Privacy Policy

sbonssy ('sbonssy', 'we', 'us') operates the sbonssy website and app at sbonssy.com — a platform for saving sports gear to a personal Locker, building shareable Kits, and discovering what other athletes use. For the purposes of the EU General Data Protection Regulation (GDPR), sbonssy is the data controller for the personal data described in this policy.

The service is operated by Sbonssy Oy, registered in Finland at Haapaniemenkatu 7–9 B, 00530 Helsinki. If you have any question about this policy or your data, contact us at info@sbonssy.com.

Account and profile information. When you create an account we process your email address and a password (handled by our authentication provider, which stores it in hashed form). Your profile may also include a username, display name, avatar image, skill level, sports of interest, age range, training frequency and country.

Content you create. We store the gear you save to your Locker — including any notes, nickname, 'best thing' description and personal score you add — and the Kits you build (their name, description, sport, and whether they are public or private). If you make a Kit public, it becomes accessible to anyone who has its share link.

Usage and device data. We automatically record certain activity, such as when products are viewed, added or removed, together with the related sport and skill level. We also infer your approximate location (country only) from your IP address, and our hosting provider collects standard analytics and performance data to keep the service running.

Search and import data. When you search for gear, your query is sent to our search provider to return live shopping results, and those results may be cached temporarily to reduce repeat lookups. If you paste a product link to import an item, we fetch publicly available information from that page.

Strava data (only if you connect it). Connecting Strava is optional. If you do, we receive and store access and refresh tokens, your Strava athlete ID, name and avatar, and the activities you choose to sync — including each activity's name, sport type, distance, duration, date and route map (GPS data). You can disconnect at any time.

Communications. If you join our waitlist or contact us, we process the email address and any message you send.

• To provide the service (performance of our contract with you): creating and securing your account, storing your Locker and Kits, running searches, and sharing the Kits you choose to make public.
• For our legitimate interests: understanding how the service is used, showing trending and popular gear, improving features, and keeping the platform secure and free from abuse. Where we rely on legitimate interests, we balance them against your rights.
• With your consent: connecting third-party services such as Strava (including the location data in your activities) and sending any optional marketing messages. You can withdraw consent at any time.
• To comply with legal obligations where they apply.

We do not sell your personal data. We share it only with the service providers that help us operate sbonssy, and only as far as needed:

• Supabase — database, authentication and file (avatar) storage.
• Vercel — application hosting, analytics and performance monitoring, including IP-based country detection.
• MongoDB — storage for search caching, the waitlist and certain integration data.
• Serper / Google — receives your search queries in order to return live product results.
• Strava — if you connect it, data is exchanged with Strava under its own terms.
• Retailers and affiliate networks (such as Awin and Outnorth) — when you click an outbound product link you are taken to a third-party site governed by its own policies. Where a link is an affiliate link, we may receive commission or aggregate click information; we do not share your account details with them.

We may also disclose information where required by law or to protect our rights, our users or the public.

Some of our providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your data.

We use cookies and similar technologies that are strictly necessary to sign you in and keep your session secure. We also use privacy-focused analytics from our hosting provider to measure traffic and performance. You can control non-essential cookies through your browser settings.

We keep your account and content for as long as your account is active. You can delete your account at any time from your profile settings; doing so permanently erases your profile, Locker, Kits, follows and any connected Strava data, and cannot be undone. We may retain limited information where the law requires it. Cached search results expire automatically after a few days, and waitlist entries are kept until launch or until you ask us to remove them.

Under the GDPR you have the right to access your data, correct it, delete it, restrict or object to its processing, receive a portable copy, and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at info@sbonssy.com.

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu, tietosuoja.fi) or your local supervisory authority.

We protect your data with measures including encryption in transit, hashed passwords, and row-level access controls that keep your private content visible only to you. No online service can be completely secure, but we work to protect your information and to address any issues promptly.

sbonssy is not intended for children under 13. If you are under 18, you may only use the service with the consent of a parent or guardian. We do not knowingly collect data from children below the applicable age of digital consent; if you believe a child has provided us with personal data, please contact us and we will remove it.

We may update this policy from time to time. When we make material changes we will update the date above and, where appropriate, notify you in the app or by email.

For any privacy question, or to exercise your rights, email info@sbonssy.com or write to Sbonssy Oy, Haapaniemenkatu 7–9 B, 00530 Helsinki, Finland.