• Account data (optional): if you sign in, we process your email address to send a login link, plus technical session and authentication data needed to keep you signed in and make the login flow work securely.

• Personalized clothing advice (optional, signed-in users only): if you use personalized clothing advice, we process data needed to make this feature work, such as saved clothing advice, chosen ride time and duration, feedback on earlier clothing advice, and a limited profile that helps tune future clothing advice more closely to what works for you.

• Ride Commute (optional, signed-in users only): if you use Ride Commute, we process data needed to make this feature work, such as saved places, configured time slots, feedback on commute advice, and send- or alert-related records required to provide commute information at the right moment.

• Strava connection (optional): if you connect Strava, we process data required to keep the connection working, such as athleteId, access token, refresh token, scope, and token expiration.

• RideWithGPS connection (optional): if you connect RideWithGPS, we process data required to keep the connection working, such as access token, refresh token, token type, scope, and token expiration.

• Location data (coordinates): only to fetch and display weather data for your selected location or route.

• Route data (GPX or route points): if you upload a GPX, import a route, or share a route, we process the route to calculate weather along the route. For shared routes, the original GPX may be stored temporarily so the recipient can download it.

• Technical data: IP address, browser or device information, timestamps, and error or performance data may appear in technical logs from our infrastructure.

• Location name or display name

• Coordinates (lat/lon)

• Saved time

• Preference settings such as language, ride intensity, and some other functional preferences

• To deliver the service, such as linking weather forecasts to your location or route.

• To process routes for Ride Route, such as calculating route points and showing weather along the route.

• To show and import Strava routes, only if you connect Strava.

• To show and import RideWithGPS routes, only if you connect RideWithGPS.

• To enable Ride Commute, such as processing commute places, time slots, and related advice or feedback data.

• To make shared Ride Route links work, such as temporarily making routes available via shareId and enabling GPX download where applicable.

• To enable personalized clothing advice, such as linking feedback to previously used clothing advice and better tuning future clothing advice.

• To make the service easier to use, such as showing suggestions based on last used or recent locations and locally stored preferences.

• To keep accounts, sessions, and login links working securely.

• For security, stability, and troubleshooting.

• For aggregated insights to improve Tempelo.

• Performance of a contract: for the functionality you actively use or request.

• Legitimate interest: for security, technical operation, stability, troubleshooting, and improvement of Tempelo.

• Consent: where required, for example for GPS location via your browser prompt.

• Vercel: hosting infrastructure to make the app available.

• Supabase: database and infrastructure services for accounts, sessions, and app-related data.

• Resend: for sending login links, alerts, and other functional emails.

• Strava: if you connect Strava, Tempelo fetches routes via the Strava API.

• RideWithGPS: if you connect RideWithGPS, Tempelo fetches routes via the RideWithGPS API.

• Cloudflare Web Analytics: for aggregated usage statistics and performance insights.

• Open-Meteo: for retrieving weather information based on coordinates.

• TransIP: for domain registration and DNS.

• Account data: as long as you use an account or as long as needed for security and administration.

• Technical login and verification data: as long as needed to make the login flow and security work, according to the functional retention of the authentication solution used.

• Personalized clothing advice data: as long as your account is active or as long as this data is needed to keep the feature working, unless you remove it through the reset option or delete your account.

• Ride Commute data: as long as your account is active or as long as this data is needed to keep Ride Commute working, unless you remove it where that option is available or delete your account.

• Strava tokens and connection: as long as you keep the connection active; on disconnect we delete the connection and attempt to revoke the token at Strava.

• RideWithGPS tokens and connection: as long as you keep the connection active; on disconnect we delete the connection.

• Location coordinates: only as long as needed to fetch or display weather data for the session or request.

• Route data for shared routes: temporary, with a current retention of 14 days.

• Browser storage for last used or recent locations and preferences: remains local until you remove it through your browser settings.

• Technical logs: according to providers’ retention periods and as far as needed for security, operation, and troubleshooting.