Effective April 1, 2026 · Velox LLC, Herndon, Virginia
GearSense ("we", "us", "our") is a cycling performance app built by Velox LLC. This Privacy Policy explains what data we collect, how we store it, and your rights as a user. We are committed to keeping your data yours.
Short version: We collect sensor data from your ride to give you coaching and analysis. We never sell your data. We never show you ads. Everything stays on your device unless you choose to sync or upload it.
1. Data We Collect
GearSense collects the following data while the app is in use:
GPS & Location — Route coordinates, elevation, speed. Used to map your ride, calculate distance, and detect terrain.
Heart Rate — Beats per minute from Bluetooth heart rate sensors. Used for coaching zones and post-ride analysis.
Power — Watts from a paired power meter or estimated from speed and weight. Used for training load, Normalized Power, and Director Sportif coaching.
Cadence & Speed — From BLE sensors. Used for gear-shift recommendations and efficiency coaching.
Device Motion — Accelerometer and gyroscope data when riding with a Raspberry Pi edge node. Used for terrain prediction and crash detection.
Rider & Bike Weight — Entered manually in Settings. Used for power estimation only.
We do not collect your name, email address, phone number, contacts, photos, microphone audio, or any data unrelated to cycling performance.
2. How Your Data Is Stored
On your device (default) — All ride files (GPX, FIT) and telemetry are stored locally in the app's sandboxed container. You can delete any ride at any time from the app.
Hangar sync (optional) — If your shop or club runs a GearSense Hangar server, you can choose to sync rides to that private server. You control this setting and can revoke access at any time.
Cloud backup (optional) — If you enable cloud backup, ride data is encrypted in transit and stored on a DigitalOcean server located in the Richmond, Virginia data center (USA). Data is encrypted at rest.
3. Third-Party Integrations
GearSense can connect to third-party platforms you already use. These connections are strictly opt-in.
Strava — We use OAuth 2.0 to request permission to upload rides on your behalf. We store only an access token and refresh token on your device. We never see your Strava password. You can disconnect Strava at any time in Settings › Integrations.
RideWithGPS — Same OAuth approach as Strava. Optional. Used for route upload only if you choose to connect.
We do not share your ride data with Strava or RideWithGPS unless you explicitly tap "Upload." We do not read your existing activities from these platforms.
4. Data We Do Not Collect or Share
We do not sell your personal data to anyone, ever.
We do not use your data for advertising or share it with ad networks.
We do not use analytics SDKs that track behavior across apps.
We do not share data with data brokers or aggregators.
We do not build a profile of you beyond what's needed to run the app.
5. Permissions Requested
Location (When In Use) — Required for GPS tracking during rides.
Bluetooth — Required to connect to power meters, heart rate monitors, and speed/cadence sensors.
Local Network — Required to communicate with a Raspberry Pi edge node on the same WiFi network.
Motion & Fitness — Optional. Used to supplement GPS with accelerometer data when Pi mode is active.
6. Data Retention and Deletion
Ride data on your device is retained until you delete it. There is no automatic expiry.
If you connected cloud backup, you may request deletion of your cloud data by emailing us at gearsense.velox@gmail.com. We will delete your data within 30 days.
Uninstalling the app deletes all locally stored ride data from your device.
7. Children's Privacy
GearSense is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with data, please contact us and we will delete it promptly.
8. Security
All data in transit between the app and our servers (or Strava/RideWithGPS) is encrypted using TLS 1.2 or higher. Ride data stored in the cloud is encrypted at rest using AES-256. OAuth tokens are stored in the iOS Keychain, not in plain UserDefaults.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top of this page. We will notify users of material changes through an in-app notice. Continued use of GearSense after changes take effect constitutes acceptance of the updated policy.
10. Your Rights
Depending on where you live, you may have rights including access to your data, correction, deletion, or portability. To exercise any of these rights, contact us using the information below. We will respond within 30 days.