Privacy Policy
Effective Date: [EFFECTIVE_DATE]
Last Updated: [LAST_UPDATED]
1. Introduction
[COMPANY_NAME] ("we," "our," or "us") operates the LapLogic platform, including our desktop application, mobile applications, and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy applies to all users of our Service, regardless of location, and addresses the requirements of the General Data Protection Regulation (GDPR) for users in the European Union and United Kingdom, as well as the California Consumer Privacy Act (CCPA) for California residents.
By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect several types of information to provide and improve our Service:
2.1 Account Information
When you create an account, we collect:
- Email address (used as your unique identifier)
- Name (first and last name)
- Password (stored in encrypted/hashed form)
- OAuth identifiers (if you sign in via Google)
2.2 Payment Information
When you subscribe to a paid plan, payment processing is handled by Stripe. We store:
- Stripe customer ID (to link your account to your payment profile)
- Last four digits of your payment card
- Card brand and expiration date
- Subscription status and billing cycle
We do not store your full card number or CVV. All payment data is processed and secured by Stripe in accordance with PCI-DSS standards.
2.3 Racing and Telemetry Data
The core functionality of LapLogic involves collecting and analyzing racing telemetry:
- Session data: lap times, sector times, session duration, best lap times
- Telemetry samples: speed, throttle position, brake pressure, steering angle, RPM
- G-force data: lateral and longitudinal acceleration
- GPS coordinates: racing line and position data
- Weather conditions: ambient temperature, track temperature (when provided)
- Vehicle setup data: suspension settings, alignment, aerodynamics, tire information
2.4 Mobile Sensor Data
When using our mobile application as a lap timer:
- GPS location: for lap timing, racing line analysis, and track identification
- Accelerometer data: for G-force capture and analysis
- Speed calculations: derived from GPS data
2.5 Driver Profiles
You may create driver profiles containing:
- Driver name
2.6 Vehicle Information
You may store vehicle profiles including:
- Make, model, and year
- Vehicle class and type
- Race number and team affiliation
- Setup configurations and revision history
2.7 AI Feature Usage
When using our AI-powered features (AI Race Engineer, AI Driver Coach):
- Chat messages between you and the AI assistant
- AI recommendations generated for your sessions
- Your feedback on AI suggestions
- Context data used to generate recommendations (session summaries, setup parameters)
2.8 Device and Technical Information
We automatically collect:
- Device identifiers (for multi-device sync)
- Platform information (operating system, app version)
- Error reports (crash logs, stack traces for debugging)
- IP address (for security and approximate location)
- Usage analytics (feature usage, session counts)
2.9 Cookies and Similar Technologies
Our website uses cookies and similar technologies to:
- Maintain your session and keep you logged in
- Remember your preferences
- Analyze site usage to improve our Service
You can control cookie preferences through your browser settings. Note that disabling cookies may affect some functionality.
3. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Service, including syncing data across your devices
- Process transactions and manage your subscription
- Generate AI-powered insights and recommendations for your racing performance
- Analyze telemetry data to provide driver coaching and setup optimization
- Communicate with you about your account, updates, and support requests
- Improve our Service through usage analytics and feedback
- Ensure security by detecting and preventing fraud or unauthorized access
- Comply with legal obligations and respond to lawful requests
Important: Your Data Is Not Used for AI Training
We do not use your data to train AI models. Your telemetry data, vehicle setups, session information, and other content are used solely to provide you with the AI-powered features you have requested (such as AI Race Engineer recommendations and AI Driver Coach analysis). Your data remains yours and is never used to train or improve general-purpose AI models.
4. Legal Basis for Processing (GDPR)
For users in the European Union and United Kingdom, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Performance of contract |
| Processing payments | Performance of contract |
| AI recommendations | Performance of contract |
| Account security | Legitimate interest |
| Service improvements | Legitimate interest |
| Marketing communications | Consent (where required) |
| Legal compliance | Legal obligation |
You have the right to withdraw consent at any time where consent is the legal basis for processing.
5. Data Sharing and Third Parties
We do not sell your personal information. We share data only in the following circumstances:
5.1 Service Providers
- Stripe: Payment processing. Stripe's privacy policy: https://stripe.com/privacy
- Google: OAuth authentication (if you choose to sign in with Google). Google's privacy policy: https://policies.google.com/privacy
- Cloud hosting providers: For data storage and service operation
5.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests by public authorities.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
5.4 With Your Consent
We may share information with third parties when you have given us explicit consent to do so.
6. Data Retention
We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Telemetry and session data | 5 years from creation, or until account deletion |
| Payment records | 7 years (legal/tax requirements) |
| Error logs | 1 year |
| AI chat history | 2 years, or until account deletion |
When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
7. Your Rights
7.1 GDPR Rights (EU/UK Users)
If you are located in the European Union or United Kingdom, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at [PRIVACY_EMAIL].
7.2 CCPA Rights (California Residents)
If you are a California resident, you have the following rights under the CCPA:
- Right to know: Request information about what personal data we collect, use, and disclose
- Right to delete: Request deletion of your personal data
- Right to opt-out: Opt out of the sale of personal data (note: we do not sell personal data)
- Right to non-discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at [PRIVACY_EMAIL].
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
For transfers from the EU/UK, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption: Data encrypted in transit (TLS) and at rest
- Password security: Passwords are hashed using industry-standard algorithms
- Access controls: Limited access to personal data on a need-to-know basis
- Regular security assessments: Ongoing monitoring and testing of our systems
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
10. Children's Privacy
Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [PRIVACY_EMAIL], and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top of this policy
- Sending you an email notification (for significant changes)
We encourage you to review this Privacy Policy periodically for any changes.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: [PRIVACY_EMAIL]
Address: [COMPANY_NAME] [COMPANY_ADDRESS]
For GDPR-related inquiries, you may also contact your local data protection authority if you believe we have not adequately addressed your concerns.
This privacy policy was last reviewed on [LAST_UPDATED].