Enduro BookSouth Africa
Home

Privacy Policy

Last Updated: November 26, 2025

1. Introduction

Welcome to Enduro Book. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, mobile application, and services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information

When you create an account, we collect:

  • For Riders and Spectators:
    • First name and last name
    • Email address
    • Password (encrypted and securely stored)
    • Optional: Phone number, ID number, gender, date of birth
    • Optional: Location information (country code, province code)
  • For Event Organisers:
    • Club name
    • Email address
    • Password (encrypted and securely stored)
    • Optional: Phone number, ID number, date established, location

OAuth Authentication Information

If you register or sign in using a third-party authentication provider (such as Google), we collect:

  • Your name (as provided by the OAuth provider)
  • Your email address (as verified by the OAuth provider)
  • Your profile picture URL (if available)
  • Provider user ID (to link your account)
  • OAuth tokens for authentication purposes

Note: When you use OAuth authentication, your email is automatically verified by the OAuth provider. We may link OAuth accounts to existing accounts with the same email address to provide a seamless authentication experience.

Profile Information

You may choose to provide additional profile information, including:

  • Profile photo or avatar
  • Bio or description
  • Riding experience and skill level (for riders)
  • Equipment information
  • Social media links
  • Emergency contact information

Event-Related Information

When you register for, organize, or participate in events, we collect:

  • Event registration details
  • Race results and performance data
  • GPS tracking data during events (with your consent)
  • Photos, videos, and comments you post about events
  • Payment information (processed securely through third-party payment providers)

2.2 Information Collected Automatically

Usage Data

When you use the Service, we automatically collect:

  • Device information (device type, operating system, browser type)
  • IP address and approximate location
  • Pages viewed and features used
  • Time and date of access
  • Referring website or application
  • Clicks, scrolls, and interactions with the Service

Location Data

With your explicit consent, we may collect precise location data through:

  • GPS trackers during events
  • Mobile device location services
  • IP address geolocation

You can disable location tracking at any time through your device settings or account preferences, though this may limit certain features of the Service.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze usage patterns and improve the Service
  • Provide personalized content and recommendations

Types of cookies we use:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Help us understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings, but disabling certain cookies may affect Service functionality.

2.3 Information from Third Parties

We may receive information about you from:

  • OAuth providers (Google, and potentially Facebook, Apple, etc.)
  • Event organizers who add you to participant lists
  • Other users who tag you in photos or mention you in comments
  • Payment processors for transaction verification
  • Analytics and service providers

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

  • Provide the Service: Create and manage your account, enable authentication, process registrations
  • Facilitate Events: Connect riders, spectators, and event organizers; enable event registration and participation
  • GPS Tracking: Provide real-time location tracking during events for safety and spectator engagement
  • Results and Analytics: Track and display race results, generate leaderboards, and provide performance analytics
  • Communications: Send you account notifications, event updates, and important Service announcements
  • Safety: Facilitate emergency response and rider safety monitoring during events

3.2 Service Improvement

We use aggregated and anonymized data to:

  • Analyze usage patterns and improve Service functionality
  • Develop new features and enhance user experience
  • Identify and fix technical issues
  • Conduct research and data analysis

3.3 Marketing and Promotions (with your consent)

With your permission, we may:

  • Send you promotional emails about new events, features, or offers
  • Display personalized content and recommendations
  • Inform you about relevant mountain biking events and opportunities

You can opt out of marketing communications at any time through your account settings or by clicking "unsubscribe" in our emails.

3.4 Legal Compliance

We may use your information to:

  • Comply with legal obligations and regulations
  • Respond to lawful requests from public authorities
  • Protect our rights, property, and safety
  • Enforce our Terms of Service
  • Prevent fraud, abuse, or illegal activities

4. How We Share Your Information

4.1 Public Information

The following information may be publicly visible on the Service:

  • Your name and profile photo
  • Event registrations and results
  • Publicly posted comments, photos, and content
  • Leaderboard positions and race statistics
  • Location data during events (if GPS tracking is enabled)

You can control the visibility of some information through your privacy settings.

4.2 With Event Organizers

When you register for an event, we share relevant information with the event organizer, including:

  • Your name and contact information
  • Registration details and preferences
  • Emergency contact information (if provided)
  • Skill level or category information
  • GPS tracking data during the event

4.3 With Spectators

Spectators following you or an event may see:

  • Your real-time location during events (if GPS tracking is enabled)
  • Your race results and performance data
  • Public comments and photos

4.4 Service Providers and Partners

We share information with trusted third-party service providers who help us operate the Service:

  • Authentication Providers: Google OAuth (and potentially Facebook, Apple, etc.)
  • Cloud Hosting: Database and file storage providers
  • Payment Processors: Secure payment and transaction processing
  • Email Services: Transactional and marketing email delivery
  • Analytics Services: Usage analytics and performance monitoring
  • GPS and Mapping: Location services and map display

These service providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service of any change in ownership or use of your personal information.

4.6 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, search warrants)
  • Requests from law enforcement or regulatory authorities
  • Situations involving potential threats to public safety
  • Protection of our legal rights or investigation of policy violations

4.7 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain accurate event records and results

Specific retention periods:

  • Account Data: Retained while your account is active, plus a reasonable period after deletion for legal compliance
  • Event Results: Retained indefinitely for historical record-keeping
  • GPS Tracking Data: Retained for the duration of the event and a reasonable period thereafter
  • Payment Information: Retained as required by financial regulations (typically 7 years)
  • Analytics Data: Aggregated data may be retained indefinitely

You can request deletion of your data at any time by contacting us or deleting your account through account settings.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
  • Password Security: Passwords hashed using industry-standard scrypt algorithm with salt
  • OAuth Tokens: Secure JWT-based authentication with RSA-256 signing
  • Access Controls: Role-based access restrictions and principle of least privilege
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Infrastructure: Database and server security hardening
  • Monitoring: Logging and monitoring for suspicious activities

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Request a copy of your data in a portable format
  • Obtain information about how we process your data

7.2 Correction and Updates

You can update or correct your personal information at any time through:

  • Your account settings
  • Contacting us directly

7.3 Deletion ("Right to be Forgotten")

You can request deletion of your account and personal information. Note that:

  • Some information may be retained for legal or legitimate business purposes
  • Publicly posted content may remain visible
  • Event results may be retained for historical records
  • Aggregated, anonymized data may continue to be used

7.4 Objection and Restriction

You have the right to:

  • Object to processing of your personal information for certain purposes
  • Request restriction of processing in certain circumstances
  • Opt out of marketing communications

7.5 Withdrawal of Consent

Where we rely on your consent to process personal information, you can withdraw consent at any time. This will not affect the lawfulness of processing before consent withdrawal.

7.6 Exercising Your Rights

To exercise any of these rights, please:

We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will delete such information from our systems.

Users between 13 and 18 should have parental or guardian consent before using the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with service providers
  • Adherence to applicable data protection frameworks

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of sale of personal information (we do not sell your information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@endurobook.com or call [phone number].

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis for Processing: We process your data based on consent, contract necessity, legal obligations, or legitimate interests
  • Data Protection Officer: Contact our DPO at dpo@endurobook.com
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority
  • Automated Decision-Making: We do not make solely automated decisions that significantly affect you

12. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services.

We encourage you to review the privacy policies of any third-party services you visit. We are not responsible for the privacy practices of third parties.

Third-party services we integrate with include:

  • Google OAuth for authentication
  • Payment processors for event registrations
  • Mapping and GPS services
  • Social media platforms
  • Analytics providers

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Summary of Key Points

Here's a quick summary of our privacy practices:

  • ✅ We collect information you provide, usage data, and location data (with consent)
  • ✅ We use your information to provide the Service, improve features, and ensure safety
  • ✅ We share information with event organizers, spectators, and service providers as needed
  • ✅ We protect your data with encryption and security best practices
  • ✅ You have rights to access, correct, delete, and control your information
  • ✅ We do not sell your personal information
  • ✅ We are committed to transparency and will notify you of changes
  • ✅ You can contact us anytime with privacy questions or concerns

Note: This Privacy Policy is provided as a starting point and should be reviewed and customized by legal counsel to ensure compliance with applicable privacy laws and regulations (GDPR, CCPA, etc.) in your jurisdiction. This document does not constitute legal advice.