the app (hosting, payment processing, analytics)
  • With authorized Trail Hits staff for customer support and operational purposes
  • When required by law or to comply with legal process
  • With your explicit consent

Bike Shop Data Sharing

When you link your Trail Hits account to a partner bike shop, certain data is shared with that shop to facilitate service. You control what is shared and can disconnect at any time.

How Shop-Linked Accounts Are Created

A bike shop may create a customer record on your behalf during an in-store check-in, using information you provide (name, email, phone number). If an existing Trail Hits account matches your email, the shop record is linked to your account. If no account exists, you may receive an invitation to create one. You are never required to create a Trail Hits account to receive service from a shop.

What Linked Shops Can See

  • Your name, email, and phone number
  • Bike names, types, and component lists
  • Component wear percentages and service recommendations
  • Service request details you submit to that specific shop
  • Rebuild specifications (only if you enable the "Share Measurements" toggle for that shop)

What Linked Shops Cannot See

  • Your full ride GPS data, routes, or ride history
  • Your personal settings, preferences, or subscription status
  • Your relationships with other bike shops
  • Service records, work orders, pricing, or notes created by other shops
  • Your payment or financial information

Data Isolation Between Shops

If you are linked to multiple bike shops, each shop can only see data they created or that you explicitly shared with them. Service records, work orders, inspection results, pricing, and internal notes from one shop are never visible to another shop. This isolation is enforced at the database level through row-level security policies.

Your Controls

  • Disconnect: You can disconnect from any shop at any time through Settings in the app. Disconnecting immediately revokes that shop's access to your bike and component data.
  • Share Measurements: You can toggle whether a linked shop can view your bike's rebuild specifications (cockpit setup, brake specs, tire details, and dropper settings).
  • Rebuild Spec Visibility: You can toggle whether rebuild specifications appear on your own dashboard in the app. This is independent of the shop sharing toggle.

Data After Disconnecting

When you disconnect from a shop, the shop loses access to your live bike data, component wear status, and future service requests. However, historical records of completed work orders and service performed at that shop are retained for the shop's business records. Your personal data (name, email, phone) may be retained in the shop's customer records unless you request deletion by contacting support@trailhits.com.

Cookies and Tracking

We use cookies and similar technologies on our website and web app. Analytics cookies are only set with your consent. For full details on the cookies we use, how to manage them, and your choices, see our Cookie Policy.

SMS/Text Messaging

Phone Number Collection

Your phone number may be collected by a Trail Hits partner bike shop when you check in your bike for service. The shop enters your phone number into the Trail Hits platform to enable service-related text message notifications.

How We Use SMS

Text messages are used for transactional service notifications only. We do not send marketing or promotional messages via SMS. Messages you may receive include:

  • Service estimates and repair quotes
  • Work order status updates
  • Pickup notifications when your bike is ready

Consent

Consent to receive text messages from Trail Hits on behalf of a partner shop may be obtained in the following ways:

  • Verbal opt-in: By providing your phone number to a shop at check-in, you verbally consent to receive service-related texts.
  • Text message opt-in: When a shop adds your phone number to the Trail Hits platform, you may receive a one-time opt-in invitation via text message. Replying YES to that message confirms your consent to receive service notifications from that shop.
  • Written consent: Consent may be collected via a written form or web-based consent flow at the shop.

Consent is specific to the individual shop. Consenting at one shop does not authorize messages from another. You will not receive service notifications until you have opted in.

Opting Out

You can opt out of text messages at any time by replying STOP to any message. After opting out, you will receive a confirmation message and no further texts will be sent. You can also contact support@trailhits.com to request removal.

Message Frequency and Rates

Message frequency varies based on your bike service activity, typically 1–3 messages per service visit. Message and data rates may apply. Contact your mobile carrier for details about your messaging plan.

Phone Number Retention

Your phone number is retained as part of your customer record with the shop. If you opt out of SMS, your phone number is retained but no further messages are sent. To request deletion of your phone number, contact support@trailhits.com.

Your Rights

You have the right to:

  • Access your personal data
  • Export your data in a portable format (right to data portability)
  • Correct inaccurate personal data (right to rectification)
  • Delete your account and all associated data (right to erasure)
  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interest
  • Withdraw consent at any time for consent-based processing (e.g., analytics, connected services)
  • Disconnect third-party services at any time through the app
  • Disconnect from any linked bike shop at any time, immediately revoking their access to your data
  • Control sharing with linked shops by toggling rebuild spec sharing and other data visibility per shop

To exercise any of these rights, use the account settings in the app or email support@trailhits.com. We will respond within 30 days.

Account Deletion

You can delete your Trail Hits account at any time. Account deletion is permanent. Once your data has been removed, it cannot be restored.

How to delete your account

  • In the app: Open Trail Hits → Settings → Account → Delete Account. Follow the confirmation prompt.
  • If you can't log in: Email support@trailhits.com from the email address associated with your account and request deletion. We will respond within 7 days and complete the deletion within 30 days.

What gets deleted

  • Your user profile (name, email, account credentials)
  • All bikes and components you've added
  • Ride history and ride-derived strain data
  • Setup diary entries and attached photos
  • Suspension Problem Solver entries and outcome logs
  • Connected-shop relationships (your link to bike shops running Trail Hits Hub is removed; the shop's record of you as a past customer may persist under their data controller obligations)
  • Push notification device tokens
  • OAuth tokens for connected services (Strava, Garmin, Ride with GPS, Apple Health, Hammerhead/SRAM Karoo), revoked at deletion

What may be retained after deletion

  • Anonymized aggregate analytics: counts and trends with no user-identifiable fields, retained for product improvement
  • Payment and subscription records: retained for 7 years to comply with tax and accounting regulations
  • Crash logs and error reports: retained for 30 days in Sentry with user identifiers stripped
  • Records required by law: limited records where retention is mandated by applicable law (e.g., financial regulations, court orders)

Bike shop accounts (Trail Hits Hub)

If you are a bike shop using Trail Hits Hub and want to delete your shop account, email shops@trailhits.com. We will provide a data export on request and complete deletion 30 days after cancellation (90 days if you need extended retention to transition to a new system).

Right to Complain

If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully. A list of EU supervisory authorities is available at edpb.europa.eu.

Data Retention

  • Active accounts: Data is retained as long as your account is active.
  • Deleted accounts: All personal data is permanently removed within 30 days of account deletion.
  • Analytics data: Google Analytics retains data for 14 months (GA4 default).
  • Payment records: Transaction records are retained for 7 years as required by tax and accounting regulations.
  • SMS records: Message logs are retained for 90 days for delivery verification, then deleted.

Automated Decision-Making

Trail Hits uses algorithms to calculate component wear (strain scores), predict service intervals, and suggest suspension tuning adjustments. These calculations are informational tools to assist your bike maintenance. They do not produce decisions with legal or similarly significant effects. You should always inspect your bike regularly and consult a qualified mechanic for safety-critical components.

Children's Privacy

Trail Hits is not intended for children under 13. In the EEA, users must be at least 16 years old (or the minimum age set by their member state) to create an account without parental consent. We do not knowingly collect personal information from children below these age thresholds.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of Trail Hits after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy, your data, or want to exercise your rights, contact us at:

support@trailhits.com

Trail Hits LLC · Bend, Oregon, United States