Privacy Policy
This policy explains how ONLYRiDES collects, uses, stores, shares, and protects your personal data. It covers your rights under the GDPR, CCPA, PIPEDA, and other applicable privacy laws.
Privacy Commitment
ONLYRiDES is committed to transparency and data minimization. We collect only what is necessary to operate a premium automotive creator platform, protect our community, and comply with the law.
1. Who We Are
ONLYRiDES is a premium automotive social and creator platform operated by ONLYRiDES Ltd, a company registered in Malta. For all privacy-related inquiries, you may contact our Data Protection Officer at privacy@onlyrides.com.
ONLYRiDES Ltd acts as the data controller for personal data processed through this platform. We determine the purposes and means of processing your personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.
2. Data We Collect
We collect the following categories of personal data when you use ONLYRiDES. The specific data points depend on how you interact with the platform and which features you use.
Account data
Email address, username, display name, password hash, date of birth, sign-in metadata, IP address at registration, and two-factor authentication settings.
Content data
Posts, comments, photos, videos, ride details, garage entries, event listings, marketplace listings, group memberships, and any other content you create or upload.
Usage data
Pages visited, features used, search queries, time spent on pages, click patterns, scroll depth, and interaction history with other users and content.
Technical data
IP address, browser type and version, operating system, device type, screen resolution, timezone, language preference, and referring URL.
Payment data
Stripe customer ID, subscription status, plan details, payout information, and transaction history. We never store full card numbers, CVVs, or bank account numbers directly; these are handled exclusively by Stripe.
Location data
Approximate location derived from IP address, location data you provide in your profile or event listings, and map interaction data via Mapbox.
Communications data
Messages sent through the platform, support tickets, email correspondence, and notification preferences.
3. Legal Basis for Processing (GDPR Article 6)
For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a stated legal basis, we process your data based on the following grounds:
| Processing purpose | Legal basis |
|---|---|
| Account creation and service delivery | Contract performance (Art. 6(1)(b)) |
| Payment processing and creator payouts | Contract performance (Art. 6(1)(b)) |
| Platform security, fraud prevention, moderation | Legitimate interests (Art. 6(1)(f)) |
| Analytics and service improvement | Legitimate interests (Art. 6(1)(f)) |
| Transactional emails and account notices | Contract performance (Art. 6(1)(b)) |
| Marketing emails and optional notifications | Consent (Art. 6(1)(a)) |
| Non-essential cookies and analytics tracking | Consent (Art. 6(1)(a)) |
| Tax reporting and financial compliance | Legal obligation (Art. 6(1)(c)) |
4. How We Share Your Data
ONLYRiDES does not sell your personal data to third parties. We share data only with trusted service providers who process it on our behalf under strict contractual obligations, or where required by law.
| Provider | Region | Safeguard | Purpose |
|---|---|---|---|
| Stripe | USA + EU | PCI DSS Level 1, SCCs | Payment processing, subscription billing, creator payout infrastructure, and fraud detection. |
| Supabase | EU (Frankfurt) | EU hosting | Database, authentication, real-time subscriptions, and row-level security enforcement. |
| AWS S3 | EU (Frankfurt) | EU hosting | Media storage for user-uploaded images, videos, and file attachments. |
| MUX | USA | SCCs | Video encoding, adaptive streaming delivery, and video analytics. |
| Resend | USA | SCCs | Transactional email delivery for account notifications, security alerts, and system messages. |
| PostHog | EU (Frankfurt) | EU hosting | Product analytics, feature flags, session replay, and A/B testing. |
| Sentry | USA | SCCs | Application error monitoring, performance tracking, and crash reporting. |
| Mapbox | USA | SCCs | Interactive maps for events, rides, and marketplace location features. |
5. International Data Transfers
ONLYRiDES is based in Malta (EU). Some of our service providers operate in the United States and other countries outside the EEA. When personal data is transferred outside the EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions where the European Commission has determined a country provides adequate data protection.
- Selecting providers with EU-based hosting where available (Supabase, PostHog, AWS S3).
- Binding contractual commitments with each processor regarding data handling, security, and breach notification.
6. Your GDPR Rights (EEA, UK, and Switzerland)
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights under the GDPR:
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete personal data.
Right to erasure
Request deletion of your personal data when it is no longer necessary for the purposes collected.
Right to data portability
Receive your data in a structured, commonly used, machine-readable format.
Right to object
Object to processing based on legitimate interests, including profiling.
Right to restrict processing
Request restriction of processing while a complaint or objection is being resolved.
Right to withdraw consent
Withdraw consent at any time for processing that relies on consent, without affecting prior lawful processing.
To exercise any of these rights, contact us at privacy@onlyrides.com or visit your Privacy Settings. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
7. Your CCPA Rights (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
Right to know
Request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to delete
Request deletion of personal information we have collected, subject to certain exceptions.
Right to opt-out of sale
ONLYRiDES does not sell personal information. No opt-out is required, but we honor this right proactively.
Right to non-discrimination
Exercise your privacy rights without receiving discriminatory treatment in pricing or service quality.
To submit a CCPA request, email privacy@onlyrides.com with the subject line "CCPA Request" or visit our CCPA Rights page. We will verify your identity and respond within 45 days.
8. Your PIPEDA Rights (Canadian Residents)
If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act provides you with the following rights:
Right to access
Request access to the personal information we hold about you and how it has been used.
Right to challenge accuracy
Challenge the accuracy and completeness of your personal information and have it amended as appropriate.
Right to withdraw consent
Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
To exercise your PIPEDA rights, contact us at privacy@onlyrides.com. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.
9. Cookies and Tracking Technologies
ONLYRiDES uses cookies and similar technologies for authentication, security, preferences, and analytics. For a complete list of cookies used on this platform and instructions on managing your preferences, please see our Cookie Policy.
You can manage your cookie preferences at any time through the Cookie Settings accessible from the footer of any page.
10. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data category | Retention period |
|---|---|
| Active account data | Retained for the life of the account. |
| Data after account deletion | Deleted within 30 days, except where legal retention applies. |
| Payment and billing records | Retained for 7 years for tax and financial compliance. |
| Analytics and usage logs | Retained for up to 2 years, then aggregated or anonymized. |
| Deleted content (posts, media) | Purged from all systems within 30 days of deletion. |
| Support and moderation records | Retained as long as operationally or legally necessary. |
11. Children's Privacy
ONLYRiDES is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will take steps to delete their account and associated data promptly. If you believe a child has provided us with personal data, please contact us at privacy@onlyrides.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or product features. When we make material changes, we will notify you by email (sent to the address associated with your account) and through an in-app notification at least 30 days before the changes take effect.
Your continued use of ONLYRiDES after the updated policy takes effect constitutes your acceptance of the changes. We encourage you to review this page periodically.
13. Contact
For any privacy-related questions, data requests, or concerns, please contact us using the information below.
- Company
- ONLYRiDES Ltd · Registered in Malta
- Data Protection Officer
- privacy@onlyrides.com
- General Support
- support@onlyrides.com
- GDPR Rights
- Exercise your rights
- CCPA Rights
- California privacy rights