Privacy Policy

Racem8 (racem8.com) is operated by, and personal data under GDPR (Regulation 2016/679) is controlled by:

• Company: Roads To Excellence s.r.o.
• Company ID: 04430972
• Registered address: Nedvědovo náměstí 1164/14, Podolí, 14700 Praha 4, Česká republika
• Contact: support@racem8.com
• Registration: Commercial Register maintained by the Municipal Court in Prague. The company is currently not registered for VAT.

We process only data that is necessary to provide the service and to comply with legal obligations.

2.1 Account and profile

Email, name (optional), hashed password, role (racer, coach, parent, manager, engineer), language, time zone, registration date and IP address. For Google sign-in we also process your Google ID and profile data (name, email, avatar) within the scope you authorise via OAuth.

2.2 Telemetry and training data

GPS traces from your data logger (Alfano, MyChron, RaceBox), GoPro or phone, lap times, kart setup notes, comments, photos, video. This data is the core of the service — Racem8 makes no sense without it.

2.3 Payments

For paid tiers we process order data, billing address, transaction ID and payment status. Card data (PAN, CVC, expiry) never reaches us — it is processed directly by the payment provider (Revolut Bank UAB, Apple, Google).

2.4 Coach and team communication

Messages, comments and annotations within coach/team workflows. This data is only visible to members of the relevant team space.

2.5 Technical and operational logs

IP address, user-agent, login time, application errors. Used for security, abuse prevention and diagnostics.

Each processing purpose has its own legal basis under Article 6 GDPR:

• Performance of contract (Art. 6(1)(b)): account, telemetry, coach communication, payments — we cannot provide the service without this data.
• Legitimate interest (Art. 6(1)(f)): technical logs for security and abuse prevention. You can object to this processing at any time.
• Consent (Art. 6(1)(a)): analytics and marketing cookies, marketing emails. You can withdraw consent at any time — via the cookie settings in the footer or the unsubscribe link in any email.
• Compliance with legal obligation (Art. 6(1)(c)): accounting and tax regulations (10-year invoice retention).

We never sell your data. We share it only with the following processors, who are contractually bound to protect it:

DPF = EU-U.S. Data Privacy Framework. US-based processors are DPF-certified, providing GDPR-equivalent protection per Art. 45 GDPR (Commission Implementing Decision 2023/1795).

• Account and profile: for the lifetime of the account + 30 days after deletion (technical recovery window).
• Telemetry: for the lifetime of the account. We will delete earlier on request.
• Payment records and invoices: 10 years (Czech Accounting Act 563/1991).
• Technical logs: at most 90 days.

Under GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15) — to know what data we hold.
• Right to rectification (Art. 16) — to correct inaccurate data.
• Right to erasure (Art. 17) — to be forgotten.
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20) — to receive your data as a JSON export.
• Right to object (Art. 21) — to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)) — at any time, without affecting prior lawful processing.

To exercise your rights, email support@racem8.com. You may also lodge a complaint with the supervisory authority — ÚOOÚ.

The site uses cookies. Necessary cookies (login) are always on; others only with your consent. Full description in the Cookie Policy.

Traffic between you and Racem8 is encrypted with TLS 1.2+. Passwords are stored as bcrypt hashes. Databases and backups live in Hetzner's EU data centres with at-rest encryption. Access to production systems is restricted and logged.

On material changes we will notify you by email at least 30 days in advance. The current version is always on this page; the effective date is shown at the top.