What is Cyclesite and how does it work?

Cyclesite is a UK marketplace for buying and selling used bikes. Sellers photograph the bike's serial number when listing, and we check it against stolen bike databases before it goes live. Buyers browse for free, message sellers, and pay through Stripe with escrow protection. Listing fees start from £10.99.

Is it safe to buy a second-hand bike on Cyclesite?

Yes. The serial number photo that sellers provide when listing does two things: it proves the seller physically has the bike, and it lets us check the serial against stolen bike databases. If the bike comes back as reported stolen, the listing is blocked. Payments go through Stripe with escrow, so your money is held until you confirm you're happy. If something goes wrong, our dispute team can step in. You can also check any bike yourself for free at cyclesite.co.uk/stolen-bikes.

How much does it cost to sell a bike?

Listing fees start from £10.99 for a standard listing. Auction listings may include additional fees. There are no hidden charges, and you can see the full pricing breakdown on our pricing page before you list.

What bikes can I find on Cyclesite?

Everything from road bikes and mountain bikes to electric bikes, gravel bikes, hybrids, kids' bikes, and folding bikes. You'll find popular brands like Specialized, Trek, Giant, Canyon, Cannondale, and Brompton, plus smaller and boutique brands. Listings cover the whole of the UK, with bikes available in London, Manchester, Birmingham, Edinburgh, Bristol, and hundreds of other towns and cities.

How are payments handled?

Secure payments are available through Stripe. When you choose to pay through the platform, your money can be held in escrow until you've confirmed the bike matches the listing. Buyers and sellers can also arrange payment directly if they prefer.

How Your Data is Protected

What Cyclesite collects, how it is stored and the self-serve tools you can use to download, correct or delete your data under UK GDPR.

Last updated 22 April 2026

We are GDPR compliant. We never sell user data. Buyer and seller addresses are only shared with the courier and the counter-party at the point of dispatch. You can download or delete your data at any time from Account → Privacy.

How your data is protected

Cyclesite is built so you control what is stored about you. This page explains what we collect, how it is protected and the tools you can use to manage it.

What we collect

When you use Cyclesite we hold:

Account details, email, password (hashed, never in plain text), display name, optional profile photo and optional location.
Listings and messages, anything you post, send or save on the platform.
Transaction records, purchases and sales, kept for seven years as required by HMRC.
Technical data, basic device and session information needed to sign you in and keep the account secure.

We do not collect more than we need and we do not sell personal data to advertisers.

How we protect it

Encryption in transit. All traffic uses TLS 1.2 or higher.
Encryption at rest. Databases and backups are encrypted on disk.
Password hashing. Passwords are hashed with bcrypt. We cannot read them, even internally.
Access controls. Only a small number of staff have production access, tied to role and audited.
Third-party partners. We use Stripe for payments, UK stolen-bike databases for stolen-bike checks and SMTP providers for email. Each handles only the data it needs, under a written data-processing agreement.

Your rights under UK GDPR

You have the right to:

Access the personal data we hold about you.
Rectification of anything that is wrong.
Erasure of your account and personal data.
Portability, receive your data in a machine-readable format.
Restrict or object to certain kinds of processing, such as marketing.

You can exercise most of these yourself from Account, Privacy. For anything the self-serve tools do not cover, email our Data Protection Officer.

Self-serve tools

You can use these without contacting us:

Download my data on the Privacy page generates a ZIP of your profile, listings, messages and orders. The download link is valid for seven days.
Delete my account on the same page starts the 30-day deletion process, see How to Delete Your Account.
Email preferences at Account, Contact Preferences let you opt out of marketing without deleting your account.

Contacting our Data Protection Officer

For anything not covered by the self-serve tools, including complaints, rights requests for someone else's account, or questions about a specific data use, email dpo@cyclesite.co.uk.

We reply within five working days and must complete most rights requests within one calendar month under UK GDPR. Complex requests can take up to three months, but we will tell you within the first month if that is the case.

The full policy is in our Privacy Notice.

Frequently asked questions

What data does Cyclesite collect?

Account details (email, hashed password, optional display name, optional location), listings and messages you create, transaction records (retained seven years for HMRC) and basic technical data needed to sign you in securely. Nothing is sold to advertisers.

How do I download my data?

Go to Account, Privacy and choose Download my data. We generate a ZIP of your profile, listings, messages and orders. The download link is valid for seven days.

Do you sell my data?

No. Personal data is never sold. We share only the minimum needed with Stripe (payments), UK stolen-bike databases (stolen-bike checks) and our email provider, each under a written data-processing agreement.

How are passwords stored?

Passwords are hashed with bcrypt before they are stored. Nobody, including Cyclesite staff, can read your password. If you forget it, you reset it rather than retrieving it.

Who should I contact about a privacy question?

Our Data Protection Officer at dpo@cyclesite.co.uk. We reply within five working days and must complete most rights requests within one calendar month under UK GDPR.