← Back to LapPulse Legal

Privacy Policy

Effective date: April 5, 2026

LapPulse ("we", "us", or "the app") is a motorsport lap timing application for iOS and Android, developed by Artur Ploom. This policy explains what data LapPulse collects, how it is used, who it is shared with, and your rights regarding that data.

LapPulse is designed as an offline-first application. All core timing and telemetry features work without an internet connection or an account. Cloud features (Track Workshop, leaderboards, social) are optional and require authentication.

1. Data We Collect

1.1 Location Data (GPS)

LapPulse accesses your device's location while the app is in use. GPS coordinates (up to 25 updates per second) are used to:

• Calculate lap times, speed, g-forces, and sector splits
• Detect start/finish line crossings
• Render track maps and racing lines
• Auto-detect nearby tracks

Location data is primarily processed and stored locally on your device. GPS data may be transmitted to our servers in the following cases:

• Track Workshop: When you publish a track layout, the start/finish line coordinates, sector line coordinates, and track trajectory (GPS points) are uploaded to our community database and made visible to all users.
• Leaderboards: When you complete a session at a recognized track while signed in, your best lap time and associated GPS samples (ghost lap data) may be submitted to per-track leaderboards.
• Weather: Your approximate location is sent to Open-Meteo (a third-party weather API) to fetch current weather conditions for session tagging.

1.2 Bluetooth Data

LapPulse connects to external GPS receivers (such as RaceBox Mini) via Bluetooth Low Energy (BLE) to receive high-frequency GPS telemetry data. BLE is used solely for this purpose. No data from this connection is sent to RaceBox or any other third party.

1.3 Account Information

Account creation is optional. If you choose to create an account (via Apple Sign-In or Google Sign-In), we collect:

• Email address -- provided by your authentication provider
• Display name -- provided by your authentication provider or entered manually

You may also optionally provide the following profile information:

• First name and last name
• Racing number
• SWS ID (racing series identifier)
• Vehicle or kart description

This information is stored in our cloud database (Supabase, hosted on AWS) and is used to identify you within the app's social and community features.

1.4 Session Data

Lap times, telemetry samples (speed, g-forces, heading), track layouts, photos, and session metadata are stored locally on your device. This data is not uploaded unless you explicitly interact with a cloud feature (publishing a track, submitting to a leaderboard, or sharing a session).

1.5 Social and Community Data

If you use the app's social features, we store:

• Your follow/unfollow relationships with other drivers
• Tracks you have liked or downloaded from the Track Workshop
• Content reports you submit for moderation
• Your leaderboard entries (lap times, track, date)

1.6 Push Notification Tokens

If you enable push notifications, a device token is generated by the Expo push notification service. This token is used to deliver notifications such as new follower alerts and challenge notifications. You can disable push notifications at any time in your device settings.

1.7 Crash Reports

LapPulse uses Firebase Crashlytics to collect crash reports. When a crash occurs, the following may be sent:

• Device model and operating system version
• App version and build number
• Stack traces and error messages
• General device state (memory usage, battery level)

Crash reports do not include GPS coordinates, session data, personal information, or telemetry recorded during your sessions.

2. How We Use Your Data

Data	Purpose	Legal Basis (GDPR)
GPS coordinates	Lap timing, telemetry, track maps	Contract (core service)
Account info (email, name)	Authentication, profile display	Consent (account creation is optional)
Profile details	Community identity, social features	Consent
Published tracks	Community track database	Consent (user-initiated publishing)
Leaderboard entries	Per-track rankings, competition	Consent (requires authentication)
Social data (follows, likes)	Social features, content discovery	Consent
Push notification tokens	Delivering notifications	Consent
Crash reports	Bug identification and fixing	Legitimate interest
Approximate location (weather)	Session weather tagging	Legitimate interest

We do not use your data for advertising, behavioral profiling, or any purpose unrelated to the app's functionality.

3. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal data. Data is shared with third parties only as necessary to provide the app's features:

Service	Provider	Data Shared	Purpose
Supabase	Supabase Inc. (hosted on AWS)	Account info, profile, tracks, leaderboards, social data	Cloud database, authentication, storage
Firebase Crashlytics	Google LLC	Crash reports, device info	Crash reporting and diagnostics
Apple Sign-In	Apple Inc.	Authentication tokens	iOS account authentication
Google Sign-In	Google LLC	Authentication tokens	OAuth account authentication
Expo	Expo Inc.	Push notification tokens	Push notifications, over-the-air updates
Open-Meteo	Open-Meteo	Approximate latitude/longitude	Weather data for sessions

Each third-party service is governed by its own privacy policy. We encourage you to review them:

• Supabase Privacy Policy
• Firebase Privacy Policy
• Apple Privacy Policy
• Google Privacy Policy
• Expo Privacy Policy
• Open-Meteo Terms

4. Publicly Visible Data

Certain data you provide may be visible to other LapPulse users:

• Track Workshop: Published track layouts (name, venue, country, description, GPS coordinates) are visible to all users. Your display name is shown as the track creator.
• Leaderboards: Your display name and lap times appear on per-track leaderboards visible to all users.
• Profile: Your profile is private by default. If you set it to public, your display name, racing number, and vehicle information may be visible to other users. Private profiles are only visible to users you have accepted as followers.
• Social: Your follower and following lists are visible to users who can view your profile.

5. Data Storage and Security

Local data (sessions, telemetry, photos) is stored on your device using the app's sandboxed file storage and AsyncStorage. This data does not leave your device unless you explicitly use a cloud feature or the device share sheet.

Cloud data is stored in Supabase (PostgreSQL database hosted on Amazon Web Services). All communication between the app and our servers uses HTTPS encryption. Database access is controlled through Row Level Security (RLS) policies, ensuring users can only access and modify their own data.

Authentication is handled by Supabase Auth using industry-standard protocols (OAuth 2.0, JWT tokens). We do not store your Apple or Google account passwords.

6. Data Retention and Deletion

Local Data

• You can delete individual sessions, tracks, and photos at any time within the app.
• Uninstalling the app removes all locally stored data.

Cloud Data

• You can delete your account from within the app. Account deletion removes your user profile, published tracks, leaderboard entries, likes, follows, and all associated data from our servers.
• You can also request account and data deletion by emailing ploomartur@gmail.com. We will process deletion requests within 30 days.

Crash report data in Firebase Crashlytics is retained according to Google's data retention policies and is automatically deleted after 90 days.

7. Your Rights

GDPR Rights (European Economic Area)

If you are located in the EEA, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete personal data
• Erase your personal data ("right to be forgotten")
• Restrict the processing of your personal data
• Data portability -- receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time for consent-based processing

To exercise these rights, contact ploomartur@gmail.com. We will respond within 30 days.

CCPA Rights (California)

If you are a California resident, you have the right to:

• Know what personal information is collected about you
• Delete your personal information
• Opt out of the sale of your personal information (we do not sell your data)
• Non-discrimination for exercising your privacy rights

LapPulse does not sell personal information. We do not share personal information with third parties for their direct marketing purposes.

8. Children's Privacy

LapPulse is not directed at children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. Motorsport participation typically requires parental or guardian consent, and we recommend parents supervise their children's use of the app.

If you believe a child under the applicable age has provided us with personal information, please contact us at ploomartur@gmail.com and we will promptly delete it.

9. International Data Transfers

Our cloud services (Supabase, Firebase, Expo) may process data in the United States or other countries outside your country of residence. When data is transferred internationally, it is protected by the service providers' data processing agreements and appropriate safeguards (such as Standard Contractual Clauses for EEA transfers).

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the app's features or applicable laws. Changes will be posted on this page with an updated effective date. For significant changes, we will notify users via an in-app notification or push notification.

Continued use of the app after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact: