Privacy

Privacy Policy

Last updated: April 3, 2026

Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights regarding your information.

1. Overview

Braking Lab is designed with privacy in mind. The Service consists of a web application, a desktop telemetry capture client for Windows, and an AI-powered Race Engineer. This policy covers all components. By default, your training data stays on your device. Cloud sync is optional and always under your control.

2. Data We Collect

Guest Mode (No Account)

  • Training data stored locally in your browser
  • Anonymous usage analytics (pages visited, features used)
  • Device type and browser information for compatibility
  • Anonymous peripheral information (device type, brand, and model of your racing hardware) to improve compatibility

With an Account

  • Email address for account identification
  • Training data if you enable cloud sync
  • Custom exercises and notes you create
  • Performance history and progress data

iRacing Integration (Optional)

  • OAuth authentication tokens stored encrypted in your browser cookies
  • Your iRacing customer ID and display name (fetched on demand, not stored on our servers)
  • List of owned cars and tracks (fetched on demand, not stored on our servers)

Important: We do not store any iRacing account data on our servers. All iRacing-related data is either stored locally in your browser or fetched directly from iRacing's servers when needed. You can disconnect your iRacing account at any time, which will delete all locally stored tokens.

Desktop Capture Client (Optional)

  • Real-time telemetry data from iRacing: brake pressure, throttle position, steering angle, speed, gear, RPM, and G-forces
  • Vehicle dynamics: yaw, pitch, roll rates and velocity components
  • Lap timing: session time, lap times, lap validity, and pit road detection
  • Session metadata: track name and configuration, car name and class, session type (practice, qualify, race)
  • Environmental conditions: air and track temperature, wind speed and direction, sky conditions, humidity, and precipitation
  • Driver ranking data: iRating, license level, and season information
  • Tire data: surface and carcass temperatures, pressure, and wear for all four tires

Telemetry is captured at 60Hz during active iRacing sessions. All capture requires installing and running the Braking Lab desktop client on Windows. Data is uploaded to cloud storage (Cloudflare R2) and indexed in our database (Supabase). You control which sessions are synced and can delete any session at any time.

Public Leaderboard (Optional)

  • If you opt in, your best lap times per track and car combination are visible on the public leaderboard
  • Visible data includes your display name, lap time, track, and car
  • Leaderboard participation is entirely optional and can be toggled on or off at any time in Settings
  • When opted out, your lap data is not visible to other users

3. How We Use Your Data

  • Provide and improve the Service
  • Sync your data across devices (if enabled)
  • Display your iRacing owned content and match it with series schedules (if connected)
  • Analyze usage patterns to improve features
  • Analyze anonymous hardware usage to optimize support for popular racing peripherals
  • Communicate important updates about the Service
  • Process telemetry data to generate braking zone analysis, corner analysis, and performance metrics
  • Provide AI-powered coaching insights through the Race Engineer when you connect an AI client
  • Display your lap times on the public leaderboard if you opt in
  • Generate race strategy recommendations from your practice telemetry

4. Data Storage & Security

Account data is stored securely using Supabase infrastructure with encryption at rest and in transit. Guest mode data is stored only in your local browser storage. Telemetry data captured by the desktop client is stored locally before upload, then transmitted to Cloudflare R2 for blob storage and Supabase for metadata indexing. The AI Race Engineer runs on Railway servers. iRacing OAuth tokens, if you choose to connect your account, are encrypted using AES-256-GCM and stored in secure HTTP-only cookies in your browser with a 7-day expiry. We do not store iRacing account data on our servers. We implement industry-standard security measures to protect your information.

5. Data Sharing

We do not sell your personal data. We may share data with: (a) service providers who help operate the Service (Supabase for database hosting, Cloudflare for content delivery and telemetry storage, Railway for AI server hosting, Sentry for error monitoring, PostHog for analytics); (b) law enforcement if required by law; (c) third-party AI providers (such as Anthropic or OpenAI) only when you explicitly authorize access by connecting an AI client via OAuth 2.0 — these providers receive only the data you query through the AI interface; (d) publicly on the leaderboard if you opt in, limited to your display name, lap times, track, and car. All service providers are bound by confidentiality agreements.

6. AI Processing & Third-Party AI Access

Braking Lab offers an AI Race Engineer feature accessible through third-party AI clients such as Claude, ChatGPT, Cursor, or Windsurf. When you connect an AI client, you authorize it via OAuth 2.0 with PKCE to access your telemetry data through our MCP (Model Context Protocol) server. The AI client can query your sessions, laps, braking zones, corners, and other telemetry data to provide coaching insights. AI processing occurs in an isolated sandbox environment on our servers. We do not push your data to AI providers — the AI client pulls data through authenticated API calls that you initiate. You can revoke AI client access at any time from your account settings. AI-generated coaching reports are stored in your account and are not shared with other users.

7. Desktop Software

The Braking Lab Capture client is optional desktop software for Windows that interfaces with iRacing's telemetry SDK. The client captures telemetry data in real-time during your iRacing sessions and uploads it to our cloud infrastructure. The client communicates only with Braking Lab servers (Supabase and Cloudflare R2) and Sentry for error reporting. The client does not collect browsing data, keystrokes, screenshots, or any information outside of iRacing telemetry. Auto-update functionality may contact our servers to check for and download new versions.

8. Cookies & Analytics

We use essential cookies for authentication and preferences. We use PostHog for privacy-friendly analytics to understand how the Service is used. You can opt out of analytics in your browser settings.

9. Your Rights

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Delete your account and all associated data
  • Portability: Export your training data
  • Opt-out: Disable cloud sync at any time
  • Disconnect: Revoke iRacing connection and delete all locally stored tokens at any time
  • Revoke: Revoke AI client access and delete all AI-generated coaching reports at any time

10. Data Retention

We retain your data as long as your account is active. If you delete your account, all associated data — including telemetry blobs stored in Cloudflare R2 — is permanently deleted within 30 days. Anonymous analytics data may be retained indefinitely in aggregated form.

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

12. International Transfers

Your data may be transferred to and processed in countries outside your residence, including the European Union (Supabase hosting), the United States (Cloudflare R2, Railway), and wherever your chosen AI provider operates. We ensure appropriate safeguards are in place for all international transfers in compliance with applicable data protection laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email.

14. Automated Decision-Making

The Race Engineer uses AI models to analyze your telemetry data and generate coaching recommendations, braking zone analysis, and race strategy suggestions. These outputs are provided for informational and entertainment purposes only. No automated decisions are made that have legal or similarly significant effects on you. You are not required to follow any AI-generated advice, and we make no guarantees about its accuracy or suitability.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at hola.rdiaz.racing@gmail.com

Back to Home