Privacy Policy
Throttl — operated by Marshal Labs LLC
Effective Date: April 19, 2026 · Last Updated: April 19, 2026
This Privacy Policy explains how Marshal Labs LLC ("Marshal Labs," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the Throttl mobile application ("Throttl" or the "App") on iOS or Android. It also describes your rights under applicable law and how to exercise them.
Throttl is available to users in the United States and Canada only.
If you have questions, contact us at support@getthrottl.com or visit getthrottl.com/privacy.
1. Who We Are
Marshal Labs LLC is a US-based company that builds software for the motorcycle riding community. We operate Throttl.
We do not sell personal data. We do not run advertising. Throttl is supported entirely by premium subscriptions.
2. Information We Collect
We collect only what is necessary to operate the App. The table below describes each category, the specific data collected, the source, and the purpose.
| Category | Data | Source | Purpose |
|---|---|---|---|
| Identifiers | Name; email address — if your sign-in method exposes an email address (for example, via a third-party single sign-on provider), our authentication service stores that email on your account record. Throttl does not store email separately in its own database, does not send transactional or promotional emails, and does not offer email/password sign-in. Phone number (if phone auth used) | Your single sign-on provider, or your phone number via SMS verification | Profile display (name); account identity on the authentication service record (email — never shown publicly and never used for outbound communication); SMS verification (phone number — never shown publicly) |
| Profile content you provide | Your name, photos (profile and bike), biographical text, riding preferences, and any optional details or links you choose to share. | Uploaded by you | Displaying your profile to other Throttl users and tailoring the experience to your preferences. |
| Safety data | Reports you submit about other users or events, users you block, and moderation decisions we make regarding your account (such as temporary suspensions). | Created by you; moderation decisions about your account from our team. | Community safety — investigating reports, enforcing the Terms of Use, and maintaining your block list. |
| Social connections | Your connections with other riders on Throttl — friend requests, friendships, and group memberships you participate in. | Created by you | Enabling the social features you opt into — your rider network, group chats, and event RSVPs. |
| Approximate location | City / area-level location only | You, via device location permission | Rider discovery; event proximity matching |
| User-generated content | Event data (title, description, location, date); in-app messages (event group chat and 1:1 direct messages) | Created by you | Core app functionality |
| Commercial information | Subscription status (premium or free); purchase and payment records | Our subscription management provider, Apple App Store, Google Play | Feature gating; tax compliance |
| Device identifiers | Push notification token | Your device | Sending push notifications |
| Profile interactions | Records of which Throttl profiles you have viewed, and the timestamp of your most recent activity in the App. | Your activity within the App | Used to show profile view activity to Throttl Premium subscribers, and to determine account inactivity per Section 8. |
2.1 Authentication
Throttl supports Sign in with Apple, Sign in with Google, and phone number authentication. We do not offer email/password account creation. We never receive or store your identity provider password. Phone authentication uses a one-time SMS verification code — we do not store the code after verification.
2.2 Information We Do Not Collect
We do not collect:
Precise GPS coordinates — see Section 4
Passwords — we do not use password-based accounts. Authentication is handled by third-party identity providers or one-time SMS verification codes
Payment card numbers or banking information — all payment processing is handled by Apple, Google, and our subscription management provider
Biometric identifiers
Browsing history or cross-app activity
Device advertising identifiers (IDFA/GAID)
Sensitive personal information as defined by CPRA (Social Security numbers, health data, racial or ethnic origin, etc.)
Data from children under 13 — see Section 9
3. How We Use Your Information
We use the information described above for the following purposes:
Providing and improving the App: Creating and maintaining your rider profile; displaying your name, profile photo, and bike photos to other riders; showing you riders and events near your approximate location (rider discovery); enabling event creation, discovery, RSVP, and participation; powering event group chat and 1:1 messaging; managing your premium subscription and feature access.
Account management and communications: Authenticating your identity via a third-party identity provider or phone number; sending push notifications about events, messages, and account activity. Throttl does not send transactional or promotional emails. If your sign-in provider exposes an email address to us, that email is stored on your authentication service record for identity purposes only and is not used for outbound communication. Throttl does not offer email/password sign-in.
Legal compliance: Maintaining subscription and payment records as required by US and Canadian tax law; responding to lawful legal process.
Content moderation: User-submitted text is sent to our content moderation processor to check for content that violates our community policies before it is published.
We do not use your information for advertising, behavioral profiling for third-party commercial purposes, or automated decision-making that produces legal or similarly significant effects.
4. Location Data and Privacy
Location privacy is a core design principle of Throttl.
What we store: We store your location at city or area level only. We do not store precise GPS coordinates in any database table or file that is accessible to other users.
What other users see: Other users see only your approximate area — never precise coordinates, even premium users. The fuzzed location used for rider discovery cannot be reverse-mapped to your actual position.
What we do not do: We do not track your real-time location, log location history, sell or share location data with third-party data brokers or advertisers, or expose precise coordinates to any user.
Transient processing: To the extent any precise coordinate is processed transiently on our servers to derive the city-level value, it is discarded immediately and never written to any client-accessible record.
Event locations: Events have a publicly listed venue or meeting point. Because event locations are intentional, public gatherings at known addresses, precise event coordinates may be shared through the App. This is a distinct category from user location data and is not subject to the same privacy treatment.
Revoking permission: You may revoke location permission at any time through your device's system settings. Doing so disables location-based discovery features but does not affect other App functionality.
5. How We Share Your Information
We do not sell your personal information. We do not share your personal information with data brokers, advertising networks, or analytics platforms.
We share information only in the following circumstances.
5.1 Service Providers
We use the following third-party services to operate Throttl. Each processes your data only as directed by us, under data processing agreements, and only to the extent necessary to provide their service.
| Service category | Purpose | Data shared |
|---|---|---|
| Platform-as-a-service provider | User authentication, real-time database, file storage, and push messaging | Account identifiers, profile content, messages, push tokens |
| Subscription management provider | Processing in-app subscription purchases, managing entitlements, and validating receipts | Subscription status, anonymous purchase identifier |
| Edge content delivery and security provider | Serving the public web surfaces (getthrottl.com) and protecting the API from abuse | Network request metadata (IP address, user agent) |
| Cloud hosting provider | Running the Throttl API and associated services | Any data transmitted between the Throttl app and our API |
| In-app map rendering provider | Displaying maps in the app | Map viewport coordinates (not precise user location) |
| Content-safety scoring provider | Scoring user-submitted text and images for policy violations before they are published | Text and images you submit (not retained for training; retained briefly by the provider per their terms) |
We do not integrate advertising SDKs, third-party analytics platforms, or any other third-party service beyond those listed above.
5.2 Other Users
Your name, profile photo, bike photos, and approximate location (city/area) are visible to other Throttl users. Your email address is never shown to other users.
Event data you create is visible to users who view or RSVP to your events. Messages in event chats are visible to all event participants. 1:1 messages are visible only to you and the recipient.
Links you add to your Instagram or TikTok profiles in your Throttl profile are visible to all other riders who view your profile.
If you are a Throttl Premium subscriber, you can see a list of users who have viewed your profile. This means other premium subscribers can see when you view their profile.
5.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Marshal Labs, our users, or the public. We will notify you of such disclosures where legally permitted.
5.4 Business Transfers
If Marshal Labs LLC is acquired, merges with another entity, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will post an updated privacy policy and provide in-app notice before your information becomes subject to a materially different privacy policy.
6. Data Retention
We retain your information only as long as necessary for the purposes described in this policy or as required by law.
6.1 Per-Category Retention Schedule
| Category | Retention Period | Basis |
|---|---|---|
| Name | Duration of account; deleted within 45 days of deletion request | Account operation |
| Profile photo | Duration of account; deleted within 45 days of deletion request | Profile display |
| Bike photos | Duration of account; deleted within 45 days of deletion request | Profile display |
| Approximate location | Duration of account; deleted within 45 days of deletion request | Rider discovery |
| Push notification token | Deleted on account deletion or notification permission revocation | Notifications |
| Future events (no RSVPs) | Deleted immediately on account deletion | N/A |
| Future events (with RSVPs) | Retained during 30-day soft-delete window, then deleted | Attendee continuity |
| Past events | Retained 3 years post-event date in anonymized form ("Former Member") | Community record |
| Past event chat messages | Open for 90 days post-event; read-only after 90 days; permanently deleted 15 months after event date. Sender IDs removed on account deletion | Community record |
| Future event chat messages | Deleted with associated event | N/A |
| 1:1 direct messages | Retained; deleted user shown as "Former Member" | Service continuity for recipients |
| Financial transaction records (purchase dates, amounts, subscription periods) | 7 years from transaction date | US federal tax law; Canadian GST/HST |
| Inactive free accounts | Purged after 24 months of inactivity | Data minimization |
| Inactive premium accounts | Purged after 36 months of inactivity or 24 months after subscription expiry, whichever is later | Data minimization |
6.2 Anonymization
"Anonymized" means all directly identifying fields (name, email, user ID linkage, profile photos) have been removed or replaced with a generic label such as "Former Member." Anonymized records cannot reasonably be re-linked to you.
7. Account Deletion
You may delete your account at any time from within the App. You may also submit a deletion request by emailing support@getthrottl.com.
7.1 Deletion Process
Immediately upon your deletion request: Your profile is hidden from rider discovery and is no longer visible to other users. Future events you created with no RSVPs are deleted immediately. Shared links to those events will return a not-found error.
During the 30-day soft-delete window: Your account data is preserved in a hidden state to allow for accidental deletion recovery. Contact support@getthrottl.com to restore your account during this window. Future events with RSVPs remain visible to attendees during this window and are deleted when the window closes.
After 30 days (hard delete): All remaining personal data is permanently deleted, including: your authentication service record; push notification tokens; database profile and account records; profile photo and bike photos held by our file storage provider; your subscriber record with our subscription management provider.
7.2 Event Handling at Deletion
At the time of deletion, you may choose to also delete future events you created. Past events are anonymized — your name is replaced with "Former Member" — to preserve other attendees' content and messages. The following rules apply:
| Content Type | Disposition |
|---|---|
| Future events with no RSVPs | Deleted immediately |
| Future events with RSVPs | Retained during 30-day soft-delete period, then deleted |
| Past events | Retained in anonymized form for 3 years from event date; your name replaced with "Former Member" |
| Past event chat messages | Open for 90 days post-event; read-only after 90 days; permanently deleted 15 months after event date. Sender identifiers removed on account deletion; chat remains accessible to other participants |
| Future event chat messages | Deleted with the associated event |
| 1:1 messages | Retained for the other participant; your identity shown as "Former Member" |
7.3 Financial Records After Deletion
When you delete your account, your subscriber record with our subscription management provider (the link between your user identity and subscription status) is deleted as part of the hard-delete process described above. However, anonymized financial transaction records (purchase dates, amounts, and subscription periods) are retained by our subscription management provider for 7 years from the transaction date to comply with US federal tax law and Canadian GST/HST requirements. These records are not linked to your App profile after deletion.
7.4 Processing Time
We will acknowledge account deletion requests within 45 days of receipt and complete deletion promptly thereafter.
8. Inactive Account Purge
To minimize data we hold on accounts no longer in use, we automatically purge inactive accounts. "Inactive" is measured from the latest of your last login, your last content creation, or your last payment event.
8.1 Free Accounts
Notice at 21 months of inactivity: Push notification and in-app notice.
Purge at 24 months of inactivity: Your account becomes subject to deletion, and account and associated data are deleted using the same process described in Section 7.
8.2 Premium Accounts
Notice at 33 months of inactivity (or 21 months after subscription expiry, whichever is later): Push notification and in-app notice.
Purge at 36 months of inactivity, or 24 months after subscription expiry, whichever is later: Your account becomes subject to deletion.
8.3 Pausing and Resetting the Purge Clock
A pending data portability request pauses the purge clock until the request is fulfilled. Signing in, creating content, or making a payment resets your activity date.
9. Children's Privacy
Throttl is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). Our sign-up flow requires Sign in with Apple, Sign in with Google, or a phone number, all of which have their own verification mechanisms.
If we learn that we have collected personal information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, contact us at support@getthrottl.com.
10. Advertising and Sale of Data
We do not serve advertisements in Throttl. No advertising SDKs are integrated into the App.
We do not sell your personal information to third parties for money or other valuable consideration, and we have not done so in the preceding 12 months. This includes "selling" as defined under the CCPA/CPRA.
We do not share your personal information for cross-context behavioral advertising.
Throttl is supported entirely by premium subscriptions, not by advertising or data monetization.
11. Premium Subscriptions and Financial Records
Throttl offers optional monthly and annual premium subscriptions through the Apple App Store and Google Play, managed via our subscription management provider. Payment processing is handled entirely by Apple and Google — we never receive or store your payment card information.
When you delete your account, your subscriber record with our subscription management provider (the link between your user identity and subscription status) is deleted as described in Section 7. However, anonymized financial transaction records (purchase dates, amounts, and subscription periods) are retained by our subscription management provider for 7 years from the transaction date to comply with US federal tax law and Canadian GST/HST requirements.
Premium subscription status is used solely to unlock premium features within the App. It is not used to make inferences about you or shared with advertisers.
12. Your Privacy Rights
Regardless of where you live, you may exercise the following rights:
Right to Access — request a copy of the personal information we hold about you, including the categories, purposes, and third-party recipients.
Right to Deletion — request deletion of your account and personal information, either through the in-app deletion flow (see Section 7) or by contacting us. Acknowledged within 45 days.
Right to Correction — request correction of inaccurate personal information. Most profile data can be updated directly in the App.
Right to Data Portability — request a machine-readable export of your personal information. We respond within 45 days. A pending portability request pauses your inactive account purge clock (see Section 8.3).
Right to Opt Out of Sale — we do not sell personal information, so there is nothing to opt out of. We include this statement for completeness.
Non-Discrimination — we will not discriminate against you or degrade your service for exercising any privacy right.
How to Submit a Request
Email support@getthrottl.com with the subject line "Privacy Request — [Right You Are Exercising]." Include the email address associated with your Throttl account so we can verify your identity. We will respond within 45 days. If we need additional time, we will notify you within the initial 45-day window.
You may also designate an authorized agent to submit requests on your behalf. We will require written authorization and may verify your identity directly.
13. California Residents — CCPA/CPRA
This section supplements the rest of this policy and applies to residents of California under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
13.1 Categories of Personal Information Collected (Last 12 Months)
| CPRA Category | Specific Data | Collected? | Retention |
|---|---|---|---|
| Identifiers | Name; email address (received only when your sign-in provider exposes one — stored on your authentication service record and not stored separately by Throttl); push notification device token | Yes | Duration of account; deleted within 45 days of deletion request |
| Personal information (Cal. Civ. Code § 1798.80) | Name; email address (received only when your sign-in provider exposes one); reports you submit about other users or events; users you block; your connections with other riders (friend requests, friendships, and group memberships) | Yes | Duration of account; deleted within 45 days of deletion request |
| Characteristics of protected classifications | None | No | N/A |
| Commercial information | Subscription status, purchase history | Yes | Subscription status: duration of account (deleted with account). Financial transaction records: 7 years |
| Biometric information | None | No | N/A |
| Internet / electronic network activity | Network request metadata (via our edge content delivery and security provider); push notification tokens; records of which Throttl profiles you have viewed | Yes (limited) | Per our edge content delivery and security provider's standard retention; push notification tokens and profile-view records deleted with account |
| Geolocation data | Approximate (city/area) location only — never precise coordinates | Yes | Duration of account; deleted within 45 days of deletion request |
| Audio, electronic, visual information | Profile photo, bike photos | Yes | Duration of account; deleted within 45 days of deletion request |
| Professional / employment information | None | No | N/A |
| Education information | None | No | N/A |
| Inferences drawn from above | None | No | N/A |
| Sensitive personal information | None | No | N/A |
13.2 Sources
Personal information is collected from: you directly (profile setup, content creation), your single sign-on provider or phone number (sign-in), our subscription management provider (subscription events), and our authentication and push messaging providers (device tokens).
13.3 Business Purpose
As described in Section 3. We collect personal information only for disclosed purposes — not for profiling, sale, or cross-context behavioral advertising.
13.4 Third-Party Disclosure
As described in Section 5. No personal information is sold or shared for cross-context behavioral advertising.
13.5 Sale and Sharing
We have not sold or shared any personal information in the past 12 months, and we do not intend to do so.
13.6 Sensitive Personal Information
We do not collect sensitive personal information as defined by CPRA. Approximate location data, which may qualify as sensitive under certain interpretations, is used solely to power rider discovery and event proximity features — not to infer characteristics about you. You may limit our use of this data by revoking location permission in your device settings or by contacting support@getthrottl.com; however, doing so will disable location-based features.
13.7 Your California Rights
In addition to the rights described in Section 12, California residents have the right to:
Know the specific pieces of personal information collected about them.
Limit use of sensitive personal information (not applicable — we do not collect sensitive personal information).
To exercise your rights, contact support@getthrottl.com. We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). We do not charge a fee for the first request in any 12-month period. You may designate an authorized agent to submit requests on your behalf.
13.8 Other US State Residents
Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire, Minnesota, Rhode Island, and Maryland may have rights under their respective state privacy laws similar to those described in Section 13 (California). These rights generally include the right to know what personal information we collect, the right to access and delete that information, the right to correct inaccuracies, the right to data portability, and the right to opt out of the sale or sharing of personal information or targeted advertising.
Throttl does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not process personal information for profiling that produces legal or similarly significant effects. To exercise any applicable state privacy right, please follow the instructions in Section 12 (Your Privacy Rights) or contact us at the address in Section 17.
14. Canadian Residents — PIPEDA
This section applies to residents of Canada under the Personal Information Protection and Electronic Documents Act (PIPEDA). Marshal Labs LLC complies with PIPEDA's ten fair information principles.
14.1 Accountability
Marshal Labs LLC is responsible for personal information under its control. Our designated privacy contact is reachable at support@getthrottl.com.
14.2 Identifying Purposes
We identify the purposes for collecting personal information at or before the time of collection. These purposes are described in Section 3 of this policy.
14.3 Consent
By creating a Throttl account using Sign in with Apple, Sign in with Google, or phone number authentication, you consent to the collection, use, and disclosure of your personal information as described in this policy. You may withdraw consent at any time by deleting your account or by contacting support@getthrottl.com, subject to legal or contractual obligations. Withdrawing consent may mean we can no longer provide the App to you.
14.4 Limiting Collection
We collect only the personal information necessary for the purposes identified in this policy. We do not collect personal information indiscriminately.
14.5 Limiting Use, Disclosure, and Retention
We use and disclose personal information only for the purposes for which it was collected, except with your consent or as required by law. We retain it only as long as necessary, as described in Section 6.
14.6 Accuracy
We take reasonable steps to keep personal information accurate, complete, and up to date. You may update your profile information directly in the App or request corrections at support@getthrottl.com.
14.7 Safeguards
We protect personal information using security safeguards appropriate to the sensitivity of the information, as described in Section 15. These include encryption in transit and at rest, access controls, and authentication via established identity providers.
14.8 Openness
This Privacy Policy is publicly available at getthrottl.com/privacy. We make information about our privacy practices available upon request at support@getthrottl.com.
14.9 Individual Access
Upon request, we will provide access to the personal information we hold about you, including what we hold, how we use it, and to whom we have disclosed it, subject to limited exceptions under PIPEDA. You may also request correction of inaccurate information. See Section 12 for how to submit a request.
14.10 Challenging Compliance
You have the right to challenge our compliance with PIPEDA. Contact support@getthrottl.com with questions or complaints. We will investigate all complaints and respond within 30 days. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
14.11 Financial Records and GST/HST
Anonymized financial transaction records (purchase dates, amounts, and subscription periods) are retained for 7 years in compliance with Canadian GST/HST requirements under the Excise Tax Act, even after account deletion. Your subscriber record with our subscription management provider (the link between your identity and subscription status) is deleted as part of the account deletion process described in Section 7.
14.12 Cross-Border Data Transfers
Your personal information is processed by the service providers listed in Section 5.1, which includes our platform-as-a-service provider, cloud hosting provider, edge content delivery and security provider, subscription management provider, in-app map rendering provider, and content-safety scoring provider. All of these processors are located in the United States; some may have subprocessors in additional jurisdictions. Section 5.1 describes these providers in more detail. By using Throttl, you consent to this transfer. We implement contractual and technical protections during such transfers.
15. Security
We implement technical and organizational measures to protect your personal information, including:
Encryption in transit — all data between the App and our servers is encrypted using industry-standard security protocols.
Encryption at rest — data stored by our service providers is encrypted at rest.
Access controls — production access is restricted to personnel with a legitimate business need, using least-privilege service accounts.
No passwords stored — authentication is handled by Sign in with Apple, Sign in with Google, or one-time SMS codes. We never store or process passwords.
Database security rules — database and storage access is restricted to authenticated users with appropriate permissions.
Location data protection — precise user coordinates are never stored in a client-accessible form.
Network protection — all traffic between the App and our servers is routed through our edge content delivery and security provider.
No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@getthrottl.com.
Breach notification
If we discover a security incident that has compromised or is reasonably likely to have compromised your personal information in a manner creating a real risk of significant harm, we will notify affected users without unreasonable delay. Such notice will describe the nature of the incident, the categories of personal information affected, the steps we have taken in response, and any recommended actions you can take to protect yourself. Where required by law, we will also notify the applicable regulatory authorities, including the Office of the Privacy Commissioner of Canada (as required under PIPEDA) and the California Attorney General (as required under California Civil Code § 1798.82). You may contact us at the address in Section 12 to report a suspected security incident.
16. Changes to This Policy
When we make material changes to this Privacy Policy, we will:
1. Post the revised policy at getthrottl.com/privacy with an updated effective date.
2. Display an in-app notice the next time you open Throttl.
For minor or non-material changes (such as clarifications that do not affect your rights), we will update the policy without separate notification.
Your continued use of Throttl after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree, you may delete your account before the effective date.
17. Contact Us
Marshal Labs LLC
Email: support@getthrottl.com
Privacy Policy URL: getthrottl.com/privacy
For privacy-related requests, email support@getthrottl.com with the subject line "Privacy Request — [Right You Are Exercising]." Include the email address associated with your Throttl account so we can verify your identity. We respond within 45 days.
For Canadian residents, if you are not satisfied with our response to a privacy complaint, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.
Questions? Contact us at support@getthrottl.com
© 2026 Throttl · Marshal Labs LLC
This Privacy Policy is effective as of April 19, 2026.