Privacy Policy
Last updated: February 13, 2026
EasyLock.bike ("we", "us", "our") operates the EasyLock.bike website and mobile application (the "Services"). This policy describes what information we collect, how we use it, and your choices regarding your data.
1. Information We Collect
Account information
When you create an account or sign in, we collect your email address, name, company details (name, VAT number, address), and payment information processed through our payment provider Mollie. Passwords are stored as bcrypt hashes and are never stored in plain text.
Session data
We store session tokens to keep you signed in. The mobile app stores session data using your device's encrypted secure storage (Keychain on iOS, Keystore on Android).
Lock and device data
When you use the app to operate a lock, we process the lock's identifier, Bluetooth MAC address, and battery level. Battery level is sent to our server for low-battery notifications.
Camera
The mobile app uses your device camera solely to scan QR codes on locks. No images or video are stored or transmitted.
Bluetooth
The mobile app uses Bluetooth Low Energy (BLE) to communicate with locks. Bluetooth is used only for lock operation and is not used to track your location.
Location
On Android, location permission is required by the OS to scan for nearby Bluetooth devices. We do not collect, store, or transmit your location data.
2. How We Use Your Information
- Authentication and session management
- Lock operation and battery monitoring
- Payment processing through Mollie
- Sending transactional emails (invites, password resets, payment notifications)
We do not use your information for advertising, analytics, profiling, or any purpose other than operating the Services.
3. Data Sharing
We do not sell, rent, or share your personal information with third parties, except: Mollie B.V. processes payments on our behalf; Brevo sends transactional emails on our behalf. Your data is transmitted over encrypted HTTPS connections.
4. Data Storage and Security
Data is stored on servers located in Europe. Session credentials on mobile devices use encrypted secure storage. All communication uses HTTPS encryption. Lock communication uses AES encryption over Bluetooth.
5. Data Retention
Your account data is retained for as long as you have an active account. Local session data is removed when you sign out. You can request deletion of your account and all associated data by contacting us.
6. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Request deletion of your account and data
- Restrict or object to processing
- Data portability
To exercise these rights, contact us at the address below.
7. Children's Privacy
The Services are not intended for use by children under 16. We do not knowingly collect information from children under 16.
8. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by updating the "Last updated" date above.
9. Contact Us
If you have any questions about this privacy policy or your data, contact us at: