VeloLog — End-User Licence Agreement (EULA)

Version 2.0 · Drafted [Date] · Takes effect [Date + 30 days]

⚠ Important notice — please read

This document is the agreement between you and VeloLog. By creating an account, paying for a subscription, or otherwise using the Platform, you confirm that you have read and accepted these Terms.

We have written this in plain language wherever possible. Sections that limit our liability or affect your statutory rights are marked in bold. If you don't agree with even one provision, please don't use the Platform.

Your statutory consumer rights under the law of your country of residence always take precedence over these Terms where they conflict. Nothing here is intended to take away rights that EU or UK law gives you.

Plain-language summary (not legally binding — see the full text below)

You own your data. Your bikes, photos, service records, and personal information belong to you. We process them on your behalf.
Bike histories can't be edited. Once a service or transfer is logged, it's permanent — this is how we make the record trustworthy.
We're a platform, not a party to transactions. When you sell a bike or book a service through us, you contract directly with the other party.
Free for basic use, paid for premium features. All prices are shown before you confirm payment. VAT included where required by your country.
14-day right of withdrawal. EU and UK consumers can cancel a paid subscription within 14 days, with the carve-out described in Section 6.
We don't sell your data, and we don't train AI on it. Period.
You can leave at any time. Account deletion is one click, and you choose what happens to your data after.

About VeloLog and these Terms
Definitions
Eligibility, Accounts, and Acceptance
Minors
Subscriptions, Pricing, and Payment
Right of Withdrawal and Refunds (EU / UK Consumers)
Acceptable Use
Registry and Bike Records
Service Bookings (Riders ↔ Business Users)
Marketplace and Peer-to-Peer Transfers
Stolen-Bike Flags and Recovery
Valuations and Reputation
Business Users (additional terms)
Content, Photos, and Intellectual Property
Personal Data, Privacy, and Account Deletion
Modifications, Suspension, and Termination
Liability and Disclaimers
Reporting Abuse, Dispute Resolution, and Applicable Law
Information Security
Final Provisions

1. About VeloLog and these Terms

1.1. These End-User Licence and Service Terms (the "Terms") govern your use of VeloLog — the bicycle registry, service-history, marketplace, and community platform accessible at velolog.io and via our applications (the

"Platform").

1.2. The Platform is operated by [Legal Entity Name] (the "Company",

"VeloLog", "we", "us", "our") — company registration number [Number], registered office at [Address], contact: [email].

1.3. You agree to these Terms by:

creating an Account, or
paying for any service on the Platform, or
redeeming a Transfer Token issued by another User, or
otherwise using the Platform after the effective date above.

If you don't agree with any provision, please don't use the Platform.

1.4. The English version of these Terms is authoritative. Translations are provided for convenience.

2. Definitions

"Account" — your personal profile on the Platform.
"Bike Record" — the immutable, append-only log of events associated with a single bicycle.
"Business User" — a verified legal entity (typically a bike shop) using the Platform's Service or Fleet modules. See Section 13.
"Content" — anything you upload, post, or submit to the Platform (text, photos, comments, service notes, etc.).
"Event" — a timestamped, cryptographically-signed entry in a Bike Record (registration, service log, validation, transfer, stolen flag, etc.).
"Ghost Admin" — the platform administrator role used for operational housekeeping: subscription management, promotional codes, and the support inbox. The Ghost Admin does not adjudicate disputes between Users and is not a decision-maker in any conflict. Disputes are resolved by the automated mechanism described in Section 18.
"Minor" — a User under 18 (or under any higher minimum age set by their local law for digital service contracts).
"Platform" — velolog.io and our official applications, collectively.
"Reputation Score" — a 0–100 indicator of a User's track record on the Platform.
"Rider" — a User using the Platform for personal, non-commercial purposes. Basic Rider tier is free; Premium Rider is paid.
"Services" — all features available through the Platform, both free and paid.
"Subscription" — any recurring paid plan (Premium Rider, Business seats, add-on bike slots, etc.).
"Transfer Token" — a single-use, 72-hour bearer credential generated when one party initiates ownership transfer of a bike to another.
"Trustworthiness" — a 0–5 star peer rating Users give each other.
"User", "you", "your" — any natural person or legal entity using the Platform.
"Valuation" — the structured peer review submitted after a completed transaction (transfer or service booking).
"Veracity Score" — a 0–100 indicator of how trustworthy a Bike Record's claims are.

3. Eligibility, Accounts, and Acceptance

3.1. Who can use the Platform. You must be a natural person aged 18 or over, or a Minor with verified parental consent (see Section 4), or a duly authorised representative of a legal entity registering as a Business User.

3.2. Account creation. You can create an Account using:

a verified email address with a password you choose; or
a supported third-party login (Google, Apple), in which case you authorise us to receive your name and email address from that provider only.

3.3. One natural person, one Account. You may not maintain multiple Accounts to evade restrictions, manipulate reputation, or circumvent rate limits. Business Users may operate one Account per legal entity; individual staff access is handled through the seat system (Section 13).

3.4. Account responsibility. You are responsible for the confidentiality of your login credentials and for everything that happens through your Account. Notify us at security@velolog.io immediately if you believe your credentials are compromised.

3.5. Anonymous and pseudonymous use. Where reasonable, the Platform allows you to operate under a pseudonym. We will however require accurate identity information for:

Business Users (full legal identity, EUID-verified);
payments and invoices (where required by tax law);
ownership transfers (so the buyer can verify the seller has the right to sell);
compliance with law enforcement requests in cases of theft, fraud, or other lawful inquiry.

3.6. Refusal or removal. We may refuse to create — or may suspend or delete — an Account if we reasonably believe you provided false information, are circumventing a previous ban, or are likely to use the Platform unlawfully. Where suspension is practical, we will tell you the specific reason and give you an opportunity to respond.

3.7. Acceptance is by action. The agreement between you and VeloLog is concluded at the moment you confirm you have read and agreed to these Terms during registration, or at the moment you complete any paid transaction — whichever happens first.

4. Minors

4.1. The Platform is generally for adults but recognises that many bicycle owners are under 18. We have built specific protections rather than ban Minors outright.

4.2. Verified parental consent required. A Minor may use the Platform only if a parent or legal guardian provides verifiable consent before Account creation. Verification uses methods compliant with GDPR Article 8 (and equivalent national law in the UK).

4.3. Date of birth. We check date of birth at the consent gate. We do not retain the date of birth itself — only the consent record and the age-bracket indicator (Minor / Adult) — in line with data-minimisation.

4.4. Protections for Minors:

No marketing communications.
No public visibility of the Minor's Reputation Score or Trustworthiness rating until they turn 18.
Restricted contact: adults may contact a Minor only in the context of a confirmed Service Booking with a Business User or a confirmed transfer where the counterparty has been verified.
Anonymisation: any Content uploaded by a Minor is hosted under a pseudonymous handle, and the legal name is never displayed publicly.

4.5. Parental contact. If you are a parent or guardian and discover your child created a VeloLog Account without consent, contact

privacy@velolog.io. We will delete the Account and associated data within 30 days.

5. Subscriptions, Pricing, and Payment

5.1. Tiers.

Tier	Price	Key features
Basic Rider	Free	1 active bike, manual logging, Strava sync, public marketplace browsing
Premium Rider	€3 / month (base; lower with seniority)	2 bikes + add-on slots, wear tracker, record export, marketplace contact and listings, valuations
Add-on bike slot	€1.50 / month each	Adds one additional bike capacity to Premium
Business User — Owner seat	€6 / month (base; lower with seniority)	Service and Fleet modules, staff invitation, EUID-verified profile
Business User — Staff seat	€2 / month each	Mechanic / receptionist access to the Service module

5.2. Trial. New Business Users get a two-month free trial from the day they complete EUID verification. After the trial, billing begins automatically unless you cancel in advance.

5.3. Seniority discounts. Premium Rider and Business pricing decreases according to a published seniority schedule (longer continuous subscriptions get progressively lower prices). The current schedule is published on the pricing page and forms part of these Terms.

5.4. Total price transparency. The total price you will pay, including all applicable fees and taxes, is displayed clearly before you confirm any payment. We do not add fees at checkout that were not visible on the pricing page or product page. If a special fee applies in your jurisdiction (e.g. VAT), it is itemised separately.

5.5. Tax. VAT and any other applicable taxes are added or included as required by the law of your country of residence, which we determine using billing address, IP geolocation, and other lawful methods. Business Users may provide a valid VAT number to apply the reverse-charge mechanism where eligible. VAT invoices are available in your Account billing page for at least 12 months after issue.

5.6. Billing cycle. Subscriptions are billed monthly in advance unless a different cycle is shown at purchase. The first charge occurs immediately on starting a paid plan, or at the end of the trial for Business Users.

5.7. Auto-renewal. All subscriptions auto-renew until you cancel. We send a renewal-reminder email at least 7 days before each renewal at the address linked to your Account.

5.8. Cancellation. You can cancel auto-renewal at any time from your Account. After cancellation, you retain access to paid features until the end of the period already paid for. No partial-month refunds outside the

14-day withdrawal window (Section 6).

5.9. Payment methods. We accept the payment methods displayed at checkout (currently credit/debit cards via Stripe). Payment data is processed by our payment provider; we don't store full card numbers on our servers. See our Privacy Policy.

5.10. Failed payment. If a renewal fails, we retry automatically for up to 7 days and notify you by email. After this grace period, paid features are suspended; your Account, Bike Records, and event history are preserved indefinitely during suspension. Reactivation resumes immediately on successful payment.

5.11. Promotional codes. We sometimes issue discount codes via marketing campaigns or directly through the Ghost Admin (e.g. targeted to specific users). Codes have an expiry date and may have user-specific targeting; they cannot be combined unless explicitly stated.

6. Right of Withdrawal and Refunds (EU / UK Consumers)

6.1. Statutory right. If you are a consumer in the European Union or United Kingdom, you have a statutory right to withdraw from a subscription contract within 14 calendar days of payment, without giving any reason (EU Consumer Rights Directive 2011/83/EU and equivalent UK law).

6.2. Important — service begins immediately. The Platform begins providing the digital service as soon as your subscription is activated.

By starting your subscription, you give your explicit prior consent that we begin performance immediately, and you acknowledge that you will lose your right of withdrawal once the service has been fully performed. This acknowledgement is captured at the subscription checkout.

6.3. In practice:

Situation	Refund
Cancel within 14 days, no Premium-only feature used	Full refund
Cancel within 14 days, used at least one Premium-only feature	Pro-rata refund at our discretion (no statutory entitlement under Article 16(m) CRD)
Cancel after 14 days	No refund; access continues until end of paid period
Business User cancels during 2-month free trial	No refund (no payment was made), immediate cancellation

A "Premium-only feature" means: viewing a wear-tracker readout, exporting a Bike Record, contacting a marketplace counterparty, submitting a valuation as a counterparty, or any other feature reserved for paid tiers.

6.4. How to withdraw. Email billing@velolog.io within 14 days of your subscription start, stating your Account email and that you wish to withdraw. We will refund within 14 calendar days of receiving your request, using the original payment method.

6.5. Marketplace and Service Bookings are separate. This withdrawal right covers the Platform Subscription only. Withdrawal and refund terms for marketplace purchases (Section 10) and Service Bookings (Section 9) are governed by the agreement between you and the other party, not by us.

6.6. Statutory rights preserved. Nothing in this Section limits any mandatory consumer protection rights under the law of your country of residence.

7. Acceptable Use

7.1. You agree to use the Platform lawfully, in good faith, and consistently with these Terms.

7.2. You must not:

a) provide false or misleading information at registration, in any Event, or in any communication with another User;

b) register a bicycle that you do not own or are not authorised to register;

c) use automated tools (bots, scrapers, headless browsers, crawlers) to access, harvest, or republish Platform content — except via our official API under a separate agreement;

d) attempt to access any part of the Platform, other Users' Accounts, or our infrastructure that you are not authorised to access;

e) impersonate any other person, business, or our staff;

f) interfere with the Platform's normal operation (DoS attempts, abusing rate limits, attempting to bypass security mechanisms, etc.);

g) use the Platform to launder money, finance illegal activity, or transact in stolen goods;

h) raise a stolen flag in bad faith, manipulate reputation scores, retaliate against a service provider, brigade ratings, or coordinate with others to game any score on the Platform;

i) post Content that is illegal, hateful, threatening, harassing, sexually explicit, defamatory, infringing of intellectual property, or otherwise violates applicable law or the rights of others;

j) reverse-engineer, decompile, or attempt to extract the source code of the Platform, except to the extent mandatorily permitted by law;

k) resell, sublicense, or commercially exploit the Platform or data obtained through it, except as explicitly permitted by these Terms or a separate written agreement;

l) circumvent the Platform's contact-restriction features (e.g. by bypassing the Premium-required marketplace contact mechanism).

7.3. Algorithmic consequences. Where you breach this Section, we may apply automatic Reputation Score penalties, including but not limited to:

false stolen flag retracted after free window: −5
dispute lost: −8
no response to dispute within 48 hours: −5
stolen flag confirmed against you: −15
early fraud warning from your card network: −10
fraud confirmed (including a payment chargeback): −20 and possible Account termination

These are applied by the system. Payment-related fraud penalties are triggered by signals from our payment processor (Stripe) and the card networks — a chargeback or a card-network fraud warning on a transaction linked to your Account. Under GDPR Article 22, you have the right to request human review of any solely-automated decision that significantly affects you.

7.4. Suspension and termination. Material or repeated breaches may result in temporary suspension, permanent termination, or referral to law enforcement. See Section 16.

8. Registry and Bike Records

8.1. You own the factual content of your Bike Records (frame number, brand, model, photos, service history, etc.). We process and store this on your behalf, as data processor for the purpose of providing the Service.

8.2. Append-only by design. Once an Event is added to a Bike Record (service log, validation, transfer, stolen flag, etc.), it cannot be deleted or edited, even by you. Corrections are made by adding a new Event that notes the correction. This is the cornerstone of the registry's integrity — without immutability, the record loses its value.

8.3. Records persist across owners. When a bike changes hands through the Platform, the Bike Record stays with the bike, not the previous owner. The previous owner retains read access only to events from their ownership period. This is how a bike accumulates verifiable history over its lifetime.

8.4. Veracity Score. Each Bike Record has a Veracity Score (0–100) reflecting:

the Reputation Score of the User who originally registered the bike (snapshot at registration time);
the number, recency, and weight of independent shop validations.

A high Veracity Score indicates a record is well-supported by independent verifications; a low score signals it has not been independently checked.

8.5. Validation cooldowns. A single Business User can validate a single bike at most once every 90 days. Attempts beyond this are rejected by the system. This prevents one shop from artificially inflating a bike's Veracity by repeated validations.

8.6. Event signing. Every Event is cryptographically associated with the party that created it (Rider, Business User, or system) and timestamped at creation. Forging or attempting to forge an Event is a material breach of these Terms and may trigger automatic Reputation penalties and Account termination.

8.7. No guarantee of accuracy. Veracity Scores and Bike Record contents are indicators, not guarantees. We apply reasonable safeguards (identity verification, event signing, validation cooldowns, dispute mechanisms, stolen-flag protections) but we do not independently verify every claim. Before relying on a Bike Record for a significant decision (such as a purchase), independently inspect the bicycle, verify the frame number against the physical bike, and where appropriate consult a qualified mechanic.

8.8. Privacy. Bike Records and the photos attached to them are visible to:

the current owner and any past owners (for events during their ownership);
Business Users with active custody (during a service booking);
the public if and only if the owner has explicitly opted in to public visibility (default is private).

Marketplace-listing photos are public during the listing period (Section 10).

9. Service Bookings (Riders ↔ Business Users)

9.1. The Service module connects Riders and Business Users. Riders book services with verified shops; shops log work performed; both parties may rate each other afterward via the Valuation system (Section 12).

9.2. VeloLog is not a party to your Service Booking. When you book a service with a Business User, the contract is directly between you and that Business User. We facilitate the booking, the check-in/check-out flow, the event log, and the payment-information exchange — we do not provide the bicycle service ourselves, do not warrant the quality of the work, and do not hold service payments (unless an integrated-payments feature is explicitly described at the time of booking).

9.3. Booking state machine. A booking moves through states:

requested → shop_proposed → user_countered → confirmed → checked_in → in_service → ready_for_pickup → completed. Cancellations are governed by the Business User's cancellation policy, which they display in their profile.

9.4. Check-in transfers custody. When a Rider drops a bike off and the Business User confirms check-in, custody of the bike transfers to the shop. This affects who can raise stolen flags (Section 11).

9.4a. Estimated completion deadline and extensions.

When a Business User confirms a booking, they commit to an estimated completion date. This becomes the contractual deadline for the service.

If the shop realises they cannot finish by the deadline, they can request an extension with a mandatory written reason and a proposed new deadline. The Rider then:

Accepts (optionally with a comment) — the new deadline takes effect.
Declines with a written reason — the original deadline stands.
Doesn't respond within 48 hours — the extension is automatically accepted. The 48-hour silence rule prevents an unresponsive Rider from punishing a shop that's trying to communicate.

A maximum of 3 extensions can be granted per booking. Beyond that, the shop must deliver on the current deadline or accept the consequences.

If the bike isn't returned by the effective deadline (the original deadline plus any accepted extensions), the booking is marked as overdue. The shop's Reputation Score takes a modest penalty: −1 per overdue day, capped at −5 per booking. The cap exists so a one-off slow service doesn't disproportionately damage a shop's standing; repeat offenders accumulate across bookings.

If the Rider believes an overdue penalty was applied unfairly (e.g. the Rider was unresponsive to pickup attempts), the matter goes through the standard Dispute mechanism in Section 18.

9.5. No-show and late cancellation. Each Business User publishes their own no-show and cancellation policy on their profile. We are not responsible for fees charged under those policies; they are direct contractual matters between you and the shop.

9.6. Service event log. Once a service is completed, the Business User logs the work into the Bike Record. As with all Events, this entry is immutable and forms part of the bike's permanent history.

9.7. Disputes about services. If you and a Business User cannot resolve an issue with a service, you may open a Dispute through the Platform. The Dispute process is described in Section 18.

10. Marketplace and Peer-to-Peer Transfers

10.1. The Marketplace lets verified Premium Riders and Business Users list bikes for sale or transfer. Free-tier (Basic Rider) users can browse listings but cannot contact sellers or create listings themselves.

10.2. VeloLog is not a party to your transaction. When you buy or sell a bike through the Platform, you contract directly with the other party. We facilitate the listing, the contact mechanism, and the ownership-transfer machinery (Transfer Tokens, Section 10.5). We do not hold funds in escrow, do not warrant the condition or authenticity of the bike, and do not guarantee delivery.

10.3. All-in price disclosure. Sellers must include all Platform-level fees in the listing price as displayed. If we ever introduce a buyer-side service fee, it will be clearly itemised on the listing page before checkout, with the total price prominently displayed. We will not add mandatory fees at checkout that were not visible on the product page.

10.4. Seller obligations. When you list a bike for sale, you confirm that:

you legally own the bike or are authorised to sell it;
there is no active stolen flag, dispute, or other transfer block on the bike;
the description, photos, and condition statements are accurate to the best of your knowledge;
you will respond to buyer enquiries within a reasonable time;
you have the right to transfer ownership at the agreed price.

10.5. Transfer Tokens. Ownership transfers are completed through a single-use Transfer Token issued by the seller to the buyer.

a) Generating a Token does not by itself transfer ownership. b) Ownership transfers when the buyer redeems the Token, provided the seller still owns the bike at the moment of redemption. c) Tokens expire 72 hours after issue. d) Redemption is atomic — there is no intermediate state in which the bike has no owner or two owners. e) The seller can revoke a Token at any time before redemption.

10.6. Off-platform transactions. If you take a conversation off the Platform or complete a transaction outside the Platform's mechanisms, you do so at your own risk. We have no visibility into off-platform arrangements and none of our buyer or seller protections apply.

10.7. Counter-offers. The Platform supports counter-offers up to a maximum of 10 rounds per offer. Beyond that, the offer is closed and parties must start a new negotiation. This limits notification spam and counter-offer harassment.

10.8. Prohibited items. The Platform is for bicycles and associated components only. You may not list:

non-bicycle items;
bicycles you do not own or are not authorised to sell;
bicycles with active stolen flags;
counterfeit or replica parts described as genuine;
anything illegal in the buyer's or seller's jurisdiction.

10.9. Marketplace dispute resolution. Disputes between a buyer and seller use the Dispute mechanism in Section 18, with the additional remedy that an active Dispute may temporarily block ownership transfer until the dispute is resolved.

11. Stolen-Bike Flags and Recovery

11.1. The stolen-flag system lets you mark a bike as stolen so the community can help recover it. Flags are visible to anyone searching for the bike's frame number and to all Platform Users.

11.2. Who can raise a flag. Anyone with current custody of a bike may raise a stolen flag:

the current owner;
a Business User while the bike is checked in for service;
the owner again, on a fallback basis, if the Business User in custody is unresponsive for 24 hours after the bike was due to be returned.

11.3. Immediate effects of raising a flag.

The bike is blocked from transfer on the Platform until the flag is cleared.
The Bike Record is marked as "Reported stolen" with a timestamp.
Other Users searching the frame number see the flag.
We may automatically notify law-enforcement partners in jurisdictions where we have integrations.

11.4. Free 24-hour retraction window. If you raise a flag in error (bike was misplaced, not stolen), you can retract it within 24 hours with

no reputation penalty. Retraction after 24 hours is still possible but applies a −5 reputation penalty, since a false flag in the wild damages trust in the system.

11.5. Confirmation and resolution.

If the flag-raiser provides a valid police reference and other supporting evidence, we mark the flag as confirmed (the public-facing record changes from "Reported stolen" to "Confirmed stolen").
If the bike is recovered, the owner clears the flag with a recovery note.
If a party accused by the flag (the shop in custody at the time, the previous owner, etc.) wishes to challenge it, they may open a Dispute through the Section 18 mechanism, which produces an automated ruling at day 10.

11.6. False flags are a material breach. Raising a stolen flag in bad faith (to harm a service provider's reputation, to delay a transfer, to extort payment, etc.) is a serious breach of these Terms. Consequences include:

−20 reputation penalty;
Account suspension or permanent termination;
referral to law enforcement in cases of attempted fraud or extortion;
liability for any damages caused to the wrongly-accused party.

11.7. Recovery channel. If you find a bike you suspect is stolen according to a flag on VeloLog, contact the flag-raiser through the Platform messaging system. Do not approach the suspected thief in person. Contact local law enforcement and provide them with the bike's VeloLog record as supporting evidence.

11.8. Our role. We provide the technical infrastructure for flagging and the messaging channel. We do not investigate thefts, do not adjudicate ownership disputes outside the Platform's Dispute mechanism, and do not make law-enforcement decisions. Recovery of a stolen bike is ultimately a matter for the legal authorities of the relevant jurisdiction.

12. Valuations and Reputation

12.1. The Platform supports peer ratings ("Valuations") between Users. After a completed transaction (transfer or service booking), both parties may rate each other on category-specific 1–10 scores plus free-text comments.

12.2. Blind submission. Both parties' Valuations remain hidden from each other until both have submitted or until the 7-day submission window closes, whichever happens first. This prevents retaliatory ratings — neither party can see the other's rating before deciding their own.

12.3. Categories.

Direction	Categories
Rider rates Business User	Knowledge, Speed, Quality, Communication
Business User rates Rider	Kindness, Punctuality, Bike Condition, Communication
Rider rates Rider (transfer)	Honesty, Punctuality, Bike Condition, Communication

12.4. Aggregate scores. Individual Valuations combine into:

Trustworthiness (0–5 stars, weighted average of Valuations, recency-weighted);
Reputation Score (0–100, also affected by dispute outcomes, stolen- flag resolutions, booking streaks, etc.).

12.5. Public visibility. Aggregate scores are public on User profiles. Individual Valuation comments are visible on the rated party's profile unless they are removed under Section 12.7.

12.6. Honesty. Valuations must reflect your genuine experience. You must not:

coordinate with others to brigade up or down a target's rating;
offer or accept compensation in exchange for ratings;
post a Valuation for a transaction that never happened;
post a Valuation with the primary intent to retaliate for an unrelated matter (e.g. you didn't get the discount you wanted in a separate deal).

12.7. Valuation removal. We may remove a Valuation that:

violates these Terms (hate speech, doxxing, illegal content);
contains demonstrably false factual claims;
was clearly posted with retaliatory intent (e.g. immediately after a rule-violation report against the rater);
was generated through coordinated abuse.

Requesting removal of a Valuation does not guarantee it will be removed. You'll need to show how the Valuation violates these Terms.

12.8. Right to respond. You can publicly respond to any Valuation on your profile. We don't remove a Valuation just because you disagree with its opinion; we do remove ones that violate the policy above.

12.9. Automated decision-making. Reputation Scores and Trustworthiness are calculated algorithmically. Under GDPR Article 22, you have the right to request human review of any algorithmic decision that significantly affects you — contact support@velolog.io.

13. Business Users — Additional Terms

13.1. This Section applies in addition to the rest of these Terms for any User registered as a Business User.

13.2. EUID verification. Business User status requires verification of your business identity through the EU's EUID system (or an equivalent national business registry where EUID is not available). We re-verify quarterly. If your EUID lapses, becomes invalid, or is revoked, we will lock your Business User account pending re-verification.

13.2a. Manual EUID review. If the automated check wrongly reports your business as unverified, you can submit a registration certificate for manual review. The review is strictly mechanical: a platform reviewer confirms that the four data points on your certificate (business name, registration number, registered address, EUID) match the data you submitted. If all four match, the verification is approved; if any field does not match, the review is rejected with a specific reason and you can re-submit with corrected evidence. We aim to complete reviews within 5 working days. Manual review fulfils our obligations under GDPR Article 22 regarding automated decision- making. The reviewer does not assess whether your business "should" be on the platform — only document-data match.

13.3. Trial period. New Business Users get a two-month free trial beginning the day EUID verification completes. The trial includes full access to the Service and Fleet modules at no charge. Billing begins automatically at the end of the trial unless you cancel.

13.4. Seat-based billing. Business Users are billed per active seat. Owner seats and staff seats are priced separately. See Section 5.

13.5. Staff seats. The Owner seat can invite Mechanic and Receptionist seats. The Owner is responsible for the conduct of all staff seats they invite, including any breach of these Terms by that staff. Staff seats have role-restricted access (Mechanics can log services; Receptionists can manage bookings; only Owners can manage billing).

13.6. Independent data controllers. For personal data of your own customers that you process through the Platform (e.g. contact details of a private customer who books a service with you), you and VeloLog act as independent data controllers. Each party is responsible for its own GDPR compliance and any equivalent national law.

13.7. Service Catalogue accuracy. Prices, service descriptions, and estimated durations in your Service Catalogue must be accurate. Riders booking services rely on these. We may refer Disputes about misrepresentation to the Section 18 mechanism.

13.8. No fee skimming. You may not use Platform contact features to divert customers to off-Platform bookings to avoid Platform fees or undermine the reputation system. Repeated violations may result in Account termination and forfeiture of trial benefits.

13.9. Pro Seller status (where applicable). If you sell bikes through the Marketplace in a commercial capacity (regularly, for profit, beyond occasional personal sales), you are a "Pro Seller". As a Pro Seller:

you are responsible for registering with your country's business registry and fulfilling all related tax and social obligations;
EU consumer protection law applies to your sales to private individuals, including the legal warranty of conformity and statutory withdrawal rights;
you must clearly identify yourself as a professional seller in your listings.

13.10. Self-employed individuals. A self-employed natural person providing bike services qualifies as a Business User and must complete EUID verification before the Service module unlocks.

14. Content, Photos, and Intellectual Property

14.1. You own your Content. Photos, comments, service notes, listing descriptions, and any other material you upload remain your property.

14.2. Licence to us. You grant us a worldwide, royalty-free, non-exclusive licence to host, display, and process your Content strictly to the extent necessary to operate the Platform. This licence terminates when you delete the Content or your Account (subject to the backup retention described in our Privacy Policy).

14.3. No AI training. We do not use Content uploaded by Users to train generative AI models. Limited internal use of anonymised data to detect abuse on our own Platform (e.g. anti-spam, anti-fraud classifiers) is permitted, but we do not sell, license, or transfer your Content to any third party for AI-training or similar purposes.

14.4. EXIF metadata stripping. Phone photos commonly contain GPS coordinates and other location data in their EXIF metadata. We automatically strip all EXIF metadata from photos you upload before they are published. This protects your home or storage location from inadvertent disclosure.

14.5. Photo visibility.

Bucket	Visibility
Bike-photos (private)	Owner + any party with active custody
Listing-photos (public)	All Platform Users during active listing
Event-photos (semi-private)	Linked to a specific Event; visible to anyone who can see that Event

14.6. Removing your photos. You can delete any photo you uploaded at any time. Photos in the public Listing bucket are removed from public view within 24 hours of deletion; private-bucket photos are removed immediately.

14.7. Reporting abuse. If you see Content that violates these Terms, report it to abuse@velolog.io. We aim to acknowledge within 24 hours and resolve within 72 hours.

14.8. Our intellectual property. The Platform itself — code, design,

VeloLog name and word mark, database schema, documentation, and all other material we created or licensed — is owned by us or licensed to us and is protected by international IP law. Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to use the Platform for its intended purpose. This licence does not include any right to copy, modify, distribute, or create derivative works of the Platform itself.

14.9. Feedback. If you send us suggestions, feature requests, or feedback, we may use that feedback without obligation to you (no payment, no attribution required).

14.10. Open source. Parts of the Platform incorporate open-source software under their respective licences. A current list is at

velolog.io/legal/oss.

15. Personal Data, Privacy, and Account Deletion

15.1. Our processing of personal data is described in detail in the Privacy Policy at velolog.io/privacy. By using the Platform, you acknowledge that Privacy Policy.

15.2. Account deletion is available at any time from your settings. On deletion:

Timing	What happens
Within 24 hours	Your name is replaced with "Former member" on public surfaces; your contact details are removed from active databases; marketing communications stop
Within 30 days (default)	All personal data we are not required to retain is purged. You can request immediate or extend to 90 days at deletion time
Indefinitely	The immutable Bike Record event log is anonymised — your legal name is replaced by the snapshot of your display name at the time of each Event — but the Events themselves are preserved. Marketplace transactions and billing records are retained 7 years for tax/accounting. Consent records are retained as required by GDPR

15.3. Why some data is retained. The Bike Records you contributed to exist not only for you but for the future owners of those bikes. Deleting the entire record would erase part of every bike's history. We resolve this tension by anonymising your role, not deleting the Events.

15.4. Data portability and access. You can request a machine-readable export of your personal data at any time from privacy settings, or by contacting privacy@velolog.io. We will respond within one month, as required by GDPR.

15.5. Other rights. You have the right to:

access, rectify, erase, restrict, and object to processing of your data;
data portability;
withdraw consent at any time (for processing based on consent);
lodge a complaint with your national data protection authority.

15.6. Data Protection Officer. Contact dpo@velolog.io.

15.7. Law-enforcement disclosure. We may disclose personal data when:

required by law, a court order, or a properly-served regulatory request;
necessary to investigate suspected fraud, theft, or other serious crime affecting our Users (especially in stolen-bike investigations);
necessary to protect the rights, property, or safety of VeloLog, our Users, or the public.

We attempt to notify affected Users where it is lawful and feasible to do so.

16. Modifications, Suspension, and Termination

16.1. Changes to these Terms. We may update these Terms from time to time.

For changes that materially affect your rights or obligations, we will notify you at least 30 calendar days before they take effect, by email and on the Platform.
For non-material changes (typo fixes, clarifications, contact-address changes), we may publish without advance notice.

16.2. Right to reject. If you don't agree with material changes, you have the right to cancel your subscription and delete your Account before the effective date. We will refund any unused part of an annual prepayment on a pro-rata basis. Monthly subscriptions accrue no refund.

16.3. Continuing use after the effective date of changes counts as acceptance.

16.4. We may suspend or terminate your access to the Platform if we reasonably believe:

a) you are in material breach of these Terms; b) you provided false information at registration or in any Event; c) you are using the Platform to facilitate illegal activity; d) suspension is required by law, regulator, or competent authority; e) there is a security or fraud concern with your Account.

16.5. Notice. Where suspension is practical, we will tell you the specific reason and give you a chance to respond. Where immediate suspension is necessary (e.g. for security), we will explain promptly after.

16.6. Termination by you. Delete your Account at any time. Termination ends your right to access the Platform but doesn't affect outstanding obligations (such as unpaid invoices).

16.7. Termination by us, for cause. We may terminate this agreement immediately for material breach not remedied within 14 days of our written notice. Termination for cause does not require pro-rata refund.

16.8. Termination by us, without cause. We may also terminate without cause by giving you 60 days' notice, with a pro-rata refund of any unused prepayment.

16.9. Planned downtime. We may take the Platform offline temporarily for maintenance, with reasonable advance notice. Emergency downtime may be unannounced.

16.10. Force majeure. We are not liable for delays or failures caused by events outside our reasonable control (natural disaster, war, infrastructure failure, government action, etc.).

17. Liability and Disclaimers

17.1. Our liability is determined by applicable law. We are liable for damage caused by our wilful or grossly negligent breach of these Terms, and for damage caused by ordinary negligence to the extent that applicable consumer-protection law requires.

17.2. What we don't promise. To the maximum extent permitted by law:

a) Reputation, Veracity, and Trustworthiness scores are indicators — not guarantees. They reflect the rules and data we have at the time. We are not responsible for purchase, sale, or service decisions you make based on these scores.

b) We do not warrant that any specific Bike Record is complete or accurate. We apply technical and procedural safeguards but cannot independently verify every claim made by every User.

c) We do not warrant uninterrupted, error-free, or perfectly secure operation of the Platform. We apply reasonable measures (Section 19) but no online service is invulnerable.

d) We are not a party to your transactions with other Users — Service Bookings, Marketplace transfers, etc. We don't guarantee delivery, fitness for purpose, or quality.

17.3. Liability caps. For breaches not covered by mandatory consumer protection or product liability law, our aggregate liability to you in any

12-month period is limited to:

User type	Cap
Paid Subscribers	total subscription fees you paid us in the 12 months preceding the event giving rise to the claim
Free Users	EUR 100

This cap does not apply to liability for death or personal injury caused by our negligence, fraud, or any other category of liability that cannot be limited under applicable law.

17.4. Third-party services. The Platform integrates with third-party services (Strava, Stripe, Resend, EUID providers, OAuth providers, etc.). We are not responsible for their availability, accuracy, or security. Your use of those services is governed by their own terms.

17.5. Links to other websites. The Platform may contain links to third-party sites. We don't control these and aren't responsible for their content or practices.

18. Reporting Abuse, Dispute Resolution, and Applicable Law

18.1. Internal complaints first. If you believe we, or another User, have violated these Terms or your rights:

For content violations by other Users (offensive listings, abusive messages, etc.): report to abuse@velolog.io. We acknowledge within 24 hours and resolve within 72 hours.
For transactional disputes with another User: use the in-Platform Dispute mechanism described below.
For our own conduct: contact legal@velolog.io with a clear description and any supporting evidence. We acknowledge within 5 working days and respond substantively within 30 days.

18.2. Dispute mechanism (User vs User).

Day	What happens
0	Either party opens a Dispute through the Platform
0–2	The respondent has 48 hours to acknowledge
0–7	Both parties may submit evidence (photos, receipts, police references, witness statements, Platform logs)
10	If unresolved by mutual agreement, the automated ruling engine assesses weighted evidence and produces a ruling
10+	The automated ruling is final on the Platform. Users who disagree may request human review under GDPR Article 22 (see §18.4) or escalate via the EU ODR or a national consumer authority (see §18.5)

Reputation effects of Dispute outcomes:

Won: +5
Lost: −8
No response within 48 hours: −5

18.3. Evidence weights. The automated ruling engine assigns indicative weights:

Evidence type	Weight	Max per party per dispute
Police reference	30	1
Purchase receipt	25	1
Photo with metadata	15	3
Platform log	20	unlimited
Witness statement	5	3
Other	5	5

18.4. Human review under GDPR Article 22. You have the right to request human review of any Dispute decision made solely by automation. Submit the request through the Dispute interface within 14 days of the ruling.

What human review covers:

verification that all evidence you submitted was correctly classified and weighted as documented in §18.3;
verification that no party submitted evidence beyond the per-type caps;
verification that the ruling engine applied the rules as published.

What human review does not cover:

substantive re-adjudication of the merits. We do not act as a second decision-maker on disputes between Users. If you disagree with the ruling's conclusion (not its mechanics), the appeal path is EU ODR or your national consumer authority — see §18.5.

If the human-review check finds the automation was applied incorrectly, we re-run the ruling with the correct inputs. The new ruling stands.

18.5. EU Alternative Dispute Resolution. If you are an EU consumer unsatisfied with our response, you have the right to:

use the EU Online Dispute Resolution platform at ec.europa.eu/consumers/odr, or
contact the consumer-protection authority of your country of residence, or
contact any competent national ADR body.

18.6. Courts. Consumers may bring claims in the courts of their country of residence. Business Users agree that the competent courts of

[Company's jurisdiction] have exclusive jurisdiction over any dispute under these Terms.

18.7. Governing law. These Terms are governed by the law of

[jurisdiction], without prejudice to mandatory consumer protection laws of your country of residence.

19. Information Security

19.1. We apply technical and organisational measures to protect the Platform and your personal data:

Encryption at rest for personal data, with separate cryptographic keys for distinct sensitive fields;
Authenticated and rate-limited access to all sensitive endpoints;
Least-privilege access for our staff, with audit logs for any access to User data;
Regular security testing and dependency scanning;
Incident response procedures with notification to affected Users and regulators within the time frames required by law (GDPR Article 33: 72 hours to the supervisory authority for breaches likely to result in risk to the rights and freedoms of natural persons).

19.2. No system is perfectly secure. We make significant investment in security, but no online service can guarantee absolute security. If a security incident affects your data, we will notify you without undue delay as required by applicable law.

19.3. Your responsibility. You are responsible for:

keeping your password secure and using a unique password;
enabling multi-factor authentication when offered;
protecting devices that have access to your Account;
promptly notifying us of any suspected compromise via security@velolog.io.

20. Final Provisions

20.1. Entire agreement. These Terms (together with the Privacy Policy and any specific subscription terms you have explicitly agreed to) constitute the entire agreement between you and VeloLog regarding the Platform, and supersede any prior agreements between us.

20.2. Severability. If any provision is held invalid or unenforceable, the rest continues in full force, and the invalid provision is replaced with one that achieves the closest lawful effect.

20.3. No waiver. If we don't enforce a right under these Terms in a particular instance, that does not waive the right. We can still enforce it in the future.

20.4. Assignment. You may not assign these Terms or any rights under them. We may assign these Terms to a successor entity (corporate restructuring, acquisition) provided the assignee assumes our obligations. We will notify you of any such assignment; you have the right to terminate your subscription within 14 days of notification if you do not agree.

20.5. Notices.

Purpose	Email
General questions	hello@velolog.io
Billing and refunds	billing@velolog.io
Privacy / GDPR	privacy@velolog.io
Data Protection Officer	dpo@velolog.io
Security incidents	security@velolog.io
Legal / formal complaints	legal@velolog.io
Abuse reports	abuse@velolog.io
Press	press@velolog.io

20.6. Postal address. [Legal Entity Name], [Address line 1], [Address line 2], [City], [Postcode], [Country]. Company registration number: [Number]. VAT number: [Number].

20.7. Language. These Terms are written in English. Translations are for convenience only; the English version prevails in case of conflict.

20.8. No partnership. These Terms do not create any partnership, joint venture, agency, or employment relationship between you and VeloLog.

Version 2.0 — drafted from research across reference platforms (carVertical, Bike Index, Vinted, Booksy, Airbnb) with specific attention to EU CPC Network enforcement guidance for online marketplaces. Last updated: [Date].

Internal notes for legal review (delete before publication)

This is a working draft. Send this to a qualified EU privacy/contract lawyer before publishing — I (the drafter) am not a lawyer. Below are the specific areas where a lawyer's input is most important:

Compliance anchors used

This draft addresses the specific failure modes that the EU CPC Network enforced against Vinted (case closed June 2024):

CPC issue	Where in this draft
Hidden buyer-protection fee	§5.4, §10.3 (total-price transparency)
Misleading "free" advertising	§5.1 (clear price table), no "free" claims for paid features
Unclear refund procedure	§6.4 (specific email, specific timeline)
Counterfeit handling	§10.8 (prohibited items list)
Identity-verification disclosure	§13.2 (EUID), §15.7 (law-enforcement)
Review-system honesty	§12 (full Valuations section with retaliation policy)

Also addresses:

GDPR: Articles 6 (lawful basis), 8 (minors), 13 (info to data subjects), 17 (erasure), 20 (portability), 22 (automated decisions), 33 (breach notification).
EU Consumer Rights Directive 2011/83: Article 16(m) carve-out for digital services that begin immediately.
Unfair Commercial Practices Directive: total-price transparency, no misleading representations.
Unfair Contract Terms Directive: balanced terms — no clause is so one-sided as to give regulator concern.
EU Digital Services Act (DSA): notice-and-action procedures for illegal content (§14.7, §18.1), transparent T&Cs, content moderation procedures.
UK consumer law equivalent (post-Brexit): the same substantive protections apply via the Consumer Rights Act 2015 and the Consumer Contracts Regulations 2013.

Sections needing lawyer's specific review

§4 (Minors): The age threshold and parental-consent mechanism need to match the law of every Member State where the Platform operates (e.g. DE sets 16, FR sets 15, others vary). Article 8 GDPR allows Member States to set ages between 13 and 16. The current draft uses 18; that may be more conservative than required but more defensible.

§6.2 (Withdrawal carve-out): The "express prior consent + acknowledgement of loss of withdrawal right" mechanism in Article 16(m) CRD has very specific formal requirements. The checkout flow UI must match these exactly. A lawyer needs to review both the legal text here AND the actual checkout implementation.

§7.3, §12.9, §18.4 (Automated decisions, GDPR Article 22): The Platform makes several decisions algorithmically (reputation deltas, dispute auto-ruling, EUID re-verification). Some of these may meet the "significantly affects" threshold and require human review on request. Confirm with a lawyer that our offer of human review on request is sufficient — some interpretations require human review by default for certain categories.

§13.6 (Independent data controllers): The "independent controllers" model is appropriate for some data flows but the Business User may also be acting on our instructions in others — a lawyer needs to confirm that we haven't accidentally constructed a joint-controller relationship (which would require a joint-controller agreement under Article 26 GDPR).

§17.3 (Liability caps): Caps on liability for consumers are tightly restricted in the EU. The current draft preserves all mandatory protections but a lawyer should confirm the cap wording is enforceable in each Member State of operation.

§16 (Modifications): 30 days' notice for material changes is more generous than carVertical's 5 days; this matches post-DSA expectations.

§18.6 (Choice of jurisdiction): Depends on the Company's incorporation. Generic placeholder used.

§13.9 (Pro Seller): The distinction between "occasional private seller" and "Pro Seller" is increasingly important under EU consumer law and the new DAC7 reporting directive. The current draft sketches the distinction; a lawyer should confirm the exact threshold (sales per year, revenue per year) we use in practice and what additional tax-reporting we owe.

All functional email addresses: These need to actually exist as monitored inboxes before launch. Pointing them at a developer's personal email is a compliance risk.

Privacy Policy: Multiple sections cross-reference velolog.io/privacy. That document needs to exist with matching content before these Terms can go live. The current draft of this EULA needs a paired Privacy Policy of similar depth.

Comparison with reference platforms

Module	carVertical model	Our adaptation
Reports/Records	One-shot vehicle history reports	Ongoing, immutable, multi-event Bike Records
User base	Mostly car buyers	Riders + Business Users + Minors
Transactions	Buy report from carVertical	Peer-to-peer transactions between Users; we facilitate
Reputation system	None	Full Valuations + Reputation Score + Trustworthiness
Stolen-bike module	None	Adapted from Bike Index
Service bookings	None	Adapted from Booksy
Marketplace	None	Adapted from Vinted (specifically anti-CPC failure modes)
Retaliation protection	None	Stronger than Airbnb (blind-until-both-submit)

This is significantly more complex than carVertical's terms — appropriate, because we have significantly more product surface.