Privacy Policy for F1Tracker.net

Version: 2.1
Effective Date: January 25, 2026

1. Introduction and Scope

This Privacy Policy describes how F1Tracker.net ("the Platform," "we," "us," or "our") collects, uses, and discloses information in connection with the use of our services, websites, and software applications. By accessing the Platform, you agree to the terms outlined herein. We act as the Data Controller for personal data collected through the Platform.

2. Information Collection and Data Minimization

In accordance with the principle of data minimization, we only collect personal data that is strictly necessary for the performance of our contract with you.

• Identity Data: Includes username and email address provided during account registration.
• Technical Data: Includes internet protocol (IP) address (anonymized), login data, browser type and version, time zone setting, and operating system.
• Usage Data: Includes information about how you use our website and services, collected via telemetry to ensure platform stability and performance.

3. Legal Basis for Processing

We process your data under the following legal frameworks:

• Contractual Necessity: To provide the services you requested (e.g., account management).
• Legitimate Interests: To monitor platform security, prevent fraudulent activity, and improve the user experience through anonymized analytics.
• Consent: Where you have given explicit permission for specific processing activities.

4. Data Sharing and Zero-Monetization Policy

F1Tracker.net does not sell, trade, or rent personal data to third parties. Data disclosure is limited to the following circumstances:

• Service Providers: We may share data with third-party vendors (e.g., cloud hosting, database management) who perform services on our behalf under strict confidentiality agreements.
• Legal Compliance: We may disclose data if required by law, subpoena, or government request to meet national security or law enforcement requirements.

5. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state or country. For users in the European Economic Area (EEA) or UK, we ensure that any transfers to third countries are protected by Standard Contractual Clauses (SCCs) or other adequacy mechanisms approved by the European Commission.

6. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

• Account Data: Retained for the duration of the account's active status.
• Deletion: Upon account termination, data is marked for deletion and purged from our production databases within 30 days, subject to any legal obligations to retain specific records.

7. Security Architecture

We employ enterprise-grade security measures to protect your data, including:

• Encryption at Rest: AES-256 encryption for all database storage.
• Encryption in Transit: TLS 1.3 encryption for all data moving between the user and our servers.
• Access Control: Strict Role-Based Access Control (RBAC) for internal systems.

8. Your Rights (GDPR/CCPA/CPRA)

You have the following rights regarding your personal data:

• Right of Access & Portability: Request a machine-readable export of your data.
• Right to Erasure ("Right to be Forgotten"): Request the permanent deletion of your personal data.
• Right to Object: Object to the processing of your data for analytics purposes.

9. Third-Party Sub-processors

A current list of our sub-processors (e.g., AWS, Cloudflare, Plausible Analytics) is maintained and available upon request. We conduct regular audits of our sub-processors to ensure compliance with our high security standards.

10. Changes to this Policy

We reserve the right to modify this policy. Material changes will be communicated via the email address on file or through a mandatory platform notification.

Contact Information

For data protection inquiries or to exercise your privacy rights, please contact our Data Protection Office:

Email: [email protected]