Kart Track Privacy Policy

Last Updated: March 2026

1. Introduction

Welcome to Kart Track! Your privacy is important to us. This Privacy Policy explains in detail how we collect, use, store, and protect your information when you use our mobile application and website. We are committed to transparency about our data practices and your rights.

By using Kart Track, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the app.

2. Information We Collect

We collect various types of information to provide and improve our services. Below is a comprehensive breakdown of all data we collect:

2.1 User Account Information

Email Address: Used for account creation, authentication, password recovery, and important service communications
Password: Securely hashed and stored by Supabase authentication service (we never store plain-text passwords)
Full Name: Used for account personalization and display within the app
Username: Auto-generated unique identifier used for sharing setups with other users and team members
Transponder IDs: Optional racing transponder numbers (up to 2) for race tracking purposes

2.2 Session Data

When you track a karting session, we collect:

Session Metadata: Session name, session type (Practice, Heat Race, Pre-Final, Final, Qualifying, Test Day, Arrive-and-Drive), track location, event date, creation timestamps
Performance Data: Best lap time, total number of laps, best lap number, driver notes and feedback
Kart Configuration: Kart model (chassis), engine type, kart weight, wheel type, tire compound
Tire Data: Cold pressure, hot pressure, and tire temperature for each of the four tires (left front, right front, left rear, right rear)
Setup Data: Front and rear ride heights, front and rear track widths, wheelbase settings, toe, camber, caster, ackerman steering settings (top/mid/bottom), ackerman spindle, torsion bar, axle stiffness, seat struts configuration, hubs, gear ratio, drive sprocket teeth count, rear sprocket teeth count, clutch settings
Carburetor Data (if enabled): Main jet, idle jet, idle emulsifier, emulsion tube, needle position, throttle valve, air screw, float height, pop-off pressure, fulcrum setting, low-speed and high-speed needle settings, general carburetor notes

2.3 Telemetry Data

When you upload telemetry files for AI coaching analysis, we collect:

Uploaded Files: Files exported from data logging systems. Raw files are not permanently stored — only the parsed summary data is retained.
Parsed Telemetry Summary: Lap times, speed, RPM, throttle, braking, G-force, temperature, and sector data extracted from your telemetry files
GPS Traces: Latitude and longitude coordinates recorded by your data logger, used to generate track maps and corner analysis

2.4 Weather and Environmental Data

Weather Conditions: Temperature (Celsius or Fahrenheit), wind speed, wind direction, relative humidity, barometric pressure
Altitude: Track altitude above sea level
Density Altitude: Calculated value derived from pressure, temperature, and humidity
GPS Coordinates: Your device's latitude and longitude are accessed in real-time to fetch weather data (see Section 8 for details on how location data is handled)

2.5 Setup and Baseline Data

Baseline Configurations: Saved kart setup configurations with all the mechanical specifications listed in Section 2.2
Baseline Metadata: Baseline name, creation date, associated track, kart model, engine type, tire compound
Template Information: Whether the baseline was created from a team template

2.6 Team Collaboration Data

Team Information: Team name, team admin user ID, member count, creation date
Team Membership: Your user ID, team ID, role within the team
Shared Content: Setup baselines that you or your team members share within the team
Team Templates: Admin-created setup templates available to team members

2.7 Voice and Audio Data

Voice Recordings: When you use the voice dictation feature, we temporarily record audio from your device's microphone
Transcriptions: Audio recordings are sent to a third-party AI service for transcription to text
Important: Audio files are stored temporarily during processing and are immediately deleted after transcription is complete. We do not retain audio recordings.

2.8 Subscription Information

Subscription Status: Whether you have an active subscription, free trial status, subscription expiration date
Entitlements: Access level ("Subscriber Access" entitlement)
Purchase History: Managed by RevenueCat and Apple/Google app stores (we do not directly store payment information)
Platform: Whether you subscribed via iOS App Store or Google Play Store

2.9 Device and Local Storage

Session Tokens: Encrypted authentication tokens stored securely on your device via Expo SecureStore
Local Cache: Temporary copies of your sessions and baselines stored on your device for offline access (automatically deleted after 24 hours)
Offline Queue: Data created while offline is queued locally and synchronized when your device reconnects to the internet
User Preferences: App settings, field visibility preferences, AI chat preferences, language/locale settings, weather unit preference (metric/imperial)
UI Flags: Indicators for whether you've seen tutorials, instructions, or other one-time notices

3. How We Use Your Information

We use the collected information for the following purposes:

Core App Functionality: To provide session tracking, setup management, baseline creation, and data organization features
AI-Powered Features: To power AI features including setup analysis, voice transcription, and data extraction by sending relevant session data to a third-party AI service (see Section 4 for details). These features require your explicit consent before any data is shared.
Weather Integration: To fetch real-time weather data based on your location, providing accurate environmental conditions for your sessions
Team Collaboration: To enable sharing of setups and collaboration with team members
Subscription Management: To manage your subscription status, entitlements, and access to premium features
Offline Functionality: To cache data locally for offline access and synchronize when your connection is restored
Data Export: To allow you to export your session and setup data as CSV files via email
App Improvements: To understand how features are used and improve the app experience (we do not use third-party analytics services)
Customer Support: To respond to your questions, requests, and provide assistance when needed

4. Third-Party Services and Data Sharing

We use several third-party services to provide our app's functionality. When you use Kart Track, certain data is shared with these services:

Supabase

Purpose: Database storage and user authentication

Data Shared: All user account information, session data, setup/baseline data, team collaboration data, user preferences, and settings. Essentially, all data you create in the app is stored in our Supabase database.

Security: Supabase provides enterprise-grade security with encrypted connections, secure authentication, and PostgreSQL database with row-level security policies.

Third-Party AI Service (OpenAI)

Purpose: AI-powered features including setup analysis, chat assistance, voice transcription, and data extraction

Consent Required: Before any data is shared with this service, you must provide explicit consent within the app. You will be prompted to review and agree to AI data sharing before using any AI-powered feature for the first time. You may revoke this consent at any time from your Profile settings.

Data Shared:

Session and setup data relevant to the AI feature being used (e.g., kart configuration, weather conditions, performance metrics, driver notes)
Chat messages and conversation history during AI chat sessions
Voice recordings sent temporarily for transcription (immediately deleted after processing)
Photos of data logger displays sent for data extraction

Data Protection: The AI service's API does not use data submitted via the API to train or improve their models. Data is transmitted securely over encrypted connections.

RevenueCat

Purpose: Cross-platform subscription management for iOS and Android

Data Shared: Your user ID, subscription status, purchase information, entitlement validation, and platform (iOS/Android)

Note: Payment information (credit cards, billing addresses) is handled entirely by Apple App Store and Google Play Store. We and RevenueCat do not have access to your payment methods.

Stripe

Purpose: Payment processing for purchases on the website

Data Shared: Your email address and user ID are shared with Stripe to process payments.

Note: All payment information (credit card numbers, billing addresses) is collected and processed exclusively by Stripe. We never see or store your payment details.

Open-Meteo Weather API

Purpose: Real-time weather data fetching

Data Shared: Your device's GPS coordinates (latitude and longitude) are sent to Open-Meteo's API to retrieve weather data for your current location

Note: Open-Meteo is a free, open-source weather API that does not require authentication and does not track users. Your location coordinates are not stored by us or Open-Meteo beyond the immediate API request.

Vercel

Purpose: Web hosting and deployment for the Kart Track website

Data Shared: Standard web request data (IP address, browser user agent) is processed by Vercel as part of serving the website.

Note: We do not use Vercel Analytics or any additional Vercel tracking services.

Expo Services

Purpose: App updates and over-the-air (OTA) updates

Data Shared: Basic app metrics, version information, and update status

Apple App Store & Google Play Store

Purpose: App distribution and in-app purchase processing

Data Shared: Purchase information, subscription management handled by platform providers

Payment Processing: All payment information is collected and processed exclusively by Apple and Google. We never see or store your payment details.

No Other Third-Party Sharing: We do not sell, rent, or share your personal data with any other third parties for marketing, advertising, or analytics purposes. The services listed above are the only third parties with whom we share data, and only for the specific purposes described.

5. Cookies

The Kart Track website uses cookies solely for authentication purposes. When you log in, session cookies are set in your browser to keep you authenticated. These are strictly necessary cookies — the website cannot function without them. We do not use any third-party cookies for analytics, advertising, or tracking.

6. Data Retention and Deletion

Session and Baseline Data: Retained indefinitely in our database until you manually delete individual sessions/baselines or delete your entire account
Uploaded Telemetry Files: Raw files are not permanently stored. Only the parsed summary data is retained.
Audio Recordings: Temporary only—audio files are immediately deleted after transcription is complete (typically within seconds)
Local Cache: 24-hour time-to-live (TTL) on cached data stored on your device. Cache is automatically purged after expiration.
Offline Queue: Pending operations are stored locally until synchronized, then removed from the queue
Account Deletion: When you delete your account via the profile settings, all associated data is permanently deleted from our database, including all sessions, baselines, team memberships, and user profile information. This action is irreversible.

7. Your Rights and Choices

You have the following rights regarding your data:

7.1 Access Your Data

You can view all your session data, setup baselines, team information, and profile details directly within the app at any time.

7.2 Export Your Data

You can export your session data and setup data as CSV files via the email export functionality in your profile settings. Exported files exclude internal system fields (session IDs, user IDs) for privacy.

7.3 Delete Your Data

Individual Items: Delete specific sessions or baselines within the app
Full Account Deletion: Delete your entire account and all associated data via the "Delete Account" option in profile settings. This action is permanent and cannot be undone.

7.4 Manage AI Data Sharing

AI-powered features require your explicit consent before any data is sent to our third-party AI service. You will be prompted to review and agree to this data sharing before using any AI feature for the first time. You can revoke your consent at any time from your Profile settings, which will disable AI features until consent is granted again. Revoking consent does not affect data already processed.

7.5 Manage Subscriptions

iOS Users: Manage your subscription through the Apple App Store subscription settings
Android Users: Manage your subscription through Google Play subscription settings

7.6 Control Location Access

You can deny location permission in your device settings. If you deny location access, you can still manually enter weather data for your sessions.

7.7 Control Microphone Access

Voice dictation requires microphone permission. You can deny this permission in your device settings and still use all other app features by manually entering data.

8. Location Data

Important Information About Location Usage:

Purpose: We access your device's location exclusively to fetch real-time weather data for your karting sessions
Collection Method: GPS coordinates (latitude and longitude) are fetched on-demand using Expo Location API
Not Stored: Your location coordinates are NOT stored in our database. They are used only for the immediate weather API request to Open-Meteo and then discarded.
Frequency: Weather data auto-refreshes every 15 minutes while the Session Screen is actively open
User Control: You can deny location permission. If denied, you can manually enter weather conditions instead of automatic fetching.
No Tracking: We do not track your location history or movements. Each weather request is independent and temporary.
Telemetry GPS Data: GPS coordinates contained in uploaded telemetry files (recorded by your data logger on-track) are used to generate track maps and corner analysis. This data is stored as part of your session. The website does not access your device's location.

9. Children's Privacy

Kart Track is intended for users aged 13 and older in compliance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 years of age.

If you are under 18 years of age, you must have parental or guardian consent to use the app. If we discover that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at info@karttrackapp.com so we can delete it.

10. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures:

Secure Authentication: User authentication is handled by Supabase Auth with industry-standard security practices
Password Security: Passwords are hashed using secure algorithms (bcrypt) and never stored in plain text
Encrypted Storage: Authentication tokens and sensitive session data are stored encrypted on your device using Expo SecureStore
HTTPS Encryption: All data transmitted between the app and our servers uses HTTPS encryption
Database Security: Supabase provides row-level security policies, ensuring users can only access their own data
No Payment Storage: We do not store any payment information. All payment processing is handled securely by Apple App Store and Google Play Store.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

11. International Data Transfers

Your data may be transferred to, stored, and processed in countries other than your country of residence. This includes transfers to:

Supabase servers: May be located in various regions globally
AI service servers: Located in the United States and may process data internationally
RevenueCat servers: May process data in various jurisdictions
Stripe servers: May process payment data in various jurisdictions
Vercel servers: Website served from various global edge locations

By using Kart Track, you consent to the transfer of your data to these jurisdictions. We ensure that appropriate safeguards are in place with our third-party service providers to protect your data in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.

We will notify you of any material changes through the app or via email. Your continued use of Kart Track after such modifications constitutes your acknowledgment of the modified Privacy Policy and agreement to abide by it.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@karttrackapp.com

We will respond to your inquiry as promptly as possible. For data access, correction, or deletion requests, please allow up to 30 days for processing.

By using Kart Track, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.