The Club — Privacy Policy

Last updated: 2026-05-27 Version: v1.2 Status: Pending lawyer review before public publication. Companion document: Spanish (Mexico) version available at the same URL with ?lang=es.

Publication note: This document must be served from a public URL (https://privacy.theclubcars.com). Google Play and Apple App Store reject submissions when the URL is not reachable.

1 · Who we are

The Club ("the app", "we", "us") is a mobile application for car enthusiasts that lets you record drives, organize group rides ("Rodadas"), follow shared routes, and connect with your club. The service is operated from Mexico by Alejandro Garnica Izzo, individual sole proprietor ("the company").

Contact:

• General inquiries: hello@theclubcars.com
• Privacy and data protection: privacy@theclubcars.com
• Account and security: admin@theclubcars.com
• Website: https://theclubcars.com

If you read this document in any language other than English or Spanish, the Spanish version prevails for users registered in Mexico, and the English version prevails for users registered elsewhere.

2 · What data we collect

2.1 Data you provide directly

• Account: email address, username, optional profile photo, preferred language, unit preference (km/h or mph), time format (24h or 12h).
• Vehicle(s): make, model, year, horsepower, color, optional notes. You may register up to five (5) vehicles per account on any plan; the Free plan caps usage to one (1) active vehicle (see §10).
• Club: name, description, city, and membership relationships. Club codes you share with friends to invite them.
• Content: routes you publish, events you create, photos you upload to your profile, and text messages you post inside your club or during a Rodada.
• Consents: records of explicit consents you give (e.g., Sport Mode activation checkboxes), with timestamp, device fingerprint, and approximate IP address, kept for our legal defense.

2.2 Data the app collects automatically

• GPS location during contexts you initiate:

  • An active drive (auto-detected when you sustain ≥ 15 km/h for one minute, or when you tap the manual Start button).
  • A Rodada you start or join.
  • A Route you choose to follow.

  Outside these contexts, we do not track your location. The foreground service icon (Android) is visible at all times while tracking is active.

• Phone sensors: accelerometer and gyroscope, used to compute your Driving Score (smoothness, cornering, braking, speed compliance). Sensors stream at 4 Hz only while a drive is being recorded and the app is in the foreground.

• Device data: device model, operating system version, app version, language, locale, and a push notification token (FCM on Android, APNs on iOS).

• Tracking integrity diagnostics: when a drive is recorded, we store two technical flags — hasTrackingGap (whether the operating system suspended GPS during the drive) and trackingGapSeconds (the longest interruption in seconds). These are used to mark incomplete drives and to hide low-quality drives from the social feed.

• Crash and performance logs: aggregated error reports that do not include exact coordinates of your drives. We use these only to fix bugs.

2.3 Data we do NOT collect

• We do not read your phone contacts.
• We do not access the camera or microphone for any feature in version 1. The microphone permission is not requested or declared in the app manifest.
• We do not use advertising identifiers (IDFA on iOS, GAID on Android).
• We do not track you across other apps or websites.
• We do not sell or rent your personal data to third parties. Period.

2.4 Subscription data (paywall infrastructure)

Version 1 of The Club includes the technical infrastructure for paid plans (Free and Pro tiers) but does not enable any real billing. All users on version 1 are placed on the Free tier automatically, and no payment information is collected, requested, or processed. We store the following subscription-related fields on your account so that future billing can be enabled without an app update:

• subscriptionTier — always "free" in version 1.
• subscriptionStartedAt — null in version 1.
• subscriptionExpiresAt — null in version 1.

When real billing is enabled in a future version, this section will be updated, you will be notified, and explicit consent will be required before any charge is made (see §10 for the grandfathering commitment).

3 · How we use your data

We do not use your data for profiling, automated decision-making with legal effects, or advertising.

4 · Privacy by default

4.1 Private zones

You may configure private points (e.g., home, work) with a customizable radius. Any drive segment passing through those zones is automatically masked before being shared with other users. Only you can see the unmasked version in your private history.

4.2 Top speed never displayed outside Sport Mode

Your maximum speed on a normal drive is never displayed inside the app or on any shared card. This is a deliberate design choice to discourage dangerous driving. Top speed and 0-100 km/h time are only stored and shown when Sport Mode is explicitly active, which requires three separate checkbox confirmations affirming that you are on a closed circuit or controlled environment.

4.3 OEM battery-optimization prompts

On certain Android device manufacturers (ColorOS, MIUI, OneUI), the operating system aggressively suspends background apps, which would interrupt GPS recording. We show a one-time educational prompt asking you to whitelist The Club in your system battery settings. We never request, store, or transmit anything beyond what is declared in this document. The prompt is purely informational and links you to the OS settings screen.

4.4 Telemetry is off by default

Anonymous telemetry collection used to improve the Driving Score algorithm is opt-in only. You can enable or disable it at any time in Settings → Privacy.

5 · Who we share data with

We do NOT share data with: advertisers, data brokers, social networks (Meta, TikTok, X, etc.), or governments, except under a valid judicial order in a jurisdiction with authority over us, and only after we have exhausted reasonable legal challenges.

5.1 International transfers

Some of our processors are located in the United States. When personal data of users registered in Mexico is transferred to those processors, we rely on standard contractual safeguards (DPAs) and the public commitments of those processors to honor the principles of the LFPDPPP. By using The Club, you consent to these transfers.

6 · Your rights

We comply with Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and we honor the principles of the GDPR (EU) and the CCPA/CPRA (California, USA) for users in those jurisdictions.

You may, at any time:

• Access your data: Settings → My Account → Download my data. We deliver an exportable JSON within 30 calendar days.
• Correct your data: Settings → Edit Profile, or write to us at privacy@theclubcars.com.
• Delete your account and all associated personal data: Settings → Account → Delete Account. Hard deletion completes within 30 calendar days; see §7 for retention details.
• Portability: the JSON export is structured for re-import elsewhere.
• Restrict processing: disable optional telemetry in Settings.
• Object to a specific processing activity: write to privacy@theclubcars.com with details.
• Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

We respond to verified requests within 30 calendar days. For Mexican residents, you may also file a complaint with INAI (see §10).

7 · Data retention

If you request account deletion, a 30-day grace period allows you to reverse the request by logging back in. After 30 days, deletion is irreversible and we cannot restore your data.

7.1 Backups and recovery

Neon Postgres maintains a 6-hour Point-in-Time Recovery window that allows restoring the database in case of incidents. This history is automatic, transparent to the user, and managed by the infrastructure provider (Neon Inc., USA).

This retention may increase in future versions: The Club reserves the right to extend the backup retention window in future versions of the Service. It will not be reduced without prior user notification.

8 · Minimum age

The Club is intended for users aged 18 years or older. We do not knowingly collect data from minors. If we discover that an account belongs to a minor, we delete it immediately. If you believe a minor has registered, please report it to privacy@theclubcars.com.

9 · Changes to this policy

We will notify material changes by email and an in-app banner at least 14 calendar days before they take effect. The "Last updated" date at the top of this document reflects the current version. Minor clarifications that do not change your rights or the categories of data we process may be made without notice.

9.1 Pricing and tier grandfathering

If, in a future version, we enable real billing and migrate any current Free-plan feature to a paid tier, we commit to:

• Honor your current Free-plan feature set for the life of your account, free of charge ("grandfathering"). New paid features added after the change may require payment.
• Notify you at least 30 days in advance before any change to billing or pricing.
• Never charge you without explicit, separate consent captured in-app at the moment of subscription, with a clear breakdown of price, billing period, and cancellation terms.

This commitment is contractual and survives changes to this policy.

10 · Contact and complaints

• General: hello@theclubcars.com
• Privacy and data protection: privacy@theclubcars.com
• Account and security: admin@theclubcars.com
• Postal address (Mexico): [Legal address TBC]

If you are not satisfied with our response, you may contact the competent supervisory authority:

• Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) — inai.org.mx
• European Economic Area: your local Data Protection Authority. A directory is available at edpb.europa.eu/about-edpb/about-edpb/members_en.
• California, USA: California Privacy Protection Agency — cppa.ca.gov.

11 · Document history