Legal

Privacy Policy

How Sweel collects, uses and protects your personal data — GDPR compliance

FR NL EN DE

Last updated: June 2026

1. Data Controller

Sweel SRL
Chaussée de Vleurgat 15, 1050 Ixelles, Brussels, Belgium
BCE: BE 0696.843.347
Email: privacy@sweel.com

2. Data Collected

In connection with providing the service, Sweel collects the following categories of data:

Account data: name, email address, language and preferences.
Geolocation and movement data: GPS position, speed, duration and distance during automatic recording of cycling trips.
Third-party service data: if you voluntarily connect them, Apple Health, Google Health Connect, Strava or Garmin may transmit supplementary activity data.
Generated reports: PDF, XLS and CSV files produced from your trip data.
Analytics data: aggregated navigation data collected via Firebase Analytics and Google Analytics (pages viewed, session duration, device type).

3. Purposes and Legal Bases

Purpose	Legal basis (GDPR)
Service provision and account management	Art. 6.1.b — performance of a contract
Automatic trip recording (geolocation)	Art. 6.1.a — consent
Audience measurement and service improvement	Art. 6.1.a/f — consent / legitimate interest
Security and fraud prevention	Art. 6.1.f — legitimate interest
Compliance with legal obligations	Art. 6.1.c — legal obligation

4. Recipients of Data

Your data may be shared with the following technical service providers, solely to the extent necessary for service provision:

Hosting and cloud infrastructure providers (OVHcloud, Google Firebase)
Audience analytics tools (Google Analytics)

Sweel SRL does not sell or rent your personal data to third parties for commercial purposes.

5. Transfers Outside the EU

Certain service providers (in particular Google/Firebase) may process data outside the European Economic Area. Such transfers are governed by standard contractual clauses approved by the European Commission, in accordance with Article 46 of the GDPR.

6. Data Retention

Account and trip data: retained for the duration of account activity. Following 12 consecutive months of inactivity, data is deleted after prior notice.
Analytics data: retained for between 13 and 25 months, depending on Google Analytics settings.
Accounting and tax data: retained for 7 years in accordance with Belgian legal obligations.

7. Your GDPR Rights

Under the GDPR, you have the following rights:

Access: obtain a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Erasure ("right to be forgotten"): request deletion of your data.
Restriction: restrict the processing of your data.
Objection: object to certain processing based on legitimate interest.
Portability: receive your data in a structured, machine-readable format.
Withdrawal of consent: withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact privacy@sweel.com. You may also lodge a complaint with the Belgian Data Protection Authority (APD/GBA): Rue de la Presse 35, 1000 Brussels — www.dataprotectionauthority.be.

8. Security

Sweel SRL implements appropriate technical and organisational measures to protect your data against unauthorised access, loss or disclosure. These include encryption of data in transit and at rest, strict access controls, and regular backups.

9. Amendments

Any material change to this policy will be published on this page and notified to you by email or via the application. We encourage you to review this page regularly.

10. Contact

For any questions regarding the protection of your data: privacy@sweel.com