Privacy Policy
Last Updated: Jan 29 2026
Effective Date: Jan 29 2026
1. Introduction
Welcome to ThePaddock ("App," "Service," "we," "us," or "our"). This Privacy Policy explains how OneMore Lab LLC ("Company") collects, uses, discloses, and protects your personal information when you use our motorsports community application and related services.
We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy applies to all users of ThePaddock, regardless of how you access the Service (mobile app, website, or other platforms).
BY USING THE SERVICE, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. If you do not agree with this Privacy Policy, please do not use the Service.
2. Information We Collect
We collect information in several ways: directly from you, automatically when you use the Service, and from third-party sources.
2.1 Information You Provide Directly
Account Information
| Data Type | Required | Purpose |
|---|---|---|
| Email address | Yes | Account creation, authentication, communication |
| Password | Yes | Account security (stored as secure hash) |
| First and last name | Yes | Profile identification, personalization |
| Username | Yes | Unique identifier, @mentions, profile URL |
Profile Information
| Data Type | Required | Purpose |
|---|---|---|
| Profile photo | No | Profile personalization |
| Location (city, state) | No | Community features, localization |
| Biography | No | Profile personalization |
| Personal website URL | No | Profile personalization |
Racing Profile
| Data Type | Required | Purpose |
|---|---|---|
| Experience level | No | Community features, content recommendations |
| Discipline (Cars/Motorcycles/Both) | No | Content personalization |
| Date started racing | No | Profile statistics |
| Track days count | No | Profile statistics |
| Races completed | No | Profile statistics |
| Tracks visited | No | Profile statistics, achievements |
Racing Licenses
| Data Type | Required | Purpose |
|---|---|---|
| License type | No | Profile verification, community features |
| Issuing organization | No | Profile verification |
| Issue and expiry dates | No | License validity tracking |
Social Profiles
| Data Type | Required | Purpose |
|---|---|---|
| iRacing username | No | Community connectivity |
| Twitter/X username | No | Community connectivity |
| Other social media links | No | Community connectivity |
Vehicle Information
| Data Type | Required | Purpose |
|---|---|---|
| Make, model, year, trim | No | Garage management, community features |
| Color | No | Vehicle identification |
| Transmission type | No | Vehicle specifications |
| Engine specifications | No | Vehicle specifications |
| Vehicle photos | No | Vehicle showcase |
| Modification history | No | Vehicle version tracking |
Performance Data
| Data Type | Required | Purpose |
|---|---|---|
| Lap times | No | Performance tracking, leaderboards |
| Sector times | No | Performance analysis |
| Lap type (practice, race, etc.) | No | Performance categorization |
| Environmental conditions | No | Performance context |
| Telemetry data (speed, RPM, G-forces, throttle, brake, steering) | No | Performance analysis |
| Videos and media | No | Performance documentation |
Event Information
| Data Type | Required | Purpose |
|---|---|---|
| Event name and details | No | Event management |
| Attendance type | No | Participation tracking |
| Registration information | No | Event coordination |
Social Content
| Data Type | Required | Purpose |
|---|---|---|
| Posts and comments | No | Community engagement |
| Likes and reactions | No | Community engagement |
| Direct messages | No | User communication |
| Content reports | No | Community safety |
User Preferences
| Data Type | Required | Purpose |
|---|---|---|
| Theme preferences | No | Personalization |
| Measurement units | No | Localization |
| Privacy settings | No | Privacy controls |
| Notification preferences | No | Communication preferences |
2.2 Information Collected Automatically
When you use the Service, we automatically collect certain information:
Device Information
| Data Type | Purpose |
|---|---|
| Device type (iOS, Android, Web) | Service optimization, compatibility |
| Operating system version | Service optimization, compatibility |
| Device model | Compatibility, troubleshooting |
| Unique device identifiers | Push notifications, analytics |
Usage Information
| Data Type | Purpose |
|---|---|
| Features accessed | Service improvement |
| Time and duration of use | Service improvement |
| Actions taken within the App | Service improvement |
| Crash reports and error logs | Bug fixes, stability |
| Performance metrics | Service optimization |
Network Information
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud prevention, approximate location |
| Connection type | Service optimization |
2.3 Information from Third-Party Sources
MotorsportReg Integration
If you connect your MotorsportReg account, we receive: - Your MotorsportReg profile information - Event registration data - Vehicle information registered with MotorsportReg - Event history and participation data
Google OAuth
If you sign in with Google, we receive: - Email address - Name - Profile picture (if available)
NHTSA Vehicle Database
We use publicly available vehicle data from NHTSA for: - Vehicle make and model information - Vehicle specifications
2.4 Sensitive Information
We do not intentionally collect sensitive personal information such as: - Government-issued identification numbers - Financial account information - Health or medical information - Racial or ethnic origin - Political opinions - Religious beliefs - Sexual orientation
Racing license information is collected only for profile verification and community features, and sharing is controlled by your privacy settings.
3. How We Use Your Information
We use your information for the following purposes:
3.1 Service Provision
- Create and manage your account
- Authenticate your identity
- Provide core Service features (garage management, lap tracking, events)
- Enable social features (following, commenting, sharing)
- Display leaderboards and statistics
- Synchronize data with connected services (MotorsportReg)
3.2 Communication
- Send service-related notifications (account security, feature updates)
- Respond to your inquiries and support requests
- Send optional marketing communications (with your consent)
- Notify you of changes to our policies
3.3 Service Improvement
- Analyze usage patterns to improve features
- Diagnose and fix technical issues
- Develop new features and services
- Conduct research and analytics
3.4 Safety and Security
- Detect and prevent fraud, abuse, and security incidents
- Enforce our Terms of Service
- Protect the rights and safety of users
- Comply with legal obligations
3.5 Personalization
- Customize your experience based on preferences
- Recommend relevant content and connections
- Remember your settings across devices
3.6 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests and government inquiries
- Establish, exercise, or defend legal claims
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 With Your Consent
We share information when you explicitly direct us to, such as: - Making your profile public - Sharing posts to other platforms - Connecting third-party accounts
4.2 Based on Your Privacy Settings
Your visibility settings control who can see: | Data | Privacy Options | |------|-----------------| | Profile information | Public, Friends Only, Private | | Events | Public, Friends Only, Private | | Lap times | Public, Friends Only, Private | | Activity/Posts | Public, Friends Only, Private |
4.3 With Service Providers
We share information with third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, storage, infrastructure | All user data (encrypted at rest) |
| Firebase (Google) | Push notifications | Device tokens, notification content |
| Sentry | Error tracking, performance monitoring | Error logs, device info, usage data |
All service providers are contractually obligated to: - Use your information only for the purposes we specify - Protect your information with appropriate security measures - Not share your information with other parties - Delete information when no longer needed
4.4 With MotorsportReg
If you connect your MotorsportReg account: - We receive data from MotorsportReg (events, profile) - We do not share your ThePaddock data back to MotorsportReg without your explicit action - Your MotorsportReg credentials are securely stored and used only for synchronization
4.5 For Legal Reasons
We may disclose information if required to: - Comply with applicable law, regulation, or legal process - Respond to valid legal requests from government authorities - Protect our rights, privacy, safety, or property - Enforce our Terms of Service - Protect against legal liability
4.6 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.
4.7 Aggregated and De-identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you, such as: - General usage statistics - Aggregate lap time trends by track - Community growth metrics
5. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.
5.1 Retention Periods
| Data Category | Retention Period |
|---|---|
| Account information | Until account deletion |
| Profile information | Until account deletion |
| Lap times and telemetry | Until deleted by user or account deletion |
| Vehicle information | Until deleted by user or account deletion |
| Posts and comments | Until deleted by user or account deletion |
| Event participation | Until account deletion |
5.2 Deletion
When you delete your account: - Your personal data is deleted from our active systems - Your User Content (posts, comments, lap times) is deleted - Aggregated, de-identified data may be retained indefinitely - Information required for legal compliance may be retained as required by law
5.3 Anonymization
In some cases, we may anonymize your data instead of deleting it. Anonymized data cannot be used to identify you and may be retained and used for research and analytics.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
6.1 Technical Measures
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access Controls: Row-Level Security (RLS) policies restrict data access
- Secure Authentication: Password hashing, OAuth 2.0/OAuth 1.0a protocols
- Secure Storage: Credentials stored using platform-specific secure storage
- Regular Updates: Security patches and updates applied promptly
6.2 Organizational Measures
- Access to personal data is limited to authorized personnel
- Employees receive privacy and security training
- Incident response procedures are in place
- Regular security assessments are conducted
6.3 Your Responsibilities
You are responsible for: - Maintaining the confidentiality of your account credentials - Using strong, unique passwords - Logging out of shared devices - Reporting suspected security incidents to team@thepaddock.app
6.4 Security Incidents
In the event of a data breach that affects your personal information, we will: - Notify you as required by applicable law - Notify relevant supervisory authorities as required - Take steps to mitigate harm and prevent future incidents
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
7.1 Access and Portability
- Access: You can access most of your personal data through your account settings
- Download: You can request a copy of your data by contacting team@thepaddock.app
- Portability: You can request your data in a structured, machine-readable format
7.2 Correction
- You can update most of your information directly in the App
- For information you cannot update yourself, contact team@thepaddock.app
7.3 Deletion
- You can delete individual content (posts, comments, vehicles, lap times)
- You can request complete deletion by contacting team@thepaddock.app
7.4 Restriction and Objection
- You can opt out of marketing communications
- You can object to certain processing by contacting team@thepaddock.app
7.5 Withdraw Consent
- You can disconnect third-party accounts (MotorsportReg, Google) at any time
- You can revoke app permissions on your device
- Withdrawal of consent does not affect the lawfulness of prior processing
7.6 Communication Preferences
You can manage your notification preferences in the App: - Event reminders - Performance updates - Social notifications (follows, mentions, comments, likes) - Marketing communications (if applicable)
7.7 Do Not Track
Currently, we do not respond to "Do Not Track" browser signals. We do not track users across third-party websites.
8. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at team@thepaddock.app. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.
Users between 13 and 18 years of age may use the Service only with parental consent and supervision.
9. International Data Transfers
9.1 Data Location
Your information is primarily stored and processed in the United States through our service provider, Supabase.
9.2 Transfers from the EEA, UK, and Switzerland
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to the United States. We rely on: - Standard Contractual Clauses (SCCs) approved by the European Commission - Service provider certifications and safeguards - Your explicit consent where appropriate
9.3 Your Rights for International Transfers
If you are in the EEA, UK, or Switzerland, you have the right to: - Request information about the safeguards we use - Obtain a copy of the Standard Contractual Clauses - Lodge a complaint with your local supervisory authority
10. Jurisdiction-Specific Rights
10.1 European Economic Area (GDPR)
If you are in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):
| Right | Description |
|---|---|
| Access | Obtain confirmation of processing and access to your data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Restrict processing in certain circumstances |
| Portability | Receive your data in a portable format |
| Object | Object to processing based on legitimate interests |
| Automated Decisions | Not be subject to solely automated decisions with legal effects |
Legal Basis for Processing: | Purpose | Legal Basis | |---------|-------------| | Account creation and service provision | Contract performance | | Safety and security | Legitimate interests | | Service improvement | Legitimate interests | | Marketing (with consent) | Consent | | Legal compliance | Legal obligation |
Data Protection Authority: You have the right to lodge a complaint with your local data protection authority. A list of authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Contact for EEA Inquiries: team@thepaddock.app
10.2 California (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
| Right | Description |
|---|---|
| Know | Know what personal information we collect, use, and share |
| Access | Request a copy of your personal information |
| Delete | Request deletion of your personal information |
| Correct | Correct inaccurate personal information |
| Opt-Out of Sale/Sharing | Opt out of the sale or sharing of personal information |
| Non-Discrimination | Not be discriminated against for exercising your rights |
Categories of Personal Information Collected:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, username, IP address | Yes |
| Personal Records | Account information | Yes |
| Protected Characteristics | None | No |
| Commercial Information | None | No |
| Biometric Information | None | No |
| Internet Activity | Usage data, browsing history within App | Yes |
| Geolocation | Approximate location from IP, user-provided location | Yes |
| Sensory Data | Photos, videos uploaded by user | Yes |
| Professional Information | Racing licenses, experience | Yes |
| Education Information | None | No |
| Inferences | Content recommendations | Yes |
| Sensitive Personal Information | None intentionally collected | No |
Sale and Sharing: - We do not sell your personal information - We do not share your personal information for cross-context behavioral advertising - We may share data with service providers as described in Section 4
Exercising Your Rights: - Submit a request at team@thepaddock.app - We will verify your identity before processing requests - You may designate an authorized agent to make requests on your behalf
Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
10.3 Virginia, Colorado, Connecticut, and Other US States
If you are a resident of Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to those described above, including: - Right to know and access - Right to delete - Right to correct - Right to opt out of targeted advertising, sale of data, or profiling - Right to appeal our decision regarding your request
Contact team@thepaddock.app to exercise your rights.
10.4 Brazil (LGPD)
If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing. Contact team@thepaddock.app to exercise your rights.
10.5 Canada (PIPEDA)
If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including access to your personal information, correction of inaccurate information, and withdrawal of consent. Contact team@thepaddock.app to exercise your rights.
11. Third-Party Links and Services
The Service may contain links to third-party websites, services, or content. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access.
Third-party services we integrate with include: - MotorsportReg (https://www.motorsportreg.com/privacy) - YouTube (https://policies.google.com/privacy) - Google (https://policies.google.com/privacy)
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
12.1 Notification of Changes
- We will post the updated Privacy Policy on this page
- We will update the "Last Updated" date at the top
- For material changes, we will provide notice through the App or via email
12.2 Your Continued Use
Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the changes, you should stop using the Service and delete your account.
12.3 Review
We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
OneMore Lab LLC
For all privacy, support, and security inquiries: - Email: team@thepaddock.app - Address: 2854 Forbes Ave, Santa Clara, CA 95051
We aim to respond to all inquiries within 30 days or as required by applicable law.
14. Cookie Policy
14.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. ThePaddock mobile app uses minimal cookie-like technologies.
14.2 Technologies We Use
| Technology | Purpose | Type |
|---|---|---|
| Authentication tokens | Keep you logged in | Essential |
| Local storage | Store preferences (theme, settings) | Essential |
| Session data | Maintain your session state | Essential |
14.3 Third-Party Technologies
Our service providers may use cookies and similar technologies: - Supabase: Authentication and session management - Sentry: Error tracking and performance monitoring
14.4 Your Choices
You can control cookies through: - Your device settings - Your browser settings (for web access) - Clearing app data
Note: Disabling essential technologies may prevent the Service from functioning properly.
15. Data Processing Addendum (Summary)
For users subject to GDPR or similar regulations, the following summarizes our data processing practices:
15.1 Controller Information
- Data Controller: OneMore Lab LLC
- Contact: team@thepaddock.app
- Address: 2854 Forbes Ave, Santa Clara, CA 95051
15.2 Data Processing Summary
| Processing Activity | Legal Basis | Retention |
|---|---|---|
| Account creation | Contract | Duration of account |
| Profile management | Contract | Duration of account |
| Lap time tracking | Contract | Duration of account |
| Social features | Contract/Consent | Duration of account |
| Push notifications | Consent | Until opt-out |
| Error tracking | Legitimate interest | 90 days |
| Analytics | Legitimate interest | Duration of account |
| Marketing (if applicable) | Consent | Until opt-out |
15.3 Sub-Processors
| Sub-Processor | Location | Purpose |
|---|---|---|
| Supabase, Inc. | United States | Database, auth, storage |
| Google LLC (Firebase) | United States | Push notifications |
| Sentry (Functional Software, Inc.) | United States | Error tracking |
BY USING THE PADDOCK, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.
Document Version: 1.0
OneMore Lab LLC - All Rights Reserved