Privacy policy

Controller: Vectron Racing Lab — Telemetry Assistant product. Website: https://www.vectronracing.com Privacy contact: Support area in your account (Account page) or the contact form published on the site. We process personal data as controller under the GDPR and, where applicable, Brazil's LGPD.

Account and profile: username, email, display name, optional avatar, preferred language, internal user and workspace identifiers. Credentials: password stored only as a hash; temporary MFA codes sent by email (we do not store full email message content in the application). Service usage: uploaded telemetry files (e.g. ACC/MoTeC .ld/.ldx, iRacing .ibt), session and lap metadata, analysis jobs, generated reports, plan quotas (storage, AI analyses), and technical operation logs. Payment data: for paid plans, card processing and billing are handled by Stripe; we do not store full card numbers on our servers. Support data: messages, attachments, and ticket protocols from Account → Support. Website analytics (optional): with your consent, aggregated dashboard usage via Google Analytics 4.

Provide the contracted service — contract performance. Manage account, authentication (email confirmation, MFA), plans, and support — contract and legitimate interest in platform security. Process payments — contract and legal obligations. AI corner deep analysis (Anthropic), only when you request it — contract / implicit consent by requesting the feature. Improve reliability, security, and observability — legitimate interest. Analytics cookies (GA4) — consent, withdrawable at any time.

We use strictly necessary cookies for authentication (e.g. HttpOnly JWT session cookie). With explicit consent, we enable Google Analytics 4 for aggregated usage statistics. Preference is stored in the browser (localStorage). You may refuse in the cookie banner — analytics scripts will not load. Refusing analytics cookies does not block login, upload, or telemetry analysis.

We use providers that process data on our behalf only as needed: • Hetzner / hosting — servers and storage in the European Union. • Managed PostgreSQL (e.g. Neon). • Resend — transactional email. • Stripe — payments and subscriptions. • Anthropic — corner deep analysis when requested, with aggregated telemetry sent server-side. • Google (Analytics) — site statistics, only with consent. We do not sell personal data. Your workspace telemetry is isolated from other users by multi-tenant controls.

Some processors (e.g. Stripe, Resend, Anthropic, Google) may process data outside the EEA. Where this occurs, we rely on appropriate safeguards such as EU Standard Contractual Clauses or adequacy decisions, as applicable.

Account data: while the account is active and, after deletion request, as long as needed to complete deletion and meet legal obligations (typically up to 30 days unless longer retention is required by law). Telemetry and reports: kept in your workspace while you maintain the account unless you delete sessions/laps or request account deletion. Support records: up to 24 months after ticket closure. Billing data (via Stripe): as required by applicable tax law (typically 7–10 years). Security logs: up to 90 days unless incident investigation requires longer retention.

We apply appropriate technical and organizational measures including hashed passwords, email MFA on login, HttpOnly JWT cookies on the dashboard, Bearer tokens on the desktop client, workspace isolation, path validation, HTTPS in production, and API access controls. No system is 100% secure; we will notify authorities and users when required by law in case of a breach posing risk to your rights.

Under GDPR and LGPD (where applicable), you may request access, rectification, erasure, portability, restriction, objection, and withdrawal of consent where processing is consent-based. In Account → Security & privacy you can update your profile, export an account data summary, and submit an account deletion request for operational processing. We respond within the statutory period (generally 30 days) and may ask for identity verification.

The service is intended for users aged at least 16 (or the digital consent age in your country, if higher). We do not knowingly collect data from minors. Contact us if you believe a minor provided data so we can delete it.

We may update this policy for legal or product changes. We will publish the new version on this page with an effective date. Material changes will be communicated by email or prominent in-app notice with reasonable advance notice.

Privacy questions: Support in your account or contact published at www.vectronracing.com. You may lodge a complaint with your supervisory authority (e.g. CNPD in Portugal, ANPD in Brazil).