PRIVACY POLICY
Last updated: 31 March 2026
1. Who We Are
MyRacingPath (“we”, “us”, “our”) is a motorsport career planning platform operated from the United Kingdom. Our website is located at appmyracingpath.com. For any privacy-related enquiries, contact us at privacy@appmyracingpath.com.
2. What Data We Collect
We collect the following categories of personal data:
Account Information
Email address, display name, date of birth, and avatar image. If you sign in with Google, we receive your name and profile picture from Google.
Onboarding Survey
Your responses to our onboarding survey, including racing experience, goals, budget preferences, and personality traits. These are stored as a conversation transcript.
Racing Data
Race weekends, session results, lap times, season costs, season goals, setup notes, kart configurations, driver licences, and injury logs that you choose to enter.
AI Interactions
Conversations with Jeff (our AI coach), generated career plans, academy lessons, skill scores with AI reasoning, setup recommendations, and sponsorship guides.
Payment Data
Subscription tier and billing status. All payment card details are processed and stored by Stripe — we never see or store your card number.
3. How We Use Your Data
- To provide and personalise the MyRacingPath platform, including AI-generated career plans, lessons, coaching, and skill assessments.
- To send your data to our AI provider (Google Gemini) so that Jeff can give you context-aware advice based on your profile, skill scores, race results, and career plan.
- To process your subscription payments through Stripe.
- To send transactional emails (parental consent confirmations) through Resend.
- To detect and manage accounts belonging to users under the age of 13, including sending parental consent requests.
- To maintain platform security and prevent abuse.
4. Legal Basis for Processing (UK GDPR)
- Contract: Processing your data is necessary to provide you with the MyRacingPath service you signed up for.
- Consent: For users under 13, we obtain verifiable parental consent before activating the account.
- Legitimate interest: To maintain platform security, improve the service, and communicate important service updates.
5. Third-Party Services
We share data with the following third-party providers, all of which are necessary to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All account and racing data |
| Google Gemini | AI features (Jeff, lessons, career plans) | Profile data, skill scores, racing data, conversation history as needed for each AI feature |
| Google OAuth | Social sign-in | Name, email, profile picture (from Google) |
| Stripe | Payment processing | Email, subscription tier, billing details |
| Resend | Transactional email | Parent email address (for consent emails only) |
We do not sell, rent, or trade your personal data to any third party. We do not use any analytics or behavioural tracking tools.
6. AI-Generated Content
MyRacingPath uses Google Gemini to generate career plans, coaching advice, academy lessons, skill scores, setup recommendations, and sponsorship guides. To produce personalised results, we send relevant portions of your profile data (such as your name, age, skill scores, career plan, and racing history) to Google Gemini's API.
AI-generated content is for informational and educational purposes only. It does not constitute professional coaching, financial advice, or medical guidance. Always consult qualified professionals for important decisions.
7. Children's Privacy
MyRacingPath is designed for racing drivers of all ages, including those under 18. We take extra steps to protect younger users:
- Under 13: We require verifiable parental consent before activating the account. A consent email is sent to the parent/guardian's email address provided during signup. The account remains inactive until consent is confirmed.
- Ages 13–17: Accounts are activated without additional consent, in line with UK GDPR provisions, but we encourage parental awareness of the platform.
- We collect only the data necessary to provide the service and do not target advertising at any users.
8. Data Retention
We retain your data for as long as your account is active. If you request account deletion, we schedule your data for removal after a 30-day grace period, during which you can cancel the request. After 30 days, all your data is permanently deleted, including all racing data, AI conversations, and uploaded files.
9. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data — your profile and all data is visible within the app.
- Rectification — you can edit your profile and racing data at any time.
- Erasure — you can request account deletion from your account settings.
- Data portability — contact us to request an export of your data.
- Object to processing — contact us at the email above.
- Withdraw consent — where consent is the legal basis, you may withdraw at any time.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
10. Cookies
We use only essential cookies required for authentication and session management. We do not use analytics, advertising, or tracking cookies. For full details, see our Cookie Policy.
11. Data Security
All data is transmitted over HTTPS. Our database uses Row Level Security (RLS) to ensure users can only access their own data. Authentication is handled by Supabase Auth with industry-standard hashing. Payment data is processed by Stripe, a PCI DSS Level 1 certified provider.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify users of material changes by updating the date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.