Skip to content

Legal

Privacy Policy

Last updated: April 2026

01 — The short version

Your data is yours

settd is a tool for mechanics and riders. Everything you log — geometry, suspension tunes, tyre pressures, notes — belongs to you. We never sell your setup data or share it with third parties. Full stop.

02 — Who we are

Controller

settd is operated by Ronan Wallis, based in Portes du Soleil, Canton du Valais, Switzerland. For any privacy-related questions, contact us at hello@settd.ch.

03 — What we collect

Data we hold on your behalf

When you use settd, we store the following data in your account:

  • Account info — email address and encrypted password
  • Bikes — name, brand, model, frame geometry, stock specs, and reference fields
  • Sessions and runs — dates, venues, suspension settings, tyre pressures, cockpit, drivetrain, brakes, and all other fields you fill in
  • Attachments — images, audio memos, and PDFs you upload to runs
  • Rider profiles — names, categories, disciplines, and contact info (Team plan only)

04 — Why we process it

Legal basis

We process your data on the following legal grounds under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR):

  • Contract — to provide the settd service you signed up for (account, bikes, sessions, exports)
  • Consent — when you create an account, you consent to your data being stored and processed for the service
  • Legitimate interest — to maintain security, prevent abuse, and improve the service

05 — Your setups stay private

Privacy by design

Bike geometry, component specs, suspension tunes, and all setup data you log are visible only to you (and your team riders, if you share them). No other user can see your data. No settd employee accesses setup data except to debug a technical problem you've specifically reported.

If you use the rider portal feature, only the specific rider you share the link with can access that view — and only the data you've made visible to them. Nothing else is exposed. Row-level security is enforced at the database level — meaning the infrastructure itself prevents cross-user access, even in the event of a software bug.

06 — Service providers

Who processes data on our behalf

We use a small number of trusted service providers to operate settd. All providers are GDPR-compliant and bound by data processing agreements (DPAs):

  • Cloud database and authentication provider (EU region, SOC 2 Type II certified)
  • Hosting and deployment provider (SOC 2 Type II certified, cookieless analytics)
  • Payment processor (PCI DSS Level 1 certified) — only sees what's necessary to handle your subscription
  • Email delivery provider — processes email addresses solely for transactional emails

We do not use data brokers or sell your data. The free tier displays ads via Google AdSense — Google may use cookies to serve relevant ads. Paid plans are completely ad-free. A current list of subprocessors is available on request.

07 — Where data is stored

Infrastructure and transfers

Your data is primarily stored in EU data centres. Some service providers may process data in the United States under EU-approved standard contractual clauses (SCCs) or equivalent safeguards recognised by Swiss law.

All data is encrypted in transit (TLS) and at rest. Access controls and security audits are in place across all providers.

08 — How long we keep it

Data retention

We keep your data for as long as your account is active. If you delete your account, all personal data is permanently removed from our systems within 30 days. We may retain anonymised, aggregated data (e.g. total session counts) for service improvement, but this cannot be linked back to you.

09 — Cookies

One cookie, for auth only

settd sets a single first-party cookie: your authentication session token. This is required to keep you logged in and expires when you sign out or after 7 days of inactivity. On the free tier, Google AdSense may set additional cookies to serve and measure ads — these are governed by Google's privacy policy. Paid plans have no third-party cookies. We do not use fingerprinting.

10 — Your rights

You're in control

Under the Swiss FADP and the EU GDPR, you have the following rights:

  • Access & portability — you can export your data at any time from Settings. You may also request a copy by emailing us.
  • Erasure — you can delete your account from Settings → Account. This permanently removes all your data within 30 days.
  • Correction — if you believe we hold inaccurate data about you, email us and we'll sort it.
  • Objection — you can object to processing based on legitimate interest. We will stop unless we have compelling grounds.
  • Complaint — you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch, or with your local EU supervisory authority.

11 — Data breaches

What happens if something goes wrong

In the unlikely event of a data breach that poses a high risk to your rights, we will notify the Swiss FDPIC without undue delay and inform affected users as required by law.

12 — Contact

Questions?

If you have any questions about how your data is handled, or want to exercise your rights, reach out:

hello@settd.ch