Terms of Service
Working draft pending review by a German tech lawyer. Last updated: 2026-05-23.
1. About these terms
These Terms of Service ("Terms") govern your use of the Bikelog service operated by Hans Fritz (the "Operator", "we", "us"), contact details available in the Impressum. By creating an account or using Bikelog, you agree to these Terms. If you don't agree, don't use the service.
2. What Bikelog is
Bikelog is a personal cycling training log. It accepts activity files (GPX, TCX, FIT) you upload, stores them, derives statistics, renders maps, and presents the result back to you. It is provided free of charge and "as is" — there are no guaranteed uptime, performance, or support commitments.
3. Your account
You may register an account with a username, email address, and password. You're responsible for keeping the password confidential and for everything done under your account. Bikelog stores passwords as a one-way hash; we never see your plaintext password.
You may close your account at any time. When you do, your rides, photos, source files, and other data stored by Bikelog are deleted. See section 6 for the limits of what we can delete on your behalf.
4. Your content
You retain full ownership of every ride, photo, note, and file you upload to Bikelog. You grant the Operator a non-exclusive licence to host, process, simplify, render, and serve that content back to you (and to anyone you grant access to, e.g. followers or third-party apps) — but only for the purpose of operating the service. We do not claim ownership of your data and do not sell it.
You promise that:
- The content is yours to upload, or you have the necessary rights;
- It doesn't infringe anyone else's rights;
- It's not illegal in the jurisdictions where you and the Operator are located.
5. Acceptable use
Don't use Bikelog to attack other users or the service. In particular:
- No automated scraping, denial of service, brute-force, or credential-stuffing attempts.
- No uploading malware, illegal content, or content designed to harm other users.
- No attempts to bypass authentication, rate limits, or access controls.
- No impersonation of other users or the Operator.
We may suspend or terminate accounts that violate these rules.
6. Connections with third-party services
Bikelog connects to third-party services in two directions, each gated by your explicit authorisation. Both flows have the same underlying property: once data crosses a service boundary, the service on the other side has its own copy and its own rules. You remain in control at the source side; you cannot retroactively recall data already delivered to the other side.
6.1 Other applications using Bikelog's API (outbound)
Bikelog publishes a public OAuth 2.1 API so that other applications can read or write your data on your behalf — but only after you explicitly authorise them.
- When you authorise a third-party application via OAuth, that application receives copies of your data according to the scopes you grant. Those copies live on infrastructure we do not control.
- Revoking an application's access in your Settings stops future data flow but does not recall copies already made. Bikelog cannot reach into a third party's database and delete data on your behalf.
- Deleting your Bikelog account only removes the Bikelog-side copy of your data. Anything that has already been shared with third-party applications stays wherever those applications keep it.
- To request deletion of data held by a third-party application, you must contact that application directly through its own privacy process (most apps have a GDPR contact under their own privacy policy).
- The Operator manually reviews and approves each API client before it is granted access. We do not vouch for, endorse, or accept responsibility for the behaviour of third-party applications you authorise.
This is intentional, not a limitation. It's the cost of giving you full control over what leaves the service: you decide what goes out, and we honestly disclose that what leaves cannot be remotely unmailed.
6.2 Connecting fitness platforms (Garmin Connect, Wahoo Cloud, Coros)
If you choose to link a Garmin Connect, Wahoo Cloud, or Coros account, Bikelog acts as a client of their API on your behalf. Same data-sovereignty framing, mirrored:
- The link is established via the third party's OAuth flow. Bikelog receives only the per-user access token they issue; we never see your password to the third-party service. You can revoke the link at the third party at any time (Garmin Connect → Connected Apps; Wahoo SYSTM → Authorized Apps; Coros app → Settings → Permissions), AND you can revoke from inside Bikelog (Settings → Connected Services).
- After linking, the third party will notify Bikelog when new activities are recorded with that device, and Bikelog will fetch those activities and add them to your ride history. You agree that activities fetched this way are subject to the same Bikelog-side handling as activities you upload manually.
- The third party is a separate data controller for their own copies of your data. Deleting your Bikelog account, or disconnecting the link, does not delete the data the third party already has about you on their servers. That is governed by the third party's own privacy policy and account-deletion process — you must contact them directly for that.
- Bikelog is bound by the third party's own developer terms in addition to these Terms. Specifically, by linking a Garmin Connect account you also implicitly accept the Garmin Developer Program / API Terms of Use as they apply to the Bikelog integration. We undertake to: (i) only use Garmin-supplied data for the purposes you have authorised; (ii) not resell, redistribute to advertisers, or combine that data with other data without your consent; (iii) store the access credentials securely; (iv) stop fetching new data and delete the credentials promptly when you disconnect the link; and (v) cease use of Garmin data altogether if Garmin terminates Bikelog's developer access. Equivalent commitments apply to Wahoo and Coros under their respective developer agreements.
- If a third-party service withdraws its API, changes its terms, rate-limits Bikelog, or terminates your account on their side, the integration may stop working. The Operator has no control over the third party's decisions and accepts no liability for consequential loss of synchronised activities. Your own uploaded-by-hand history on Bikelog is unaffected.
7. Termination
You may terminate your use of Bikelog at any time by deleting
your account from /settings.php.
We may terminate your access if you breach these Terms, if continued service would impose disproportionate cost on the Operator, or if the service is being shut down. Where reasonably possible we will give notice before terminating.
8. No warranty
Bikelog is provided "as is" and "as available". To the maximum extent permitted by applicable law, the Operator disclaims all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement.
Statutory rights you have under German consumer law (BGB) and EU consumer protection law are not affected by this disclaimer.
9. Limitation of liability
To the maximum extent permitted by applicable law, the Operator's liability is limited to cases of intent or gross negligence, and to damages typical and foreseeable at the time of contract.
This limitation does not apply to:
- Liability under the German Product Liability Act (
ProdHaftG); - Liability for injury to life, body, or health;
- Liability for fraud, intent, or gross negligence;
- Any liability that cannot be limited under applicable law.
10. Changes to these Terms
The Operator may update these Terms occasionally. Material changes will be announced on the site and/or by email to your registered address at least 30 days before they take effect. Continued use of Bikelog after the effective date counts as acceptance. If you don't accept the new Terms, close your account.
11. Governing law and jurisdiction
These Terms are governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).
For consumers domiciled in the EU, mandatory consumer-protection rules of your country of habitual residence remain unaffected by this choice of law.
The European Commission's online dispute-resolution platform is at https://ec.europa.eu/consumers/odr/. The Operator is not obliged or willing to participate in alternative dispute-resolution proceedings before a consumer arbitration board.
12. Severability
If any provision of these Terms is or becomes unenforceable, the remaining provisions stay in effect, and the unenforceable provision is replaced by an enforceable provision that comes closest to the original intent.
13. Contact
Questions about these Terms: see the Impressum for the Operator's contact details.