Privacy Policy

Home About Help
Get early access
Legal

Privacy Policy

Last updated: 26 April 2026

This policy explains what personal data Scootie collects when you use our scooter-sharing service, why we need it, who we share it with, and how you can control it. We wrote it to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and Greek law (Law 4624/2019).

Plain-English summary: we collect what we need to unlock a scooter for you, charge you for the ride, and keep the system safe. We don’t sell your data. We delete your account on request, except for ride and payment records we’re legally required to keep for tax purposes.

1. Who we are

Scootie is the trading name of a Greek sole proprietorship (AFM xxxxxx) registered at Nikiti, Sithonia 63088, Halkidiki, Greece. We act as the data controller for the personal data we collect through this website, the Scootie mobile app, and the scooters themselves.

Contact us about privacy: info@scootie.boo · +30 698 054 6394

2. What we collect

Account information

When you create an account: email address, password (stored as a salted hash, never readable), full name, and (optionally) phone number. We also store a timestamp of when you accepted these Terms.

Ride information

For every ride you take: scooter ID, ride start time and location (GPS), ride end time and location, distance, duration, route (sampled GPS positions during the ride), and an end-of-ride photo of the parked scooter. The photo is stored to verify correct parking and resolve disputes; it is not used for facial recognition.

Payment information

Wallet top-ups go through Stripe. We store: amount, date, transaction reference, and Stripe payment-intent ID. We do not store your full card number, CVV, or expiry; those are held only by Stripe. Stripe sends us an opaque “customer ID” which we use to charge your saved card on later top-ups.

Device and technical information

IP address, device model, operating system version, app version, and a push-notification token. We collect these from app launches and API requests for security, debugging, and notifications.

Crash and error reports

If the app crashes, we receive an anonymised crash report through Sentry. It contains the stack trace, device model, and OS version, but no personal data from your account.

3. Why we collect it (legal basis)

PurposeLegal basis (GDPR Art. 6)
Create your account, authenticate you, run ridesContract — you cannot use the service without these
Charge for rides; issue receipts; tax recordsContract + legal obligation (Greek tax law)
Track scooters during rides (location)Contract — required to deliver the service safely
End-of-ride parking photoLegitimate interest — verify safe parking, prevent fleet abuse
Push notifications about your rideConsent (you can disable in your device settings)
Crash reports for debuggingLegitimate interest — keep the app working
Fraud prevention; security investigationsLegitimate interest — protect our service and users

4. Who we share it with

We share the minimum personal data necessary with these processors. Each is contractually bound to GDPR-equivalent terms.

RecipientWhat they receiveWhy
Stripe Payments Europe (Ireland)Email, payment amount, card tokenProcess payments
Brevo (France)Email address, message contentsSend transactional email (receipts, password resets)
Sentry (USA)Anonymised crash reportsApp stability monitoring
Expo / Google FCM / Apple APNs (USA)Push tokenDeliver push notifications

We do not sell, rent, or trade your personal data, ever.

5. International transfers

Some of our processors (Sentry, Apple, Google) are based in the United States. We rely on the EU-US Data Privacy Framework and the European Commission’s Standard Contractual Clauses (SCCs) for these transfers, which provide GDPR-equivalent protections.

6. How long we keep it

  • Active accounts — kept while your account is open.
  • Deleted accounts — when you delete your account in the app, we anonymise your profile (email, name, phone, push token are immediately scrubbed). Ride and transaction rows are retained in anonymised form (no link to a person) for 7 years as required by Greek tax law (Νομος 4308/2014).
  • Crash reports — 90 days, then deleted by Sentry.
  • End-of-ride photos — 30 days unless flagged for a dispute, then up to 1 year.
  • Server access logs — 30 days.
  • Phone numbers from deleted accounts — retained indefinitely (separated from any other identifying information) so we can detect re-registration by users who left an unsettled balance on a prior account. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). On request, we will confirm whether your phone is on this list and remove it once any outstanding amount is settled.

7. Your rights

Under GDPR you have the right to:

  • Access a copy of the data we hold about you.
  • Rectify inaccurate data (you can edit your profile in the app).
  • Erase your data (“right to be forgotten”).
  • Restrict our processing of your data.
  • Object to processing based on legitimate interest.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time for processing based on consent (e.g. push notifications).
  • Not be subject to fully automated decisions that have legal effect on you (we don’t make any).

How to exercise these rights

  • Export your data: open the Scootie app → Profile → Privacy & Safety → Export My Data. You’ll receive a JSON file with your account, rides, and transactions.
  • Delete your account: open the app → Profile → Privacy & Safety → Delete Account. Your profile is anonymised immediately; ride/payment records are retained anonymised as described above.
  • Anything else: email info@scootie.boo. We respond within 30 days, free of charge.

8. Cookies and similar technologies

The Scootie website uses only essential cookies — for the WordPress session and the waitlist form’s spam protection. No analytics, advertising, or third-party trackers run on the site. The mobile app stores your login token locally in your device’s secure keystore (Keychain on iOS, EncryptedSharedPreferences on Android).

9. Children

Scootie is not intended for children under 16. Greek law requires riders of e-scooters to be at least 15 years old. We do not knowingly collect data from children under 16. If you believe a child has created an account, contact us and we’ll delete it.

10. Security

We protect your data with TLS encryption in transit, encrypted-at-rest backups, salted password hashes (bcrypt), least-privilege access for our team, and 14-day rolling backups. Any breach affecting personal data will be reported to the Hellenic Data Protection Authority within 72 hours and to you without undue delay if there is a high risk to your rights.

11. Complaints

If you believe we’ve handled your data unlawfully, please contact us first — most issues are misunderstandings we can fix in a day. If you’re not satisfied, you have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα): www.dpa.gr · Kifisias Avenue 1-3, 11523 Athens.

12. Changes to this policy

We may update this policy as the service evolves or laws change. The “Last updated” date at the top reflects the most recent revision. Material changes will be notified through the app or by email at least 30 days before they take effect.

13. Contact

Scootie
Nikiti, Sithonia 63088, Halkidiki, Greece
info@scootie.boo · +30 698 054 6394

Scootie
Nikiti, Sithonia, Greece
Scroll to Top