What is Cyclesite and how does it work?

Cyclesite is a UK marketplace for buying and selling used bikes. Sellers photograph the bike's serial number when listing, and we check it against stolen bike databases before it goes live. Buyers browse for free, message sellers, and pay through Stripe with escrow protection. Listing fees start from £10.99.

Is it safe to buy a second-hand bike on Cyclesite?

Yes. The serial number photo that sellers provide when listing does two things: it proves the seller physically has the bike, and it lets us check the serial against stolen bike databases. If the bike comes back as reported stolen, the listing is blocked. Payments go through Stripe with escrow, so your money is held until you confirm you're happy. If something goes wrong, our dispute team can step in. You can also check any bike yourself for free at cyclesite.co.uk/stolen-bikes.

How much does it cost to sell a bike?

Listing fees start from £10.99 for a standard listing. Auction listings may include additional fees. There are no hidden charges, and you can see the full pricing breakdown on our pricing page before you list.

What bikes can I find on Cyclesite?

Everything from road bikes and mountain bikes to electric bikes, gravel bikes, hybrids, kids' bikes, and folding bikes. You'll find popular brands like Specialized, Trek, Giant, Canyon, Cannondale, and Brompton, plus smaller and boutique brands. Listings cover the whole of the UK, with bikes available in London, Manchester, Birmingham, Edinburgh, Bristol, and hundreds of other towns and cities.

How are payments handled?

Secure payments are available through Stripe. When you choose to pay through the platform, your money can be held in escrow until you've confirmed the bike matches the listing. Buyers and sellers can also arrange payment directly if they prefer.

Data Processing Agreement

Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Cyclesite Terms of Service and applies to the processing of personal data by TPSTORES LIMITED (trading as Cyclesite) on behalf of users in accordance with the UK General Data Protection Regulation (UK GDPR, being the EU GDPR as retained in UK law by the European Union (Withdrawal) Act 2018) and the Data Protection Act 2018.

1. Definitions

In this DPA:

"Controller" means the natural or legal person which determines the purposes and means of processing personal data
"Processor" means a natural or legal person which processes personal data on behalf of the controller
"Data Subject" means an identified or identifiable natural person
"Personal Data" means any information relating to an identified or identifiable natural person
"Processing" means any operation performed on personal data

2. Roles and Responsibilities

For the purposes of this DPA:

Cyclesite acts as a Data Controller for platform operations and user accounts
Users (sellers and buyers) act as Data Controllers for their own listing data and communications
Cyclesite may act as a Data Processor when processing data on behalf of dealers and business users

3. Scope of Processing

Cyclesite processes personal data for the following purposes:

User account management and authentication
Facilitating communication between buyers and sellers
Processing transactions and payments
Providing analytics and reporting services
Preventing fraud and ensuring platform security
Complying with legal obligations

4. Data Categories

The personal data processed may include:

Identity data (name, username, email address)
Contact data (phone number, address, postcode)
Technical data (IP address, browser type, device information)
Transaction data (payment details, purchase history)
Usage data (page views, interactions, preferences)
Marketing data (communication preferences)

5. Data Subject Rights

Data subjects have the following rights under UK GDPR:

Right to access their personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to data portability
Right to object to processing
Rights related to automated decision-making

6. Security Measures

Cyclesite implements appropriate technical and organizational measures including:

Encryption of data in transit (HTTPS/TLS)
Encryption of sensitive data at rest
Access controls and authentication
Regular security audits and penetration testing
Employee training on data protection
Incident response procedures

7. Sub-Processors

Cyclesite may engage the following categories of sub-processors:

Cloud hosting providers (AWS, Google Cloud)
Payment processors (Stripe)
Email service providers
Analytics platforms
Customer support tools

A current list of sub-processors is available upon request.

8. Data Transfers

Personal data may be transferred to and processed in countries outside the UK and EEA. Where such transfers occur, Cyclesite ensures adequate safeguards are in place through:

Standard Contractual Clauses (SCCs)
Adequacy decisions by relevant authorities
Binding Corporate Rules

9. Data Retention

Personal data is retained only for as long as necessary:

Active user accounts: Duration of account + 6 months
Transaction records: 7 years (legal requirement)
Marketing data: Until consent is withdrawn
Technical logs: 90 days

10. Data Breach Notification

In the event of a personal data breach, Cyclesite will:

Notify the ICO within 72 hours where required
Notify affected data subjects without undue delay if high risk
Document all breaches and remedial actions
Cooperate with regulatory authorities

11. Audit Rights

Controllers have the right to audit Cyclesite's data processing activities upon reasonable notice and subject to confidentiality obligations.

12. Termination

Upon termination of services:

Personal data will be returned or deleted as requested
Deletion will occur within 30 days unless legal retention applies
Certificates of deletion can be provided upon request

13. Liability and Indemnification

Each party shall be liable for damages caused by processing in violation of data protection obligations to the extent permitted by law.

14. Governing Law

This DPA is governed by English law and UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Contact

For questions about this DPA or data processing practices, please contact our Data Protection Contact at:

Email: support@cyclesite.co.uk

This DPA supplements our Privacy Policy and forms part of our overall commitment to data protection and GDPR compliance.

Was this page helpful?