Privacy Policy

At PitLane Travel, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our F1 travel planning platform.

Important Notice About Service Providers:

To help plan your F1 experience, we connect you with official event and travel service providers. When you make a booking:

  • Your booking information will be shared with the relevant service providers
  • Each provider has their own privacy policies and data practices
  • We are not responsible for provider data handling
  • Please review provider privacy policies before booking

1. Information We Collect

1.1 Platform Information

  • Name and contact details
  • Login credentials
  • Profile preferences
  • Payment information (processed by Stripe)

1.2 Booking Information

  • Race and travel preferences
  • Passport/ID for booking requirements
  • Travel companion details
  • Special requirements

2. Information Sharing

2.1 Service Provider Data Sharing

When you make a booking:

  • Required booking information is shared with service providers
  • Providers become independent data controllers
  • Provider privacy policies will apply
  • We cannot control provider data usage

2.2 Platform Partners

We work with essential service partners:

  • Stripe (payment processing)
  • Clerk (authentication)
  • PostHog (analytics)
  • Supabase (database)

3. Data Usage

3.1 Platform Operations

  • Help plan your F1 experience
  • Process payments
  • Provide customer support
  • Improve platform features

3.2 Communication

  • Booking confirmations
  • Travel planning updates
  • Marketing (with consent)

4. Data Security

We protect your platform data through:

  • SSL/TLS encryption
  • Access controls
  • Regular security audits

Security Limitations:

While we secure your platform data, we cannot guarantee the security of:

  • Data after transfer to service providers
  • Provider systems and practices
  • Third-party services used by providers

5. Your Rights

5.1 Platform Data

For data we control, you can:

  • Access your data
  • Request corrections
  • Delete your account
  • Opt-out of marketing

5.2 Provider Data

For data shared with service providers:

  • Contact providers directly
  • Review provider privacy policies
  • Follow provider data procedures

6. Data Retention

  • Account data: Until deletion
  • Transaction records: 7 years
  • Analytics: 26 months
  • Provider data: Per provider policies
  • Marketing preferences: Until updated
  • Communication history: 3 years

7. Cookies & Tracking

7.1 Essential Cookies

  • Authentication status
  • Session management
  • Security features
  • Basic functionality

7.2 Analytics Cookies

  • Usage patterns (PostHog)
  • Feature interaction
  • Performance monitoring
  • Error tracking

7.3 Marketing Cookies

Only set with explicit consent:

  • Personalization preferences
  • Marketing campaign tracking
  • Social media integration

8. International Data Transfers

Data Transfer Notice:

  • Data may be processed in different jurisdictions
  • We use EU-approved standard contractual clauses
  • Partners maintain adequate data protection standards
  • You can request information about data locations

9. Legal Basis (GDPR)

9.1 We process data based on:

  • Contract fulfillment (bookings, accounts)
  • Legal obligations (financial records)
  • Legitimate interests (platform improvement)
  • Consent (marketing, cookies)

9.2 Your GDPR Rights

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

10. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access personal information
  • Right to equal service and price

11. Social Media Integration

Social Media Notice:

  • Social login data usage
  • Social sharing functionality
  • Platform interaction tracking
  • Third-party social widgets

12. Children's Privacy

Our platform is not intended for children under 16:

  • We do not knowingly collect data from children
  • Parent/guardian consent required for users under 16
  • Contact us to remove underage user data

13. Contact Us

For platform privacy inquiries only:
Email: privacy@pitlanetravel.com
Data Protection Officer: privacy@pitlanetravel.com
For provider data inquiries, please contact your service provider directly.

Last updated: January 2025

Effective date: February 1, 2025

Previous versions available upon request