Privacy Policy for Go-Bike

Effective Date: December 4, 2025

This Privacy Policy explains how BlossomEdge ltd ("we," "us," or "our") collects, uses, processes, stores, and protects the personal data of users ("you") of the Go-Bike mobile application (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the UK General Data Protection Regulation (GDPR) and other applicable UK data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

BlossomEdge ltd
Email: support@blossomedge.ai

2. Information We Collect and Legal Basis for Processing

We collect the following types of information, relying on specific legal bases under GDPR:

Type of Data Collected:

• Account Data (Email, Password hash): To create, manage, and secure your user account. Legal Basis: Performance of a Contract (ToS). Storage: Cloud (Secure)
• Real-Time Camera Feed: Used for on-device computer vision processing only, for immediate collision detection. This feed is NOT recorded or stored in the cloud. Legal Basis: Legitimate Interest (Ensuring real-time safety function). Storage: Local (Processed in device memory only)
• Real-Time GPS Data (Speed, Heading, Position): Used for immediate collision detection and distance calculation. This data is NOT recorded unless a near-miss occurs. Legal Basis: Legitimate Interest (Ensuring real-time safety function). Storage: Local (Processed in device memory only)
• Near-Miss Video Footage (Short clips only, 2 seconds pre-event): To provide the user with a local record and context of a near-miss event. Legal Basis: Consent (By granting file/storage access). Storage: Local (On device)
• Near-Miss Event Metadata (Full GPS data, GPS snippet data, Object detection output, Risk model output): To allow the user to visualize, map, and understand the context of a near-miss event. Legal Basis: Consent (By granting location/storage access). Storage: Local (On device)
• Aggregated Anonymized Data: To create public safety heatmaps and improve the Service's algorithms and geographic coverage. Legal Basis: Consent (Explicit user upload) & Legitimate Interest (Improving public safety via data analysis). Storage: Cloud (Secure)

3. Local Processing and Cloud Upload

3.1 On-Device Processing: The core function of Go-Bike (collision detection) relies entirely on processing Camera and GPS data on your mobile device. This data is processed in real-time and deleted from the device's volatile memory immediately after use.

3.2 Local Storage: The complete Near-Miss Event Data package (footage, GPS, and model outputs) is stored locally on your device only. This data is entirely under your control.

3.3 Optional Cloud Upload and Anonymization: If you choose to upload your near-miss data to our cloud storage, you give us explicit consent to:

• Securely receive and store the full near-miss data package (including video footage, full and snippet GPS data, object detection outputs, and risk model outputs).
• Process and strictly anonymize the data (stripping all personal identifiers, including precise GPS coordinates and account information).
• Aggregate the anonymized data with that of other users to generate public safety heatmaps.
• We will not attempt to re-identify any data that has been fully anonymized.

4. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of all transmitted data (TLS/SSL).
• Password hashing for account security.
• Secure server environments for cloud storage.
• Strict access controls to prevent unauthorized access to uploaded data before anonymization.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Data: Retained until you request account deletion.
• Locally Stored Near-Miss Data: Controlled and retained by you on your device.
• Aggregated Anonymized Data: Retained indefinitely for the purpose of maintaining and improving the public safety heatmaps and the Service's long-term performance.

6. Your Rights Under GDPR (UK)

Under GDPR, you have the right to:

• Right to be Informed: To be informed about how your personal data is being used (which is the purpose of this policy).
• Right of Access: To request a copy of the personal information we hold about you.
• Right to Rectification: To have inaccurate personal data corrected.
• Right to Erasure ('Right to be Forgotten'): To request that we delete your personal data.
• Right to Restrict Processing: To ask us to suspend the processing of your personal data.
• Right to Data Portability: To request the transfer of your personal data to another party.
• Right to Object: To object to the processing of your personal data where we are relying on a legitimate interest.
• Rights in Relation to Automated Decision Making and Profiling: We do not use automated decision-making processes that significantly affect you.

To exercise any of these rights, please contact us using the details provided below.

7. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this document.

8. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

BlossomEdge ltd
Email: support@blossomedge.ai