🇩🇪 DE

Privacy Policy

Last updated: April 27, 2026

⚠ The legally binding version is the German original; this English copy is a courtesy translation. Whenever a new sub-processor (e.g. Sentry, Resend, Stripe) is added, a data-processing agreement under Art. 28 GDPR must be signed and reflected here.

1. Controller

The controller for the purposes of the GDPR is:

Jeremiah Schiebel
Hammstraße 30
52222 Stolberg, Germany
Email: support@simstrats.com

2. About this Processing

SimStrats is a SaaS application for live race-strategy planning in sim-racing. We collect and process personal data only to the extent required to provide the service, or where you have explicitly consented.

Personal data is processed exclusively on a lawful basis: contract performance (Art. 6 (1) lit. b GDPR), our legitimate interest (Art. 6 (1) lit. f GDPR), legal obligation (Art. 6 (1) lit. c GDPR), or your consent (Art. 6 (1) lit. a GDPR).

3. Data we Collect

Account registration & usage

  • Email address
  • Name (if provided)
  • Authentication tokens (session)
  • Subscription status (plan, term)

Legal basis: Art. 6 (1) lit. b GDPR (contract performance).

Live dashboard / stint planner

  • Race configuration (track, simulator, driver roster, stints)
  • Live telemetry from the sim (speed, tyres, fuel, position)
  • Lap times and training data
  • Chat messages in race-chat / team channels

Telemetry and chat are visible only to members of the respective race or team. Legal basis: Art. 6 (1) lit. b GDPR.

Server logs

On every page request technically necessary data (IP address, timestamp, user agent, requested resource) is processed. This data is not merged with other sources. Legal basis: Art. 6 (1) lit. f GDPR (secure operation).

4. Cookies & Similar Technologies

We use only strictly necessary cookies, in particular to maintain the login session. Consent is not required for these under § 25 (2) No. 2 TTDSG. Tracking, analytics, and advertising cookies are not used.

5. Recipients / Sub-Processors

To provide the service we use the following sub-processors. A contract under Art. 28 GDPR has been (or is being) concluded with each:

ProviderPurposeLocation / Transfer
Clerk Inc.Authentication, account management, subscription handlingUSA (Standard Contractual Clauses)
ConvexDatabase, realtime backendEU (region eu-west-1)
Google LLC (Gemini API)AI race engineer (processing of chat input)USA (Standard Contractual Clauses)
Vercel Inc.Hosting of the web applicationEU (when EU region; otherwise SCCs)

Note: When the AI feature is invoked (mention @strats), race-chat content is transferred to Google to generate a response. Google’s privacy terms apply there.

6. Retention

  • Account data: until you delete your account
  • Live telemetry (active race): kept while the race is ongoing; the live snapshot is purged 7 days after the race finishes (lap-time history is preserved)
  • Detailed lap traces for finished races: 90 days
  • Training data: until you delete it
  • Chat messages: for the lifetime of the race / team
  • Server logs: 14 days

7. Your Rights

You have the following rights at any time:

  • Access to the data stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR) — available directly under “Settings”
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR) — JSON export available under “Settings”
  • Objection to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact us at: support@simstrats.com.

8. Data Security

All data transfers are TLS-encrypted. Authentication uses JSON Web Tokens (JWT). Unauthorised access to race / team data is blocked server-side via membership checks.

9. Changes to this Policy

We may update this policy to keep it in line with current legal requirements or to reflect changes to our service. Each return visit is governed by the version then in force.

← Back to home