Privacy

Rygiene is built to protect kids' privacy, and that includes their data. Here's the plain-language version of what we collect and why.

Our privacy commitment

This is our Privacy Policy, written in plain language so you can actually read it. It explains what Rygiene collects, why, how long we keep it, and your rights. Questions?

Effective June 9, 2026.

Who Rygiene is for
Rygiene is a tool for parents to understand how their child rides an e-bike. A parent creates the account and is in control. Because Rygiene is used by children, we take extra care with children's data and follow the U.S. Children's Online Privacy Protection Act (COPPA), including verifiable parental consent before collecting a child's information.
What we collect
From the child's phone:
  • Location (GPS) — to record rides and show you where your rider is. While the Rider app is set up, the phone reports its location to us continuously: in full detail during a ride, and at a much lower rate the rest of the time (roughly once a minute while the phone is moving, and every few minutes while it's resting) so we can notice a ride starting and answer "where's my kid right now?"
  • Motion and speed information derived from that location, plus the phone's motion type (still, walking, cycling, in a car) — used to tell a real bike ride apart from a car trip or a walk.
  • Battery level and charging state — so we can tell you if the phone is about to die.
  • App version and basic device status (for example, the app's location-permission level) — sent with location reports so we can tell you when tracking is misconfigured and fix bugs.
  • The child's first name, as you enter it, to label rides.
  • The child's phone number, if you enter it — used only so you can tap to text your own child a reminder. We never use it to contact your child.
  • A notification token, used to deliver silent "are you alive" pings to the Rider app and to pair the device.
From the parent's phone:
  • Your name, email address, and a securely hashed password, to sign in.
  • Any places you draw on the map and your alert preferences.
  • A notification token, so we can send you alerts.
What we store is narrower than what the phone reports: the rides themselves (route, speeds, times, flags), the single most recent location point, and short-lived event records (for example, where the phone was when contact was lost, so the alert we send you can include a last-known location). We do not keep a continuous, always-on trail of everywhere your child has been between rides.

For security and record-keeping, we also log basic technical information — IP address, timestamp, and app version — when an account is created, consent is given, or terms are accepted. We use crash reporting (Sentry) configured not to attach personal identifiers. And if you join the waitlist on this website, we collect the email address you submit, only to contact you about availability.
Why we collect it
Only to do the job you installed Rygiene for: record rides, flag the moments worth a look, show you the route, and alert you when something serious happens. That's it.
What we never do
  • We never sell your or your child's data.
  • We show no ads and share nothing with advertisers.
  • We don't share data with marketers, data brokers, or social networks.
The only outside companies that touch the data are the infrastructure providers that run the service. They process data on our behalf, under contract, not for their own purposes:
  • Amazon Web Services — cloud hosting and database (all stored data, at rest in the U.S.)
  • Expo + Apple Push Notification service — deliver push alerts (push tokens and the notification text, which can include your child's first name)
  • Postmark — sends transactional email (consent codes, password resets)
  • Zoho Mail — receives what you send to support@rygiene.app
  • Sentry — crash and error reporting (diagnostic data; configured not to attach personal identifiers)
  • Apple — App Store distribution and in-app purchases (Apple is the payment processor; we never see card details)
  • RevenueCat — subscription status, when subscriptions are enabled
We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer — in which case this policy continues to govern it.
How long we keep data
Your child's location data is automatically erased within 21 days of each ride — every GPS track, every route point, every recorded location. This runs on an automated daily schedule; it isn't optional and needs no action from you. We deliberately do not keep a long-term history of where your child has been.
  • Erased within 21 days (the location itself): ride GPS tracks and route points, the location attached to any flagged moment, the single most recent live position, and lost-contact/event locations. Trips that our auto-detection set aside as "not an e-bike ride" (a car trip, a walk) lose their location on the same 21-day clock.
  • Kept so you can see progress (this isn't location): your child's ride summaries — distance, flags, how their riding changes over time — and your account details. These carry no GPS trail.
  • You can delete everything at any time. Removing a rider, or deleting your account (Settings → Delete account), permanently erases that child's rides, routes, flags, alerts, and any paired-phone link — right away, not "eventually."
  • Withdrawing consent deletes the data. If you revoke consent for a rider, we stop collecting and delete what we've collected for that child.
  • Security codes expire on their own. Consent, pairing, password-reset, and email-verification codes are single-use and expire quickly (minutes to a day). Sign-in tokens expire after 90 days.
  • We keep one thing on purpose: the consent record. When you remove a rider, we keep a dated record that consent was given and withdrawn — as proof we had your permission. It contains no ride or location data, and we retain it only as long as reasonably necessary to demonstrate compliance.
Whenever we delete location data, it's removed from our active systems on the automated daily schedule above. Our routine database backups are stripped of GPS entirely — they hold no location at all. The only copies that briefly include location are the full-server snapshots we keep for disaster recovery, which roll over on a 7-day cycle — so no copy of your child's location, anywhere, survives beyond 21 days. We never sell your child's data, use it for advertising, or share it with data brokers.
Your control & your rights
You can review your child's rides any time in the app. You can delete your account and all associated data from Settings → Delete account — this permanently removes your account, your children's profiles, and their ride data, and unlinks any paired child phones. You can also email us at support@rygiene.app to ask questions, review data, or request deletion.
How it's protected & where it lives
Data is sent over encrypted (HTTPS) connections and stored on U.S.-based cloud infrastructure. Passwords are stored only as secure hashes, never in plain text. Our off-site backups are encrypted before they leave our servers — with a key our storage provider never receives — so even if a backup copy is stored outside the U.S., only we can ever read it.
Contact us
Questions about privacy, your data, or this summary? A real person will get back to you, usually within 2 business days.
  • Operator: Rygiene LLC
  • Mail: 13475 Atlantic Blvd, Unit 8 Suite M667, Jacksonville, FL 32225
  • Phone: 904-372-8845
  • Email: support@rygiene.app