Skip to main content

Privacy Policy

Last updated: February 6, 2026

1. Controller

The controller responsible for data processing on this website is:

Jannik Henke
Karl-Kellner-Straße 97
30853 Langenhagen, Germany
Email: jannikhenke@gmail.com

2. What data we collect

2.1 Account data

When a team administrator creates your driver account, we store your name, username, email address (optional), iRacing customer ID, driver number, and nationality. You may optionally add a bio, avatar, and social media handles (Discord, Twitter).

2.2 iRacing statistics

With your consent, we retrieve your publicly available iRacing statistics (iRating, safety rating, license class, career stats) from the iRacing service to display on your team profile. This data is refreshed periodically.

2.3 Race and telemetry data

During live race events, our telemetry client collects performance data including lap times, fuel usage, pit stop timings, tire data, damage incidents, and track conditions. This data is linked to your driver account for strategy purposes. Telemetry data is automatically deleted after 90 days.

2.4 Availability and preferences

When you submit your availability for an event, we store your time windows, availability status, and driving preferences (e.g., avoid night stints, maximum consecutive stints).

2.5 Authentication and security

We store a hashed version of your password (bcrypt), failed login attempt counters, and security event logs (login timestamps, IP addresses). Passwords are never stored in plain text.

2.6 Server access logs

Our web server (Traefik reverse proxy) automatically logs each HTTP request. These logs contain: IP address, date and time, requested URL, HTTP status code, response size, referrer URL, and browser user agent string. We process this data on the basis of our legitimate interest (Art. 6(1)(f) GDPR) for ensuring server stability, security, and abuse prevention. Server logs are rotated and automatically deleted after 14 days.

3. Cookies and local storage

3.1 Essential cookies

We use the following strictly necessary cookies:

  • Session cookie (authjs.session-token) — Keeps you logged in. Expires after 7 days. HTTP-only, secure, cannot be read by JavaScript.
  • CSRF token (authjs.csrf-token) — Protects against cross-site request forgery. Session-scoped.
  • Cookie consent (cookie-consent) — Remembers your cookie preference. Expires after 365 days.

3.2 Local storage

We use browser local storage to remember UI preferences (sidebar state) and to enable offline-first functionality for the race strategy planner (pending sync queue, undo/redo history). This data stays in your browser and is not transmitted to our servers.

3.3 No tracking

We do not use Google Analytics, advertising cookies, tracking pixels, or any third-party analytics tools. We do not track your browsing behavior.

4. Legal basis for processing

  • Contract performance (Art. 6(1)(b) GDPR) — Processing your account data, availability, and race telemetry is necessary to provide the team management platform you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — Security logging (login attempts, IP addresses) to protect accounts from unauthorized access.
  • Consent (Art. 6(1)(a) GDPR) — Optional data such as social media handles, bio, and iRacing statistic retrieval. You can withdraw consent at any time.

5. Third-party services

5.1 Hosting

This website is hosted on a dedicated server provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes data exclusively within the European Union. See Hetzner's privacy policy.

5.2 iRacing

When syncing driver statistics, we communicate with iRacing.com (iRacing Motorsport Simulations, LLC, USA) using their API. Only your iRacing customer ID is transmitted. Data transfer to the USA is based on your explicit consent (Art. 49(1)(a) GDPR) when you provide your iRacing ID. You may withdraw this consent at any time by contacting us; however, this will not affect the lawfulness of processing before the withdrawal.

5.3 Discord

Race announcements and results may be shared to our Discord server via the Discord API (Discord Inc., USA). No personal driver data is sent to Discord — only event information (race title, track, schedule). As no personal data is transferred, GDPR transfer restrictions do not apply to this integration.

6. Data retention

  • Account data: Retained until you request deletion or are removed by an administrator.
  • Telemetry data: Automatically deleted after 90 days.
  • Session tokens: Expire after 7 days.
  • Security logs: Retained for up to 12 months for security purposes.
  • Server access logs: Automatically deleted after 14 days.

7. Your rights

Under the GDPR, you have the right to:

  • Access — Request a copy of all personal data we hold about you.
  • Rectification — Correct inaccurate data via your profile page or by contacting us.
  • Erasure — Request deletion of your account and all associated data.
  • Restriction — Request that we limit processing of your data.
  • Data portability — Receive your data in a structured, machine-readable format.
  • Object — Object to processing based on legitimate interest.
  • Withdraw consent — Withdraw consent for optional data processing at any time without affecting prior processing.

To exercise any of these rights, contact us at jannikhenke@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority is the data protection authority of the German federal state where you reside.

8. Obligation to provide data

Providing your name and username is required to create an account and use the platform (contractual requirement). Without this data, we cannot provide you access to the team management features. All other personal data (email, iRacing ID, bio, social links, availability, preferences) is voluntary. There is no statutory obligation to provide any personal data.

9. Automated decision-making

We do not use automated decision-making or profiling as defined in Art. 22 GDPR. No decisions with legal or similarly significant effects are made automatically based on your personal data. Strategy suggestions in the race planner are purely mathematical calculations and do not constitute profiling.

10. Data security

All data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed using bcrypt. The database is hosted on a private network not accessible from the internet. Access to the server is restricted to SSH key authentication with fail2ban protection.

11. Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we will notify registered users via the platform.

← Back to homepage