Privacy Policy
Wearage is a bicycle component wear tracker that connects to your Strava account to help you track how far you've ridden every part on every bike. This policy explains what data we collect, why we collect it, and what rights you have.
We try to keep this short and honest. If anything is unclear, email us at the address at the bottom of this page.
Who we are
Wearage is an independent app distributed via Apple's App Store. The backend is hosted on Supabase.
What data we collect
When you sign in with Strava, we collect the following from your Strava profile:
- Strava athlete ID — used as your unique account identifier
- First and last name — displayed inside the app
- Profile picture URL — displayed inside the app
- Bikes ("gear") — bike name, brand, model, and total distance as registered on Strava
- Activity data — for each ride: the date, the distance, and the bike used. We do not store route data, GPS traces, heart rate, power, or any other ride metric beyond distance and bike association.
When you use the app, we also store:
- Components you add — type (e.g. chain, cassette), install date, service dates, total wear distance, and any notes you enter
- Sync logs — timestamps of when the app fetched data from Strava. These are automatically deleted after one year.
- User preferences — your chosen unit system (km/mi) and notification thresholds, stored locally on your device only and never sent to our servers
We do not collect:
- Your location
- Contacts, photos, or files
- Advertising identifiers or device fingerprints
- Analytics, crash reports, or behavioral tracking data
- Payment information (the app is free)
How we use your data
Your data is used solely to operate the app:
- To compute how far each component on each bike has been ridden
- To determine when parts need maintenance or replacement
- To display your bikes, components, and ride history inside the app
- To authenticate you between app launches
We do not use your data for advertising, profiling, analytics, or training AI models. There is no analytics SDK and no crash reporting service integrated into the app.
Where your data is stored
- Strava data stays on Strava's servers. We fetch it on demand via their API. Your Strava OAuth tokens are stored encrypted in the iOS Keychain on your device using industry-standard secure storage.
- Your Wearage account, bikes, components, and sync history are stored in our Supabase database. All data is protected by row-level security — only you can access your own records. All communication is over HTTPS.
Third-party services
Wearage uses the following third-party services, each with their own privacy policy:
- Strava — authentication and ride data: strava.com/legal/privacy
- Supabase — backend database: supabase.com/privacy
- Apple — app distribution: apple.com/legal/privacy
We do not share your data with any other third parties. We do not sell your data, ever.
Your rights
You have the right to:
- Access the data we store about you
- Correct any inaccurate data
- Delete your account and all associated data
- Withdraw consent by revoking Wearage's Strava access
To delete your account, email us at the address below. All your data — profile, bikes, components, and sync history — will be permanently deleted within 30 days. You can also revoke Wearage's access to your Strava account at any time at strava.com/settings/apps.
If you reside in the European Union, you have additional rights under the GDPR, including the right to lodge a complaint with your national supervisory authority.
Children
Wearage is not directed at children under 13 and we do not knowingly collect data from minors. If you believe a child has used the app, contact us and we will delete the data promptly.
Data retention
- Account and component data are kept for as long as your account is active.
- Sync logs are automatically deleted after one year.
- On account deletion, all data is permanently removed within 30 days.
Security
We protect your data using:
- HTTPS / TLS for all network communication
- iOS Keychain (FlutterSecureStorage) for OAuth token storage on-device
- Supabase row-level security to ensure users can only access their own data
- HMAC-SHA256 for deriving authentication credentials
Changes to this policy
If we make changes, we will update the "Last updated" date at the top of this page. Material changes will be communicated inside the app before they take effect.
Contact
Questions, data access requests, or account deletion: