App Privacy Policy
Version update date: [May 6, 2026]
Version effective date: [May 6, 2026]
HEPHA GmbH is committed to protecting and respecting your privacy. This document describes how your personal data will be processed when you use our App or use our services.
You can find below:
- Introduction
- Processing of Personal Data
- What data do we collect and how do we use your personal data
- Retention period
- Purpose limitation
- Security of Personal Data
- Sharing of Personal Data
- International Transfer
- Rights in relation to Personal Data
- Questions and inquiries
- How will we update this Privacy Policy
This Privacy Policy does not apply to our authorised retailers, or third parties to whom you directly provide your information including but not limited to, subscription services, insurance companies, or other third parties. These entities are independent of us and responsible for their own collection of information. Please refer directly to those entities and their privacy policies for more information.
1. Introduction
This Privacy Policy ("Policy") provides information on the personal data processing by HEPHA GmbH in the European region, a private company with limited liability established under applicable law, having its statutory seat in Lise-Meitner-Str. 7a, Maisach, 82216, Germany, as well as its subsidiaries and affiliate companies (hereinafter individually and collectively referred to as "HEPHA").
HEPHA can be reached via the following contact details:
- Mailing address: Lise-Meitner-Str. 7a, Maisach, 82216, Germany
- Telephone number: +49(0) 814 2284 4480
- Email address: service@hepha.com
Contact details of the Data Protection Officer:
PROLIANCE GmbH (www.proliance.ai)
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@proliance.ai
When contacting the Data Protection Officer, please specify the company (HEPHA GmbH) your inquiry relates to. Please refrain from including sensitive information such as a copy of your ID in your request.
This Policy applies for all personal data processed by HEPHA and/or on behalf of HEPHA, which identify or may identify a person ("Personal Data"). These persons involved are hereinafter collectively referred to as data subjects ("Data Subjects").
HEPHA reserves the right to review and/or alter the Policy periodically, in order to comply with (local and/or European) legislation, and for any other purpose deemed reasonably necessary by HEPHA.
For queries and inquiries about this Policy, please contact us at service@hepha.com.
2. Processing of Personal Data
This Policy sets out the elements necessary for HEPHA's compliance with applicable privacy legislation, principles and practice, including but not limited to applicable privacy laws ("Applicable Laws").
The Policy is an external policy and is directed towards Data Subjects whose Personal Data are being processed by HEPHA for the purpose for which information has been collected. This Policy applies to the processing of Personal Data, in which HEPHA acts as the data controller within the meaning of the Applicable Laws. This is the case when HEPHA determines the purpose for and the means for the processing of Personal Data of Data Subjects within the purposes of this policy.
For business purposes, Data Subjects may be asked to provide their Personal Data. If this is the case, HEPHA, its affiliates and partners shall be required to keep such information confidential.
| Data Processing Activities | Type of Data Processed | Legal Basis for Processing |
|---|---|---|
| Account Registration and Login |
|
|
| Account Management |
|
|
| Vehicle and Device Usage |
|
|
| User Operations |
|
|
| User Cycling Activities |
|
|
| Ergonomic Bike Setup |
|
|
| WatchMode (anti-theft and security feature) |
|
|
| Log Generation |
|
|
| App Permissions (Location Permission, Camera Permission) |
|
|
Note: Your password is protected by industry-standard encryption and is never stored or accessible in plain text by our systems or personnel.
3. What data do we collect and how do we use your personal data
Our App has various functionalities, which entail different types of personal data processing. When we provide our services, we have a need to process your personal data. The personal data processing activities and types of data processed are listed above in Section 2.
4. Retention period
HEPHA will use and store Personal Data within the period that is necessary to fulfil the above-mentioned purposes and shall remove those Personal Data after relevant purposes no longer existing, or to comply with contractual obligations or as permitted or required by the Applicable Laws.
- Account, ride, and performance settings data: Permanent, unless deleted/deactivated by the user.
- WatchMode event data (anti-theft / insurance / fraud prevention), including activation and deactivation status, timestamps, and associated location data: Up to 6 months (only WatchMode activation and deactivation events are stored).
- Other location data: 7 days.
- Technical logs and diagnostic data: During the warranty period.
Note: WatchMode does not continuously track location. Location data is only recorded at specific security-related events (e.g. activation or deactivation).
5. Purpose limitation
The Personal Data may only be processed to the extent necessary for the described purposes. Personal Data may in principle not be processed for other purposes other than that for which the Personal Data were collected. If there is a necessity or need to process Personal Data for other purposes, it shall be investigated by HEPHA whether the purposes of the intended data processing are compatible with the original purposes. HEPHA shall provide the Data Subject prior to that further processing with information on that other purpose.
6. Security of Personal Data
We strive to maintain the highest standards of security and HEPHA has put in place robust technical and organisational measures for the protection of your data in accordance with the current, general state of technology, especially to protect the data against loss, falsification or access by unauthorised third persons. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our App. In the unfortunate event that a personal data security incident occurs, we will report it promptly and take remedial measures in accordance with the requirements of the law and regulatory authorities.
7. Sharing Personal Data
We share the information identified above:
- Within the HEPHA Group, which includes parent companies, corporate affiliates, subsidiaries, business units and other companies that share common ownership.
- With HEPHA Dealers for sales, leasing, and customer service purposes, such as responding to quote requests, E-bike diagnosis, maintenance and repair, scheduling service appointments, and contacting you and providing the requested services.
- HEPHA and HEPHA Dealers are separate legal entities with their own privacy policy. Please be aware that each dealer operates as a separate legal entity and you should read the dealer’s privacy statement to ensure that you understand its privacy policy and procedures. Additionally, because the HEPHA dealer often is the first contact with you, the dealer can answer any questions you may have about its privacy policy. While HEPHA encourages its dealers to ensure full compliance with all applicable privacy legislation and has provided information to our dealers relating to privacy obligations, HEPHA is not responsible for dealers’ compliance with applicable law.
- With our suppliers and service providers, we may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or other third parties who provide services to us.
- When we use third party service providers, we only share with them the personal information that is necessary for them to provide their services and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
- With other entities for legal, security or safety purposes, we may share your information with third parties, law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Terms of Service and other agreements; and to protect our rights and the property or safety of our users or third parties. We also may disclose information about you and your E-bike when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of the App or anyone else that could be harmed by such activities.
- With other companies in connection with a corporate transaction, if we or some or all our assets are acquired by another company, including through a sale in connection with bankruptcy, we will share the information that we hold with that company.
When third parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary.
In all cases, HEPHA will expressly state why such information is necessary, so that Data Subjects may provide the information at their own discretion. HEPHA will not disclose Personal Data provided by Data Subjects to any party, other than HEPHA itself, without prior permission from the Data Subjects.
8. International Transfer
HEPHA may transfer Personal Data to a country outside your current region; our servers are specifically located in Germany. In such cases, we will take appropriate measures in compliance with the Applicable Laws, and where appropriate safeguards are in place that ensure the level of protection of Data Subjects as required by the Applicable Laws (e.g. transfers on the basis of Standard Contractual Clauses). If you wish to know details in connection with the transfer of your personal data and any country to which your personal data is transferred, please contact us using the contact information provided in Section 1.
9. Rights in relation to Personal Data
You generally have the right to ask us:
- For access to and a copy of your personal data that we hold.
- That some of your personal data is provided to you or sent to another data controller in a commonly used, machine readable format.
- To update or correct your personal data in order to make it accurate.
- To delete your personal data from our records in certain circumstances.
- To restrict the processing of your personal data in certain circumstances.
- To object to us processing your personal data in certain circumstances.
To exercise these rights, please contact us using the contact information provided in Section 1. To ensure the security of your data, we may require you to provide necessary information for identity verification. We will respond to your request within one month of receipt. If the request is complex or numerous, we may extend this period where necessary and will inform you in advance.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
We hope that we can satisfy any queries you may have about the way we process your data. If you have any concerns about how we process your data you can contact us as described below in the section “10 Questions and inquiries”.
In the event you still have unresolved concerns, you also have the right to lodge a complaint with a supervisory authority.
Finally, please note that where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.
10. Questions and inquiries
If you have any questions about the processing of your personal data, please read this Privacy Policy first. For additional questions, please feel free to contact us. Please note that we take your satisfaction very seriously. Should you have a complaint, please also direct it to the same email address and we will respond to you as soon as we can.
You can of course also lodge a complaint with the data protection authority of the country in which you live.
11. How will we update this Privacy Policy
We may update this Privacy Policy according to changes in our business functions and measures concerning the protection of personal information. If we make changes to this Privacy Policy, we will notify you through our App. Where changes to this Privacy Policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you have.