Privacy Policy

Last updated: March 06, 2025

1. Introduction

Sunshine is an open source project for managing unu/librescoot electric scooters. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

We collect several types of information from and about users of our services, including:

  • Account Information: Personal information such as name, email address, and contact details when you register for an account.
  • Scooter Data: Information about your scooter, including:
    • Vehicle identification number (VIN)
    • Real-time location data
    • Battery status and charging information
    • Telemetry data (speed, distance, temperature, etc.)
    • Trip records and routes
    • Scooter status and diagnostic information
  • Technical Information: IP address, browser type, device information, and operating system.
  • Usage Data: Information about how you interact with our services, including features used and actions taken.

3. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal grounds:

  • Contract Performance: Processing necessary for the performance of our contract with you to provide the Sunshine services.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, ensuring security, and analyzing usage patterns.
  • Consent: Where you have given consent for specific processing activities, such as location tracking.
  • Legal Obligation: Processing necessary to comply with legal obligations.

4. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing core functionality of the Sunshine application, including scooter monitoring, control, and trip tracking.
  • Processing and recording trip data for statistics and analysis.
  • Enabling scooter sharing functionality between users.
  • Sending administrative information, such as updates, security alerts, and support messages.
  • Analyzing usage patterns to improve our services and user experience.
  • Protecting our services and users from fraudulent, unauthorized, or illegal activity.
  • Generating anonymized statistics about scooter usage and performance.

5. Data Sharing and Disclosure

We may share your information in the following situations:

  • With Other Users: If you choose to share your scooter with other users, they will have access to certain scooter data.
  • Service Providers: With third-party service providers who help us operate our services (e.g., hosting providers, MQTT brokers).
  • Legal Requirements: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Safety and Rights Protection: To protect the rights, property, or safety of our users or others.
  • With Your Consent: With your explicit consent or at your direction.

6. Data Retention

We retain your personal data for as long as necessary to provide you with our services and for legitimate and essential business purposes, such as maintaining the performance of our services, making data-driven business decisions, complying with our legal obligations, and resolving disputes. We will delete or anonymize your data when it is no longer needed for these purposes.

Specifically:

  • Account information is retained as long as you maintain an active account.
  • Detailed telemetry data may be archived or aggregated after a certain period to reduce storage requirements.
  • Trip data is retained to provide you with historical statistics and insights.

7. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information, including:

  • Encryption of data in transit using TLS/SSL.
  • Authentication mechanisms for MQTT connections.
  • Access controls and authorization for system components.
  • Regular security assessments and updates.

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

8. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or the UK, you have certain rights regarding your personal information:

  • Right to Access: You can request copies of your personal data.
  • Right to Rectification: You can request that we correct inaccurate information or complete incomplete information.
  • Right to Erasure: You can request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You can request that we transfer your data to another controller in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to our processing of your personal data in certain circumstances.
  • Rights Related to Automated Decision-making: You have rights related to automated decision-making and profiling.

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

9. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: contact@rescoot.org

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes data protection laws.