← All documentation

Privacy Policy

Last Updated: January 15, 2025

1. Introduction

Welcome to the Privacy Policy for doublestint.gg — iRacing Endurance Manager ("the Service", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our web application.

The Service is operated by Kyle Durnford, located in Edmonton, Alberta, Canada.

Contact Information:

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address
  • Display name or username
  • iRacing ID (obtained through OAuth authentication)
  • Discord ID (optional, if you choose to connect your Discord account)
  • Password (stored as an encrypted hash, never in plain text)

Team and Race Information:

  • Team memberships and roles
  • Race schedules and participation
  • Driver availability schedules
  • Car setup preferences

User-Generated Content:

  • Car setup files (.sto format)
  • Race notes and comments
  • Team communications
  • Practice session logs

Payment Information:

  • Payment information is collected and processed by Stripe, Inc.
  • We do not store your complete credit card numbers
  • We store only:
    • Last 4 digits of card (for reference)
    • Card expiration date
    • Billing email
    • Stripe customer ID

2.2 Information Collected from iRacing

When you authenticate with iRacing through OAuth, we collect:

  • Your iRacing member ID
  • Your iRacing member name
  • Team memberships registered on iRacing
  • Access tokens for API communication (securely encrypted)

During Active Races (via iRacing SDK):

  • Real-time telemetry data (speed, lap times, fuel levels, tire data, etc.)
  • Session information (race details, lap counts, flags)
  • Position and timing data
  • Car setup data from the simulator

Via iRacing API:

  • Race results and statistics
  • Historical lap times and performance data
  • Team roster information
  • Car and track information

2.3 Automatically Collected Information

Usage Data:

  • Pages visited and features used
  • Time spent on the Service
  • Clicks and interactions
  • Feature usage patterns

Technical Data:

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Referring website
  • Date and time of access

Cookies and Similar Technologies: We use cookies and similar tracking technologies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze usage patterns
  • Improve the Service

Types of cookies we use:

  • Essential cookies: Required for Service functionality (authentication, session management)
  • Preference cookies: Remember your settings and choices
  • Analytics cookies: Help us understand how the Service is used
  • Performance cookies: Monitor Service performance and reliability

You can control cookies through your browser settings. Note that disabling certain cookies may limit Service functionality.

2.4 Information We Do Not Collect

We do NOT collect:

  • Your iRacing password (OAuth authentication never exposes passwords)
  • Social Security Numbers or other government IDs
  • Precise geolocation data
  • Sensitive personal information (race, ethnicity, religious beliefs, health data)
  • Information from children under 13

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

Provide the Service:

  • Create and manage your account
  • Authenticate your identity
  • Display race telemetry and statistics
  • Coordinate team schedules and availability
  • Store and share car setups within teams
  • Process and display iRacing data
  • Provide customer support

Process Payments:

  • Process subscription payments through Stripe
  • Send payment receipts and invoices
  • Manage subscription status and billing
  • Detect and prevent fraud

Improve the Service:

  • Analyze usage patterns and trends
  • Identify and fix bugs
  • Develop new features
  • Optimize performance
  • Test new functionality

Communicate with You:

  • Send transactional emails (account changes, password resets)
  • Send Service announcements and updates
  • Respond to support requests
  • Send billing and payment notifications
  • Notify you of Terms or Privacy Policy changes

Legal Compliance:

  • Comply with applicable laws and regulations
  • Respond to legal processes and government requests
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Resolve disputes

3.2 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data based on:

  • Contract: Processing necessary to provide the Service you've requested
  • Consent: Where you have given explicit consent (e.g., connecting Discord account)
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, such as:
    • Improving the Service
    • Detecting and preventing fraud
    • Ensuring security
    • Analyzing usage patterns
  • Legal Obligation: Where required by law

3.3 Marketing Communications

We do NOT send marketing emails unless you explicitly opt in. We only send:

  • Transactional emails (essential Service communications)
  • Account and security notifications
  • Billing and subscription updates
  • Service announcements

You cannot opt out of essential transactional emails, but you may opt out of optional announcements through your account settings.

4. How We Share Your Information

4.1 Information Sharing Within Teams

When you join a team on the Service:

  • Other team members can see your display name and availability
  • Team members can see race data for races you participate in
  • Team members can access car setups you share with the team
  • Team coordinators can see your scheduled drive times

4.2 Third-Party Service Providers

We share information with trusted third-party service providers who help us operate the Service:

Amazon Web Services (AWS):

  • Purpose: Hosting, data storage, and infrastructure
  • Data Shared: All Service data (stored on AWS servers)
  • Location: US-East-2 region (Ohio, USA)
  • Protections: Standard Contractual Clauses for GDPR compliance

Stripe, Inc.:

  • Purpose: Payment processing
  • Data Shared: Payment information, billing email, purchase amounts
  • Location: United States
  • Protections: PCI-DSS compliance, Stripe's Privacy Policy applies

AWS WorkMail:

  • Purpose: Email delivery and communications
  • Data Shared: Email addresses, message content
  • Location: AWS infrastructure
  • Protections: Encryption in transit and at rest

These service providers are contractually obligated to:

  • Use your data only for specified purposes
  • Protect your data with appropriate security measures
  • Not use your data for their own purposes
  • Comply with applicable data protection laws

4.3 iRacing Integration

Data from iRacing:

  • We receive data from iRacing's API and SDK as described in Section 2.2
  • This data is subject to iRacing's Privacy Policy and Terms of Service
  • We do not share your doublestint.gg data back to iRacing

OAuth Tokens:

  • We store encrypted OAuth access tokens to communicate with iRacing's API
  • These tokens allow us to retrieve your iRacing data on your behalf
  • You can revoke our access at any time through iRacing's account settings

4.4 Legal Requirements

We may disclose your information if required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to government or law enforcement requests
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of others
  • Detect, prevent, or address fraud or security issues

4.5 Business Transfers

If the Service is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will:

  • Notify you via email and/or prominent notice on the Service
  • Provide information about the acquiring party
  • Ensure the new entity honors this Privacy Policy
  • Give you choices about your data

4.6 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually, such as:

  • Usage statistics and trends
  • Performance benchmarks
  • Anonymous race statistics

This data may be shared publicly or with partners for analytical purposes.

4.7 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

5.1 Active Accounts

While your account is active, we retain:

  • Account information indefinitely (until account deletion)
  • Race data and telemetry for the duration of your subscription
  • Setup files until you delete them
  • Communication logs for support purposes (12 months)

Free Tier Limitations:

  • Historical race data may be archived after 12 months of inactivity
  • Archived data may be deleted after an additional 12 months

Pro Tier:

  • All race data retained for the duration of your subscription
  • Data retained for 30 days after subscription cancellation, then subject to Free tier rules

5.2 Deleted Accounts

Upon account deletion:

Deleted Within 30 Days:

  • Email address
  • iRacing ID
  • Discord ID
  • Setup files
  • Team associations
  • Account credentials

Retained in Anonymized Form:

  • Anonymized race statistics (lap times, telemetry data)
  • Aggregated usage data for analytics
  • No personally identifiable information remains

Retained for Legal Compliance:

  • Payment records (required for tax and accounting purposes, 7 years)
  • Records required by law or for dispute resolution

iRacing API Data:

  • Some historical data remains accessible through iRacing's own systems
  • This data is subject to iRacing's data retention policies
  • We have no control over iRacing's data retention

5.3 Legal Holds

We may retain data longer if required for legal proceedings, investigations, or regulatory requirements.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your data:

Technical Safeguards:

  • HTTPS/TLS encryption for all data in transit
  • Encryption of sensitive data at rest (OAuth tokens, passwords)
  • Secure password hashing (bcrypt or similar)
  • Regular security updates and patches
  • Firewall protection and intrusion detection
  • Secure API authentication (OAuth 2.0)

Access Controls:

  • Limited employee/contractor access to personal data
  • Multi-factor authentication for administrative access
  • Regular access reviews and audits
  • Principle of least privilege

Monitoring:

  • Security logging and monitoring
  • Automated threat detection
  • Regular security assessments

6.2 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours (as required by GDPR)
  • Describe the nature of the breach
  • Explain potential consequences
  • Describe measures taken to address the breach
  • Provide recommendations to protect yourself
  • Notify relevant regulatory authorities as required

6.3 Your Security Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your password
  • Using a strong, unique password
  • Not sharing your account credentials
  • Logging out of shared devices
  • Notifying us immediately of unauthorized access

6.4 Limitations

No system is completely secure. While we implement reasonable security measures:

  • We cannot guarantee absolute security
  • You use the Service at your own risk
  • We are not liable for unauthorized access beyond our reasonable control

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Receive a copy of your data in a machine-readable format (JSON)

To request your data:

  • Email support@doublestint.gg with "Data Export Request" in the subject
  • We will provide your data within 30 days
  • You may make this request once per 12 months free of charge

7.2 Correction and Updates

You have the right to:

  • Correct inaccurate personal information
  • Update your account information

To update your information:

7.3 Deletion (Right to Erasure)

You have the right to request deletion of your personal information.

To delete your account:

  • Use the account deletion feature in your account settings
  • Or email support@doublestint.gg with "Account Deletion Request"

Upon deletion:

  • Personal identifiers deleted within 30 days
  • Anonymized data may be retained as described in Section 5.2
  • Some data may be retained for legal compliance

Note: We cannot delete data from iRacing's systems. Contact iRacing directly for their data practices.

7.4 Objection and Restriction

You have the right to:

  • Object to processing of your data for direct marketing (we don't do this unless you opt in)
  • Request restriction of processing under certain circumstances

Contact support@doublestint.gg to exercise these rights.

7.5 Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time:

  • Disconnect Discord integration in account settings
  • Revoke iRacing OAuth access through iRacing's account settings
  • Unsubscribe from optional communications

Withdrawing consent does not affect the lawfulness of processing before withdrawal.

7.6 Cookie Preferences

You can manage cookies through your browser settings:

  • Block all cookies (may prevent Service functionality)
  • Delete existing cookies
  • Set preferences for third-party cookies

Most browsers accept cookies by default. Consult your browser's help documentation for instructions.

7.7 Complaint to Supervisory Authority

If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

For Canadian users: You may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca

8. International Data Transfers

8.1 Data Storage Location

Your data is stored on Amazon Web Services (AWS) servers located in the US-East-2 region (Ohio, USA).

8.2 Transfers from the EEA/UK/Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, your data will be transferred to the United States.

Legal Basis for Transfer: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission. AWS has implemented SCCs for data transfers, and we utilize their infrastructure.

Safeguards:

  • Standard Contractual Clauses
  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security audits
  • Compliance with GDPR requirements

8.3 Canadian Data

As a Canadian-operated service, we comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

9. Children's Privacy

9.1 Age Requirement

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Age Verification: By creating an account, you represent that:

  • You are at least 13 years of age
  • You have an iRacing account (which requires being 13+)
  • You have authority to agree to this Privacy Policy

9.2 Parental Rights

If you believe we have inadvertently collected information from a child under 13:

  • Contact us immediately at support@doublestint.gg
  • Provide details about the account
  • We will delete the account and all associated data within 24 hours

Parents and guardians have the right to:

  • Review their child's personal information
  • Request deletion of their child's information
  • Refuse further collection of their child's information

10. California Privacy Rights (CCPA)

10.1 CCPA Applicability

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA).

10.2 Information We Collect

Categories of personal information we collect (as described in Section 2):

  • Identifiers (email, iRacing ID, Discord ID)
  • Commercial information (purchase history, subscriptions)
  • Internet activity (usage data, interactions)
  • Professional information (team memberships, racing data)

10.3 Your CCPA Rights

Right to Know:

  • You may request details about the personal information we've collected about you
  • Request twice per 12 months free of charge

Right to Delete:

  • You may request deletion of your personal information
  • Subject to certain exceptions (legal compliance, fraud prevention)

Right to Opt-Out:

  • We do not "sell" personal information as defined by CCPA
  • We do not share data for cross-context behavioral advertising

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your CCPA rights

10.4 Exercising CCPA Rights

To exercise your rights:

  • Email support@doublestint.gg with "CCPA Request" in the subject
  • Specify which right you're exercising
  • Provide sufficient information to verify your identity
  • We will respond within 45 days

10.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must:

  • Provide written authorization from you
  • Verify their identity
  • Verify your identity

11. European Privacy Rights (GDPR)

11.1 Data Controller

Kyle Durnford is the data controller for your personal information under GDPR.

11.2 Legal Basis for Processing

We process your data based on:

  • Contract: Providing the Service you've requested
  • Consent: For optional features (Discord integration)
  • Legitimate Interests: Service improvement, security, fraud prevention
  • Legal Obligation: Compliance with laws

11.3 Your GDPR Rights

  • Right of Access: Obtain confirmation and copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File complaint with supervisory authority

11.4 Exercising GDPR Rights

Contact support@doublestint.gg to exercise your rights. We will respond within 30 days (extendable to 60 days for complex requests).

11.5 Data Protection Officer

As a small operation, we are not required to appoint a Data Protection Officer. Privacy inquiries should be directed to support@doublestint.gg.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or functionality
  • Legal or regulatory requirements
  • Industry best practices

12.2 Notification

When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email at your registered email address
  • Display a notice in the Service
  • For material changes: provide 30 days' notice before changes take effect

12.3 Material Changes

Material changes include:

  • Significant changes to data collection practices
  • New uses of personal information
  • Changes to data sharing practices
  • Reduction in your privacy rights

12.4 Your Options

After notification of changes:

  • Continued use of the Service constitutes acceptance
  • If you disagree with changes, you may delete your account
  • You have 30 days to delete your account before material changes take effect

13. Contact Us

13.1 Privacy Questions

If you have questions about this Privacy Policy or our data practices:

Email: support@doublestint.gg
Location: Edmonton, Alberta, Canada

We will respond to privacy inquiries within 5 business days.

13.2 Data Subject Requests

For data access, deletion, or other privacy rights requests:

Email: support@doublestint.gg
Subject Line: Include "Privacy Request" or "GDPR Request" or "CCPA Request"

We will respond within:

  • 30 days for GDPR requests (extendable to 60 days)
  • 45 days for CCPA requests (extendable to 90 days)
  • 30 days for general requests

13.3 Security Issues

To report security vulnerabilities or data breaches:

Email: support@doublestint.gg
Subject Line: "SECURITY ISSUE - URGENT"

We take security seriously and will investigate all reports promptly.

14. Additional Information

14.1 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals. You can manage cookies through your browser settings as described in Section 7.6.

14.2 Third-Party Links

The Service may contain links to third-party websites (iRacing, Discord, etc.). We are not responsible for the privacy practices of these websites. Please review their privacy policies.

14.3 Public Information

Information you share in team chats or public areas of the Service may be visible to other users. Do not share sensitive personal information in these areas.

14.4 Data Accuracy

We rely on you to provide accurate information. You are responsible for maintaining accurate account information through your account settings.

By using doublestint.gg, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Updated: January 15, 2025
Effective Date: January 15, 2025