Privacy Policy
Every competitive sim racer knows that telemetry and car setup data are sacred. Your braking points, throttle traces, driving style — and especially your setups — are the difference between winning and losing a race. They are yours and yours alone.
AB Racing Line analyses everything locally on your own PC. Your telemetry files, your lap data, and your car setups are never uploaded, never stored on our servers, and never seen by anyone else — including us.
This is not a legal technicality. It is the entire reason this app was built this way. As a sim racer myself, I would never build a product that hands your competitive advantage to anyone else.
I built AB Racing Line as a sim racer, for sim racers. I am 100% committed to protecting your privacy.
I will never sell, rent, share, or trade your personal data with any third party — not advertisers, not data brokers, not anyone. Your data exists for one purpose only: to make the app work for you. That is a personal promise, not just a legal obligation.
— Raul, Founder of AB Racing Line
Who we are
AB Racing Line is operated by Raul (trading as AlienBlade), based in the United Kingdom. We provide an AI-powered race engineering desktop application for iRacing simulator users.
For any privacy-related questions, contact us at raul@alienblade.co.uk.
What data we collect and why
We collect only the minimum data needed to provide the service. Here is exactly what we hold and why:
| Data | Why we collect it | Legal basis (GDPR Art. 6) |
|---|---|---|
| Email address | Account identity, login, billing communications from Stripe | Contract performance |
| First and last name | Personalising your account dashboard | Contract performance |
| iRacing username | Optional — for future leaderboard features | Consent (you provide it voluntarily) |
| Password (hashed) | Securing your account. Stored as a bcrypt hash only — we cannot read your password | Contract performance |
| Stripe customer ID & subscription status | Validating your subscription on app startup and managing billing | Contract performance |
| PC hardware fingerprint | One-device licence enforcement — a one-way hash of your MAC address, CPU ID, and hard drive serial. We cannot recover these values from the hash | Legitimate interest (licence protection) |
| Subscriber number | Computed from your signup date — used for community status and tier pricing | Contract performance |
We do not collect your iRacing telemetry files, driving data, session history, or any other data from inside the app. That data stays on your machine.
Who we share data with
We never sell, rent, or share your personal data for commercial purposes. We use a small number of trusted technology providers to operate the service:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Email address, payment method (handled entirely by Stripe — we never see your card number) |
| Supabase | Secure database hosting (EU-West region, Ireland) | All account data stored in our database |
| Render.com | Backend API hosting | No personal data stored — processes requests in transit only |
| Vercel | Website hosting | IP address (standard web server logs, not retained by us) |
| Resend | Transactional email delivery (welcome emails, billing alerts) | Email address and email content |
All providers are contractually bound to process your data only for the purposes listed above and in compliance with GDPR. No data leaves the UK/EU/EEA.
How long we keep your data
We keep your data for as long as your account is active. If you delete your account:
All personally identifiable information (name, email, iRacing username, password hash, Stripe customer ID, PC fingerprint) is immediately and permanently erased. Your subscription row is anonymised and retained for financial audit purposes only (required by UK law for 6 years).
If your subscription lapses without deletion, we retain your data for 12 months in case you wish to resubscribe, then delete it automatically.
Your rights under UK GDPR
You have the following rights regarding your personal data. To exercise any of them, email raul@alienblade.co.uk — we will respond within 30 days.
- Right of access (Article 15) — You can request a copy of all personal data we hold about you.
- Right to rectification (Article 16) — You can correct inaccurate data at any time via your account portal.
- Right to erasure (Article 17) — You can permanently delete your account and all associated data via your account portal or by emailing us. We action this immediately.
- Right to data portability (Article 20) — You can request your data in a structured, machine-readable format (JSON).
- Right to object (Article 21) — You can object to processing based on legitimate interest (e.g. PC fingerprinting). We will review and respond within 30 days.
- Right to restrict processing (Article 18) — You can ask us to pause processing of your data while a dispute is resolved.
- Right to lodge a complaint — You can complain to the UK Information Commissioner's Office (ICO) at any time.
How we protect your data
We take security seriously:
Passwords are hashed with bcrypt (cost factor 12) before storage. We cannot read your password — only verify it. It is never logged or transmitted in plain text.
PC fingerprints are stored as one-way SHA-256 hashes. The original hardware identifiers cannot be recovered from the stored hash.
All communication between the app, website, and our servers uses HTTPS/TLS encryption.
Database access is restricted to the backend API using row-level security. No direct public database access is possible.
Payment data is handled entirely by Stripe — we never see or store your card number, CVV, or full billing details.
Cookies and local storage
The AB Racing Line website uses no advertising cookies and no tracking pixels.
The account portal stores your login token in browser localStorage on your device so you stay signed in between visits. This token contains only your user ID — no personal data. You can clear it at any time by signing out or clearing your browser storage.
The desktop app stores your authentication token in a local config file on your PC. If you enable "Remember me" when signing in, your password is stored in Windows Credential Manager — the same OS-level encrypted store used by Chrome and Outlook. Your password is never transmitted anywhere except to our own login server over HTTPS, and is never stored on our servers. You can remove it at any time by signing out of the app.
Google Analytics
We use Google Analytics 4 to understand how visitors use our website — which pages are viewed, how long people stay, and where traffic comes from. This helps us improve the site. No personally identifiable information is collected.
Analytics cookies are only placed after you explicitly accept via the cookie consent banner. If you decline, no analytics data is collected. You can change your preference at any time by clearing your browser's localStorage (key: ab_analytics_consent).
Google Analytics data is processed by Google LLC under their own privacy policy. For more information, see Google's Privacy Policy.
Children's privacy
AB Racing Line is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.
Changes to this policy
If we make material changes to this policy, we will notify active subscribers by email before the changes take effect. The "last updated" date at the top of this page will always reflect the current version.
For any privacy questions, data requests, or to exercise your rights, contact:
Raul — AB Racing Line
raul@alienblade.co.uk
We aim to respond within 30 days. For urgent data erasure requests, we action same day.