Legal

Privacy Policy

Last updated: 9 April 2026

Who we are

RDNA.app is a cycling gear recommendation platform. Contact: hello@rdna.app.

What data we collect

We collect only what is necessary to provide the service. There are three categories.

Account data

Email address — used for magic link authentication. No password is stored.

Rider profiles — display name, discipline, experience level, sizes, search preferences. Created by you, editable and deletable at any time.

Behavioural signals (opt-in)

Affiliate clicks — which products you click through to retailers.

Dwell time — how long you spend on a product page.

Search behaviour — what you search for and which results you interact with.

Technical data

Standard server logs — IP address, browser type, pages visited. Retained for 30 days.

Session cookies — Supabase authentication session. No tracking cookies. No third-party cookies.

Behavioural signals are opt-in

Each of the three signal categories (affiliate clicks, dwell time, search behaviour) is independently toggleable in your Data and Privacy settings. Every category includes a plain-language explanation of what the platform learns from it. You can disable any category at any time without affecting your ability to use the platform.

How we use your data

Your data is used for three purposes. Nothing else.

Personalisation — matching products to your sizes, discipline, and preferences.
Scoring — behavioural signals contribute to the recommendation model over time. This data is anonymised before aggregation.
Communication — sending magic link login emails and, if you opt in, stock alerts and price drop notifications.

What we do not do

Sell your data to anyone.
Share your data with advertisers.
Display ads of any kind.
Use tracking cookies or third-party analytics trackers.
Profile you for purposes outside of product recommendations.
Send marketing emails. The only emails are login links and opt-in notifications.

Data export and deletion

You can download all data associated with your account as a JSON file from the Data and Privacy page. You can delete your behavioural signal history at any time. You can delete individual profiles or your entire account. Deletion is permanent and irreversible. We process deletion requests immediately — there is no 30-day waiting period.

Affiliate links

When you click through to a retailer, the URL may contain an affiliate tracking parameter. This allows the retailer to attribute any resulting purchase to RDNA.app and pay a commission. The affiliate network (AWIN, CJ Affiliate, or Amazon Associates) receives data about the click and any resulting transaction. We do not control what data those networks collect after the redirect. See our Affiliate Disclosure for full details.

Cookies

RDNA.app uses a single session cookie managed by Supabase Auth to maintain your login state. This cookie expires after 30 days of inactivity. We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. No cookie consent banner is required because the session cookie is strictly necessary for authentication.

Data storage

Account data and profiles are stored in Supabase (PostgreSQL) hosted in East US (North Virginia). Product embeddings are stored in Pinecone. All connections use TLS encryption. Row-level security policies ensure you can only access your own data.

Your rights

Regardless of where you live, you have the right to access, correct, export, and delete your data. You can exercise all of these rights from your Data and Privacy settings without contacting us. If you need to reach us about a privacy matter, email hello@rdna.app.

Children

RDNA.app is not directed at anyone under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. We will not reduce your rights under this policy without notifying you by email.