Velomodo Privacy Policy

1. Who we are and how to contact us

Sportworks Global LLC is the data controller for your Velomodo account and use of the Pods. That means we decide what personal information is collected and how it is used.

You can reach our privacy team at:

support@velomodo.app

Sportworks Global LLC
Attn: Velomodo Privacy
13800 Fryelands Blvd SE
Monroe, WA 98272

2. About SEPTA

Velomodo Pods may be installed at SEPTA stations. SEPTA hosts the Pods but is not a party to your Velomodo account, does not control your personal information, and is not a joint controller with us. Your privacy relationship is with Sportworks only. SEPTA may receive information from us in specific circumstances we describe below — for example, in connection with a security or safety incident at a station — but SEPTA does not have routine access to your personal data.

3. What we collect and why

Here’s the full picture of what we collect, grouped by category. We collect this information directly from you, from your use of the app and the Pods, and (in a few cases) from third-party service providers we work with.

We don’t knowingly collect information from anyone under 18. If you believe a minor has created a Velomodo account, please tell us and we’ll close it and delete the information.

We don’t collect special categories of personal data (racial or ethnic origin, religious beliefs, health information, biometric identifiers, sexual orientation, immigration status, or precise geolocation in the regulated sense) on purpose. We also don’t run face recognition, gait recognition, or any other biometric identification on the camera footage.

4. The camera inside the Pod

Because the camera is the most unusual part of how Velomodo works, it gets its own section.

4.1 What it records

Every Pod has a single internal video camera. It records video only — no audio. The camera is positioned to capture the interior of the Pod, not the area outside. A visible notice is posted on both the outside and inside of the Pod telling you the camera is there.

4.2 When it records

The camera records continuously while the Pod is in service. Recording is not limited to active reservations — the camera records during empty intervals as well, primarily for security and tamper detection.

4.3 Who can see it

Live and recorded footage is accessible to:

• You, during your own active reservation, through the Velomodo app. You see your Pod, your stuff, your session. When your reservation ends, your access ends.
• Sportworks operators acting under our authority, for legitimate operational purposes: incident investigation, maintenance verification, override authorisation, fraud prevention, or safety response. We keep an internal audit log of every time one of our operators views live or recorded footage.
• Designated agents — contractors who act on our instructions, under written confidentiality and data protection obligations, for the same operational purposes. As of the SEPTA pilot, we don’t use any such agents; if we add one we’ll update this policy.
• Law enforcement, where we receive a valid legal request (warrant, subpoena, court order) or where we believe in good faith that disclosure is necessary to prevent imminent harm or serious crime.
• SEPTA or another station owner, in connection with a security or safety incident at the station, and only at our reasonable discretion. SEPTA does not have routine, on-demand access to footage.

4.4 How long we keep it

Routine footage is retained on a 30-day rolling basis and then automatically deleted. If footage is flagged in connection with an incident (an injury, theft, vandalism, malfunction, or law enforcement matter), we may keep it for as long as reasonably necessary to investigate, defend a claim, or comply with law — typically up to 3 years, longer only if a specific legal hold applies.

4.5 What we don’t do

We don’t:

• run face recognition or any other biometric identification on the footage;
• use the footage to build behavioural profiles of you;
• sell or share the footage with advertisers, data brokers, or for marketing;
• share footage with other Riders;
• record audio.

5. How we use your information

We use the information described in Section 3 to:

• create and operate your Velomodo account;
• let you find, reserve, unlock, and use a Pod;
• keep the Pods and the app secure, prevent fraud and abuse, and investigate incidents;
• provide customer support and respond to your questions;
• understand how Velomodo is used so we can improve it (we use aggregated and de-identified data where we can);
• send you transactional messages about your reservation, account, or service changes;
• comply with legal obligations and respond to lawful requests; and
• operate a future paid version of the service, if and when we launch one.

We don’t use your information for targeted advertising, and we don’t profile you in a way that produces legal or similarly significant effects.

6. Why we’re allowed to do this (legal bases)

Different parts of the data we handle rely on different legal bases for processing. In plain language:

• Contract: we process your account, reservation, and payment data because we need to in order to provide Velomodo to you under our Rider Terms.
• Legitimate interests: we operate the camera, run fraud and abuse prevention, and analyse aggregated usage data based on our legitimate interests in running a secure service. We balance this against your privacy interests, and you can object in specific circumstances.
• Legal obligation: we keep certain records because the law requires us to, and we respond to valid legal requests.
• Consent: where we ask for your consent (for example, marketing emails, if we ever send any), you can withdraw it at any time.

7. Who we share your information with

We share your information with:

• Service providers who help us run Velomodo — for example, our cloud hosting provider (Cloudflare), our payment processor (when paid features launch), our communications providers (for emails and SMS), and our analytics provider. They handle data only on our instructions and under written contracts.
• Law enforcement and regulators, where required by law or where we believe in good faith disclosure is necessary to prevent imminent harm.
• SEPTA or another station owner, only in the specific circumstances described in Sections 2 and 4.3 — and only Aggregated Utilisation Data for routine reporting, never your personal information.
• Our advisers (lawyers, auditors, insurers) under obligations of confidentiality.
• A buyer or successor, if we sell the Velomodo business or merge with another company. We’ll tell you before this happens, and your data would be protected on the same terms.

8. Where your information is stored

Velomodo operates from the United States and your information is stored on infrastructure located in the United States. If you use Velomodo while travelling from another country, your information may be transferred to and processed in the US. We rely on standard contractual safeguards with our service providers for any cross-border data flow.

9. How we protect your information

We use industry-standard measures to protect your information: encrypted connections to the app and our systems, encryption of stored sensitive data, access controls, audit logging, and regular security review. The camera footage is stored on our secured cloud infrastructure, with operator access limited to authorised personnel and logged.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we’ll notify you in accordance with applicable law.

10. Your rights

You have rights over your personal information. The specifics depend on where you live, but as a matter of policy we extend the following rights to all Velomodo riders, regardless of jurisdiction:

• Access — you can ask for a copy of the personal information we hold about you.
• Correction — you can ask us to correct information that’s wrong or out of date.
• Deletion — you can ask us to delete your account and personal information. There are some narrow exceptions — for example, where we need to keep records for legal or fraud-prevention reasons, or where camera footage has been flagged in connection with an incident under a legal hold.
• Portability — you can ask us to give you your personal information in a portable format you can take elsewhere.
• Objection and restriction — in certain situations you can object to or ask us to restrict our processing of your information.
• Opt-out of profiling and automated decision-making — we don’t run automated decisions that produce legal or similar significant effects on you. If that changes, you’ll have the right to opt out.
• Non-discrimination — we won’t treat you differently for exercising your rights.
• Authorised agent — you can ask someone else to exercise these rights on your behalf, with appropriate verification.

To exercise any of these rights, contact us at the email address in Section 1, or use the privacy options in the Velomodo app. We’ll verify who you are (we don’t want to give your data to someone pretending to be you) and respond within the time the law requires — usually 30 to 45 days.

If you live in California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, or another state with a comprehensive privacy law that grants you additional rights, those laws apply on top of this policy. Specifically: California residents have additional rights under the CCPA/CPRA, including the right to know specific pieces of personal information we’ve collected in the past 12 months, the right to limit our use of sensitive personal information, and the right to non-discrimination. We honour the Global Privacy Control browser signal as a request to opt out of any sale or sharing, even though we don’t currently sell or share personal information.

If you live outside the US and your local law gives you privacy rights, we’ll honour those too.

11. Cookies, app analytics, and similar technologies

Velomodo is primarily a mobile app, so traditional web cookies are less of a feature here than on a website. Within the app we use:

• Local storage on your device for things like keeping you logged in and remembering your preferences.
• Analytics tools (for example, Cloudflare) to understand how the app is used and to fix problems. We configure these to minimise data collection, including IP truncation where supported.
• Crash and performance reporting to identify and fix bugs.

We don’t use third-party advertising trackers or cross-site tracking pixels. The Velomodo website (velomodo.com), where present, uses minimal cookies and a cookie banner where required by local law.

12. Children

Velomodo is for adults. You must be at least 18 years old to use the service. We don’t knowingly collect personal information from anyone under 18. If you’re a parent or guardian and you believe a minor has created an account, please contact us and we’ll close the account and delete the data.

13. Changes to this policy

We may update this policy from time to time. If we make material changes — for example, new categories of data, new ways we use it, or new third-party sharing — we’ll tell you in advance through the app or by email, and we’ll give you a meaningful chance to review the change. Smaller changes (clarifications, fixes, fresh examples) we may make without notice. We’ll always update the “Effective” date at the top so you can see when the latest version came into force, and we’ll keep prior versions available on request.

14. Complaints

If you’re not satisfied with how we’ve handled your personal information, please tell us first — we’d rather know and put it right. If you’re not satisfied with our response, you can lodge a complaint with the regulator in your jurisdiction:

• California: the California Privacy Protection Agency (cppa.ca.gov) or the California Attorney General.
• Other US states with privacy laws: the State Attorney General’s office.
• Pennsylvania: the Pennsylvania Office of Attorney General.
• Other jurisdictions: your local data protection authority.