Privacy Policy
Cycling Planner · Last updated: March 2026 · Kappasys · info@kappasys.ch
- We never sell your data. Your tours, GPX files and personal information are never sold, rented or used for advertising.
- No tracking, no ads. We use no analytics tools, no advertising cookies, no Google Analytics.
- Data only for the service. Your GPX data and tours are used exclusively to provide you with the service — nothing else.
- Complete deletion. When you delete your account, all your data is permanently deleted.
- Swiss data protection. We comply with the Swiss DSG and EU GDPR.
Questions? info@kappasys.ch
1. Controller
Controller under the GDPR: Kappasys · info@kappasys.ch · cycle-planner.com
2. Data Collected and Processing Purposes
2.1 Registration and User Account
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Account identification, notifications, password reset | Art. 6(1)(b) GDPR |
| Username | Display name | Art. 6(1)(b) GDPR |
| Password (bcrypt hash) | Authentication | Art. 6(1)(b) GDPR |
| Registration date | Account management | Art. 6(1)(b) GDPR |
2.2 Tour Planning Data
GPX files, tours, stage plans and notes are processed solely for service delivery. This data is never shared, sold, rented, or used for advertising or profiling. Legal basis: Art. 6(1)(b) GDPR.
2.3 Payment Data (Pro)
Exclusively via Stripe (Stripe Payments Europe, Ltd., Dublin). No card data stored at Kappasys. stripe.com/privacy. Legal basis: Art. 6(1)(b) GDPR.
2.4 Technical Log Data
IP address (anonymised after 7 days), date/time, URL, HTTP status, browser type. Legal basis: Art. 6(1)(f) GDPR.
2.5 Session Cookie
Cookie access_token (encrypted JWT), expires after 24h inactivity. Legal basis: Art. 6(1)(b) GDPR.
3. Third-Party Services
| Service | Purpose | Data transmitted |
|---|---|---|
| BRouter | Route calculation | GPS coordinates |
| OpenStreetMap / Nominatim | Map, geocoding | GPS coordinates |
| Open-Meteo | Weather | GPS coordinates |
| Open-Elevation / SRTM | Elevation | GPS coordinates |
| Stripe | Payment | Payment data, email |
No further sharing, sale or commercial use of your data takes place — neither now nor in the future. Our business model is based on subscriptions, not data.
4. Retention Periods
- Account data: Until account deletion
- Tour data / GPX: Until deleted by user
- Payment data (Stripe): 10 years (statutory requirement)
- Log data: Max. 7 days, then anonymised
- Session cookie: 24h inactivity
5. Your Rights
Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20 — GPX export always available), objection (Art. 21 GDPR).
Contact: info@kappasys.ch · Right to lodge a complaint with a supervisory authority.
6. Data Security
HTTPS/TLS · Passwords bcrypt-hashed · No plaintext passwords · Regular security updates.
7. No Tracking
No Google Analytics, Matomo, advertising cookies, retargeting, social media tracking or automated profiling.
8. Minors
The service is not directed at children under 16.
9. Changes
Logged-in users will be notified by email of material changes.
Last updated: March 2026 · Kappasys · info@kappasys.ch