Privacy Policy

Information you provide directly: When you register an account, we collect your name, email address, date of birth, and a password. For users under 13, we collect a parent or guardian's email address in order to obtain verifiable parental consent as required by COPPA.

Course and exam data: We record your progress through course modules, time spent on each slide, quiz and exam answers, scores, and completion status. This data is necessary to issue a valid certification.

Automatically collected data: We collect standard server logs including IP addresses (stored in anonymized, HMAC-hashed form), browser type, operating system, and pages visited. We use this data for security, fraud prevention, and aggregate analytics only.

Cookies and local storage: We use session cookies for authentication and minimal local storage for course-state persistence. We do not use advertising or third-party tracking cookies.

We use the information we collect to:

• Create and manage your account
• Deliver the Ebike safety course and track your progress
• Issue and verify digital certifications
• Generate and validate QR-coded certificates
• Send transactional emails (account confirmation, certification completion)
• Detect and prevent fraud, cheating, and abuse
• Comply with legal obligations, including COPPA for users under 13
• Improve the Service through aggregate, anonymized analytics

We do not sell your personal information. We do not use your data for advertising or behavioral profiling.

We may share your information in the following limited circumstances:

• Service providers: We use Supabase (database hosting), Mux (video delivery), Resend (transactional email), and Upstash (rate limiting). These providers process data only on our behalf and under data processing agreements.
• Certification verification: Your name and certification status are publicly accessible via the QR code scan endpoint. This is the core function of the Service and is necessary for law enforcement verification.
• Partner bike shops: When you share your QR code for verification, your name and certification status are visible to the verifier.
• Legal compliance: We may disclose information if required by law, court order, or to protect the safety of users.

California residents (CCPA): You have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of sale (we do not sell data). To exercise these rights, contact us at the address below.

Parents of children under 13 (COPPA): You have the right to review the personal information we have collected from your child, to request its deletion, and to refuse further collection. See our Children's Privacy Notice for full details.

Account deletion: You may request deletion of your account and associated data at any time by contacting us. Certification records may be retained as required by law or legitimate business purposes.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: