1. Controller and contact
The controller for data deliberately sent through OpenBikeFit is Mateusz Konieczny — Balance IT, ul. Święty Marcin 29 lok. 8, 61-806 Poznań, Poland, NIP 7812090221, REGON 541862820. Contact: [email protected].
2. Fit data and camera processing
The calculator inputs, intake, safety answers, mobility checks, pose landmarks, analyses, multi-recording agreement checks, typed adjustment journal and ride check-ins are processed on your device and stored in browser IndexedDB, localStorage or temporary sessionStorage. Balance IT does not receive this data and cannot recover it for you.
Camera frames are analysed in your browser. OpenBikeFit stores derived pose landmarks by default, not raw video. You can export or delete all local fit data at any time in Settings & privacy or clear this site's data in your browser.
When you start the camera tool, your browser downloads the MediaPipe runtime from jsDelivr and the pose model from Google-hosted storage. Those hosts receive ordinary request metadata such as IP address and user agent under their own privacy terms; your camera frames and fit results are not sent with those requests.
3. Optional feedback
If you press Help and then Send, we receive the feedback category, message, optional email address, current page path and submission time. Do not include health records, diagnoses or other sensitive personal data. Feedback is used to answer you and improve or secure the service.
The legal basis is taking steps at your request or providing the requested service (GDPR Article 6(1)(b)) and our legitimate interest in fixing defects and improving OpenBikeFit (Article 6(1)(f)). The email is optional; without it we cannot reply. Feedback records automatically expire after 180 days, unless a shorter period is sufficient or longer retention is required to establish, exercise or defend a legal claim.
4. Hosting and recipients
Cloudflare hosts the static site and the optional feedback endpoint/KV store. Like any web host, Cloudflare may process IP address, request time, requested resource, user agent and security signals to deliver and protect the service. We do not create a separate analytics log. Provider-level request/security data is kept only as long as needed to deliver requests, investigate abuse or incidents, and meet legal duties, then deleted or anonymised. The legal basis is our legitimate interest in availability, abuse prevention and security (Article 6(1)(f)).
We do not use advertising pixels, behavioural analytics or sell personal data. Service providers may process data outside the EEA using an adequacy decision or appropriate safeguards where applicable. We may also disclose data where Polish or EU law requires it.
5. Your GDPR rights
Where we hold your personal data, you may request access, rectification, erasure, restriction, portability where applicable, or object to processing based on legitimate interests. Email[email protected]. We may need to verify your identity.
You may lodge a complaint with the President of the Polish Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl. OpenBikeFit does not make decisions with legal or similarly significant effects and does not profile users for advertising.
6. Security and changes
We use HTTPS, restrictive browser permissions and data minimisation. No internet service can promise absolute security. Material policy changes will be identified here with a new effective date; the current version remains available at this URL.