Privacy Policy
This Privacy Policy describes how Highroad Studios ("we", "us", "our") handles information in connection with the Axelero mobile application and any other products we offer. By using our products, you agree to the practices described here.
1. Compliance & our role
We are committed to handling your personal data in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the European Union's General Data Protection Regulation (GDPR).
For the purposes of these laws, Highroad Studios is the Data Fiduciary (under the DPDP Act) and the Data Controller (under the GDPR) responsible for your personal data. You are the Data Principal / Data Subject. We process your data only for the purposes described below, and only for as long as needed to provide the service.
2. What we collect
- Account information. When you sign in via Google Sign-In, we receive your name, email address, and a unique account identifier from Google.
- Vehicle data. Details you add about your motorcycle — make, model, year, registration nickname, odometer, and similar fields.
- Entries you log. Fuel refills, service and repair records, accessory and gear purchases, and other expenses you record in the app.
- Optional location / place tags. If you grant location permission, we tag fuel-station or shop entries with a place name and identifier. Location is never collected in the background and is only used at the moment you choose to add it.
- Crash diagnostics. When the app crashes or hits an unhandled error, we collect a stack trace, device model, OS version, and app version. No free-text content or location notes are attached.
- Anonymised usage analytics. Collected by default once you sign in. Includes screen views, key actions (fuel logged, vehicle added, report viewed), and aggregate performance metrics (screen load times, network latency). No free-text fields (location notes, service notes) are collected. You can opt out at any time in Settings.
We do not collect advertising identifiers, and we never sell, rent, or trade your data or use it to serve advertising.
3. How we use it & legal basis
- To display your own data back to you inside the app.
- To compute summaries, trends, and reminders on your device.
- We do not show ads. We do not sell, rent, or trade your data with any third party for marketing purposes.
DPDP Act basis (primary): User consent. By signing in and agreeing to the Terms of Use, you consent to the processing of your account data, app data, crash diagnostics, and anonymised usage analytics as described in this policy. You may withdraw analytics consent at any time in Settings; crash diagnostics continue under the DPDP Act's "legitimate uses" for service security and debugging.
GDPR (where applicable to EU/EEA users): This product is primarily offered to riders in India. EU/EEA users should note that, under the GDPR, behavioural analytics requires explicit, granular consent which our current sign-in flow does not collect. EU/EEA users who wish to use the app should disable usage analytics in Settings immediately after sign-in. Crash diagnostics are processed under legitimate interest (Art. 6(1)(f)). Performance of a contract (Art. 6(1)(b)) applies to core app functionality.
4. Data residency & where it's stored
Your primary data is stored in Google Cloud Firestore in the asia-south1 region (Mumbai, India). Firestore encrypts data in transit and at rest, and access is restricted to you via Firebase security rules tied to your account ID. The table below sets out where each category of data lives.
| Data category | Where it's stored | Region |
|---|---|---|
| Account identity (name, email) | Firebase Authentication + Cloud Firestore | Global (Auth); asia-south1 (Firestore) |
| Your app data (vehicles, and your fuel, service, accessory, gear & expense entries, including place tags) | Cloud Firestore | asia-south1 (Mumbai) |
| Place lookup queries (typed search text) | In transit only; not retained after the request completes | asia-south1 → global |
| Resolved place names attached to entries (e.g. "Shell, Andheri West") | Stored with the entry in Cloud Firestore until the entry or account is deleted | asia-south1 (Mumbai) |
| Authentication tokens (server-side) | Firebase Authentication | Global |
| Authentication tokens & offline cache (client) | On your device | On-device only |
| Server logs (security & errors) | Google Cloud Logging | asia-south1 |
| Crash diagnostics | Firebase Crashlytics | Global (US-based) |
| Usage analytics (default-on, opt-out in Settings) | Firebase Analytics / GA4 | Global (US-based) |
| Performance traces (default-on, opt-out in Settings) | Firebase Performance | Global (US-based) |
| Marketing / advertising data | Not collected | N/A |
5. Subprocessors
We use the following subprocessors to operate our products. All eleven are operated by Google LLC, and the contractual relationship is governed by the single Google Cloud Data Processing Addendum.
| # | Subprocessor | Service / purpose | Data region | Owner |
|---|---|---|---|---|
| 1 | Cloud Firestore | Primary database for your account and app data | asia-south1 (Mumbai, India) | Google LLC |
| 2 | Firebase Authentication | User authentication and sign-in | Global (Google-managed) | Google LLC |
| 3 | Cloud Functions for Firebase | Server-side application logic (scheduled account-deletion sweep) | asia-south1 (Mumbai, India) | Google LLC |
| 4 | Firebase Hosting | Hosts this website | Global CDN with edge caching | Google LLC |
| 5 | Google Places API | Place / location name lookup when you tag a location | Global (US-based service) | Google LLC |
| 6 | Google Identity Platform | OAuth provider for "Sign in with Google" | Global | Google LLC |
| 7 | Google Fonts | Serves the website typeface (no personal data) | Global CDN | Google LLC |
| 8 | Google Sheets & Apps Script | Receives and stores contact-form submissions from this website | Global (Google-managed) | Google LLC |
| 9 | Firebase Crashlytics | Crash diagnostics | Global (US-based) | Google LLC |
| 10 | Firebase Analytics (Google Analytics 4) | Anonymised usage analytics | Global (US-based) | Google LLC |
| 11 | Firebase Performance Monitoring | App performance traces | Global (US-based) | Google LLC |
Google's own downstream subprocessor list is published at firebase.google.com/support/privacy/subprocessors; those parties flow through Google's DPA automatically.
6. International data transfers
Your records are stored in India (asia-south1). Some services — Firebase Authentication, Google Identity Platform, the Google Places API, Google Fonts, and our diagnostics services (Firebase Crashlytics, Firebase Analytics, and Firebase Performance Monitoring) — are global and may process limited data (such as authentication tokens, a transient place query, or crash and usage diagnostics) outside India, including in the United States. Where such transfers involve personal data of EU/EEA Data Subjects, they are governed by Google's Data Processing Addendum and the European Commission's Standard Contractual Clauses and applicable adequacy mechanisms.
7. Data retention
We retain your personal data only for as long as your account is active. When you request account deletion, your account enters a 15-day grace period. During this window your data is retained but inaccessible — signing back in within 15 days cancels the request and restores access to your account. After the grace period ends, a scheduled job (which runs every 4 hours in the Asia/Kolkata timezone) permanently erases all of your personal data: your identity, vehicles, fuel and service entries, accessory and expense logs, and any associated location tags. Erasure is cascading and irreversible; no copies are retained.
Transient place-lookup queries are not retained after the lookup completes. Server logs are retained by Google Cloud Logging for a limited period for security and debugging.
8. Your rights
As a Data Principal (DPDP Act) and Data Subject (GDPR), you have the right to:
- Access the personal data we hold about you, and obtain a summary of how it is processed.
- Correct inaccurate or incomplete data, and update it from within the app.
- Erase your data — requesting account deletion from within the app starts a 15-day grace period, after which all data is permanently erased by a scheduled sweep. You can cancel the deletion at any time during the grace period by signing back in.
- Withdraw consent for optional processing (such as location/place tagging) at any time, without affecting prior lawful processing.
- Opt out of analytics at any time via Settings → usage analytics. Opting out stops further event collection immediately. Crash diagnostics remain on under DPDP legitimate-uses / GDPR legitimate-interest, as they are necessary to keep the app stable.
- Data portability — request a machine-readable export of your data by emailing us.
- Object to or restrict certain processing (GDPR), where applicable.
- Nominate another individual to exercise your rights in the event of death or incapacity (DPDP Act).
- Grievance redressal — raise a complaint and have it addressed (see Section 9).
To exercise any of these rights, email us at privacy@highroadstudios.in. We respond within a reasonable timeframe and in any case within the periods required by applicable law.
9. Grievance redressal
If you have a complaint about how we handle your personal data, please contact our Grievance Officer:
- Grievance Officer: Highroad Studios
- Email: privacy@highroadstudios.in
We aim to acknowledge grievances within 48 hours and resolve them within the timelines prescribed by the DPDP Act. If you are not satisfied with our response, you may escalate to the Data Protection Board of India (under the DPDP Act). If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection supervisory authority (under the GDPR).
10. Children
Our products are intended for users aged 18 and over. They are not directed at children under the age of 13, and we do not knowingly collect data from anyone under 13. Where required by the DPDP Act, processing of a child's data is subject to verifiable parental consent.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app or via email where appropriate. The effective date at the top of this page will always reflect the latest version.
12. Contact
Questions about privacy or this policy? Email us at privacy@highroadstudios.in.