Privacy Policy
SectorKart is committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection law. This policy explains what data we collect, why, and how you can exercise your rights.
Data controller
The controller responsible for processing your personal data is:
Data collected
When creating your account
- First and last name
- Email address
- Password (stored as a hash, never in plain text)
- Country of residence
- Preferred language
- If signing in via Google: Google identifier and public profile picture
When using the platform
- Karting lap times (lap time, sectors)
- Imported telemetry data (speed, RPM, water temperature, G-forces) — only provided if you import it
- Profile pictures (avatar)
- Team membership and role within the team
- Personal lap-time objectives
- Settings and preferences (notifications, public profile, time zone)
Automatically collected technical data
- IP address (used only for security and rate-limiting purposes)
- Authentication session cookies
- Error logs (Sentry) in the event of a platform malfunction
Payment data
Payment data (card number, etc.) never passes through our servers. It is processed directly by Stripe, our PCI-DSS certified payment provider. We only store information necessary for subscription management (Stripe identifier, status, dates).
Purposes and legal bases
| Purpose | Legal basis | Retention period |
|---|---|---|
| Account creation and management | Contract performance | Account lifetime + 3 years after deletion |
| Provision of platform services (lap times, leaderboards, teams) | Contract performance | Account lifetime |
| Subscription and billing management | Contract performance / Legal obligation | 10 years (accounting obligation) |
| Sending transactional emails (confirmation, security) | Contract performance | Account lifetime |
| Fraud prevention and access security | Legitimate interest | 90 days (technical logs) |
| Bug detection and correction (Sentry) | Legitimate interest | 90 days |
| Session recording for debugging (Sentry Session Replay) | Consent | 90 days |
| Public leaderboards and profiles visible to other users | Consent (configurable in your preferences) | Account lifetime |
Recipients and processors
Your data is never sold to third parties. It may be shared only with the following technical processors, strictly for the purpose of providing the service:
Supabase
Database and file storage (avatars, telemetry)
📍 European Union (AWS eu-west-3 — Paris)
Vercel
Web application hosting
📍 European Union
Stripe
Secure payment processing
📍 European Union
Resend
Sending transactional emails (account confirmation, security)
📍 European Union
Sentry
Error monitoring and (with your consent) Session Replay
📍 European Union
Google (OAuth)
Authentication via your Google account (only if you use it)
📍 Transfer governed by standard contractual clauses
Hosting and transfers outside the EU
All our data is hosted within the European Union, primarily in France (AWS Paris region via Supabase).
When using Google authentication, some data transits through Google servers located outside the EU. This transfer is governed by standard contractual clauses issued by the European Commission, in accordance with Article 46 of the GDPR.
Your rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access
Obtain a copy of all data we hold about you.
Right to rectification
Correct inaccurate or incomplete data directly in your settings.
Right to erasure
Request deletion of your account and data from the Privacy tab in your settings.
Right to data portability
Receive your data in a structured, machine-readable format.
Right to object
Object to certain processing based on our legitimate interest.
Right to restriction
Request suspension of the processing of your data in certain cases.
To exercise these rights, you can act directly from your Settings → Privacy, or contact us at privacy@sectorkart.com.
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) if you believe that the processing of your data does not comply with the applicable regulation.
Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction:
- Passwords stored as hashes (bcrypt)
- Communications encrypted via HTTPS/TLS
- Database access restricted by row-level security rules (Supabase RLS)
- Authentication tokens with limited lifetime
- Real-time error monitoring and alerts via Sentry
- Rate-limiting on sensitive endpoints (login, registration)
In the event of a data breach presenting a high risk to your rights and freedoms, we undertake to inform you without undue delay, in accordance with Article 34 of the GDPR.
Contact us
For any question relating to this policy or to the exercise of your rights:
📧 Email : privacy@sectorkart.com
💬 Support : sectorkart.com/support
We are committed to responding to any request within a maximum period of 30 days from receipt.
This policy may be updated to reflect changes to our services or applicable regulations. The date of the last update appears at the top of the page. In the event of a material change, you will be notified by email or via a notification on the platform.