Privacy Policy
Last updated: January 7, 2026
Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights regarding your information.
1. Overview
Braking Lab is designed with privacy in mind. By default, your training data stays on your device. Cloud sync is optional and always under your control.
2. Data We Collect
Guest Mode (No Account)
- Training data stored locally in your browser
- Anonymous usage analytics (pages visited, features used)
- Device type and browser information for compatibility
- Anonymous peripheral information (device type, brand, and model of your racing hardware) to improve compatibility
With an Account
- Email address for account identification
- Training data if you enable cloud sync
- Custom exercises and notes you create
- Performance history and progress data
iRacing Integration (Optional)
- OAuth authentication tokens stored encrypted in your browser cookies
- Your iRacing customer ID and display name (fetched on demand, not stored on our servers)
- List of owned cars and tracks (fetched on demand, not stored on our servers)
Important: We do not store any iRacing account data on our servers. All iRacing-related data is either stored locally in your browser or fetched directly from iRacing's servers when needed. You can disconnect your iRacing account at any time, which will delete all locally stored tokens.
3. How We Use Your Data
- Provide and improve the Service
- Sync your data across devices (if enabled)
- Display your iRacing owned content and match it with series schedules (if connected)
- Analyze usage patterns to improve features
- Analyze anonymous hardware usage to optimize support for popular racing peripherals
- Communicate important updates about the Service
4. Data Storage & Security
Account data is stored securely using Supabase infrastructure with encryption at rest and in transit. Guest mode data is stored only in your local browser storage. iRacing OAuth tokens, if you choose to connect your account, are encrypted using AES-256-GCM and stored in secure HTTP-only cookies in your browser with a 7-day expiry. We do not store any iRacing data on our servers. We implement industry-standard security measures to protect your information.
5. Data Sharing
We do not sell your personal data. We may share data with: (a) service providers who help operate the Service (hosting, analytics); (b) law enforcement if required by law. All third parties are bound by confidentiality agreements.
6. Cookies & Analytics
We use essential cookies for authentication and preferences. We use PostHog for privacy-friendly analytics to understand how the Service is used. You can opt out of analytics in your browser settings.
7. Your Rights
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Delete your account and all associated data
- Portability: Export your training data
- Opt-out: Disable cloud sync at any time
- Disconnect: Revoke iRacing connection and delete all locally stored tokens at any time
8. Data Retention
We retain your data as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days. Anonymous analytics data may be retained indefinitely in aggregated form.
9. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.
10. International Transfers
Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email.
12. Contact Us
For privacy-related questions or to exercise your rights, contact us at hola.rdiaz.racing@gmail.com