Skip to main contentSkip to main content
LAP
Sign Up

Legal

Privacy Policy

How LAP collects, processes, and protects your data. Effective: 2026-02-01. Last updated: 2026-03-06.

Data We Collect

Account information (email, name, password hash), telemetry CSV files (GPS traces, speed, throttle, brake data), usage analytics (feature usage, session counts), and payment information (processed by Stripe — we never store card numbers).

How We Use Your Data

Telemetry data is processed to generate analysis reports, scoring, coaching plans, and visualizations. Account data supports authentication, billing, and support. Usage data helps us improve the platform. We do not sell your data.

Data Retention

Raw telemetry retention depends on your plan: Demo (30 days), Racer (90 days), World-Class (365 days). Reports, scores, and lap data are retained indefinitely while your account is active. Account data is retained while your account is active and for 30 days after a deletion request.

Third-Party Processors

We use the following sub-processors, each operating under data processing agreements:

  • Stripe — payment processing (PCI DSS compliant)
  • Resend — transactional email
  • Cloudflare — CDN, DNS, DDoS protection
  • Hetzner — server hosting (EU data center, Falkenstein, Germany)

The full list is maintained at /subprocessors.

Your Rights (GDPR)

You have the right to:

  • Access your data (Data Export)
  • Rectification (update profile)
  • Erasure (delete account)
  • Data portability (ZIP export with GPS precision reduction)
  • Restriction of processing
  • Object to processing

Exercise rights via Settings > Data & Privacy or contact our DPO at dpo@lap-coach.racing.

Cookies

We use necessary cookies for authentication and security. Analytics and marketing cookies are only activated with your explicit consent. You can manage preferences at any time via the cookie settings in the footer.

Data Security

  • Passwords are hashed with Argon2id (time cost 3, memory 64 KiB)
  • JWTs are signed with HS256 with short-lived access tokens
  • All connections use TLS 1.2+
  • Database access is controlled with PostgreSQL Row-Level Security
  • Two-factor authentication is available for all accounts
  • Daily encrypted backups with 7-day retention

Contact

Data Protection Officer: dpo@lap-coach.racing. For privacy inquiries, support tickets, or to exercise your data rights, contact us through Settings > Support or email directly.

Terms of ServicePlans & RetentionManage Your Data