RaceHooks
LegalPrivacyTermsAUP← Home
Legal

Privacy Policy

Effective date: June 3, 2026·Version 1.0

Kritic LLC, a Pennsylvania limited liability company doing business as RaceHooks ("RaceHooks," "we," "us") operates a motorsport webhook delivery platform. This Privacy Policy explains what personal information we collect from users of the RaceHooks platform, API, documentation, SDKs, and communications channels, how we use it, and your rights with respect to it.

1. Information We Collect

1.1 Account Registration Data

When you create a RaceHooks account, we collect:

  • Email address — used for account management, billing communications, and product updates
  • Name or company name — for billing and account identification purposes
  • Password (stored as a salted hash, not in plain text)

1.2 API and Authentication Data

  • Client ID and client secret — generated OAuth credentials for API access. Client secrets are stored as hashes; we cannot retrieve the original value.
  • Webhook URLs — the HTTPS endpoints you register to receive deliveries. These are stored to power the delivery service.
  • Webhook secrets — HMAC signing keys. Stored as hashes; not retrievable after creation.

1.3 Usage and Technical Data

  • Webhook delivery logs — records of each delivery attempt, including: delivery timestamp, HTTP status code, response time, feed type, delivery status (success/failure/dead-letter). Payloads are stored for debugging purposes for up to 90 days.
  • API request logs — server-side logs of API calls (endpoint, timestamp, response code). Used for debugging, rate limiting, and abuse detection. Retained for 30 days.
  • Subscription and usage data — tier, billing cycle, delivery counts per race weekend. Used for billing and enforcement.
  • IP addresses — collected in server logs. Used for security monitoring and rate limiting. Retained for 30 days.

1.4 Billing Data

RaceHooks uses Stripe as its payment processor. We do not store full credit card numbers, CVV codes, or bank account numbers. Stripe receives and processes payment information directly. We store:

  • Stripe customer ID (a reference to your Stripe record)
  • Last 4 digits of card on file (for display purposes only)
  • Billing address
  • Subscription tier and billing history

Stripe's privacy policy governs Stripe's use of your payment information: stripe.com/privacy.

1.5 Support Communications

If you contact us via email or support channels, we retain those communications to provide support and improve the product.

1.6 Data We Do NOT Collect

  • We do not collect health, biometric, or sensitive personal data
  • We do not track users across third-party websites
  • We do not use advertising trackers or behavioral advertising
  • We do not collect data about end users of your applications — only about you as an API customer

2. How We Use Your Information

PurposeData UsedLawful Basis
Providing the Services (account, API, webhook delivery)All account and usage dataPerformance of contract
Billing and subscription managementAccount, billing dataPerformance of contract
Service communications (downtime, security alerts, policy changes)Email addressLegitimate interest; legal obligation
Product updates and feature announcementsEmail addressLegitimate interest (B2B), or consent where required
Security monitoring and abuse preventionIP addresses, API logsLegitimate interest
Improving the Services (aggregated analytics)Anonymized usage dataLegitimate interest
Legal compliance and dispute resolutionRelevant recordsLegal obligation; legitimate interest

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

3. Data We Share

3.1 Service Providers

We share data with the following categories of service providers who process it on our behalf:

  • Stripe — payment processing
  • Google Cloud Platform — hosting and infrastructure (us-east4 region)
  • Email service provider (e.g., Postmark, SendGrid) — transactional email delivery
  • Plausible — privacy-preserving website analytics (no cookies, no personal identifiers, no cross-site tracking)

All service providers are bound by data processing agreements consistent with applicable privacy law.

3.2 Business Transfers

If RaceHooks is acquired by or merged with another company, or if RaceHooks' assets are acquired in an acquisition, customer data may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements and Aggregated Data

We may disclose information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights or property, investigate wrongdoing, or protect user safety. We may also share aggregated, anonymized platform statistics (total deliveries, latency, customer counts) with investors or in public materials; this data does not identify any individual.

4. Data About Motorsport Drivers (Athlete Personal Data)

The RaceHooks Data API contains personal information about professional motorsport drivers, including names, nationalities, and dates of birth, sourced from Wikipedia.

  • This data concerns public figures (professional athletes) acting in their professional capacity
  • The data is publicly available and was published under CC BY-SA 4.0 by Wikipedia
  • Processing this data for the purpose of a sporting data service is legitimate under both US law and GDPR legitimate interests grounds
  • Driver images, likeness, or contact information are NOT collected or served by RaceHooks

5. Security

We protect personal information with TLS encryption in transit, hashed storage for passwords and secrets, standard GCP infrastructure controls, and limited internal access to production data. No security measure is perfect; in the event of a breach affecting your personal information we will notify you as required by law.

6. Data Retention

Data CategoryRetention Period
Account dataDuration of account + 30 days after deletion
Webhook delivery logs (with payload)90 days
API request logs30 days
IP address logs30 days
Billing records7 years (legal/tax obligation)
Support communications3 years
Aggregated/anonymized usage dataIndefinitely

When you delete your account, we delete personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes).

7. Cookies and Tracking

The RaceHooks API does not use cookies. The marketing website (racehooks.io) uses:

  • Essential cookies: Session management for the web dashboard. These cannot be disabled.
  • Privacy-preserving analytics: We use Plausible Analytics, which does not use cookies and does not track individuals across sites. It collects only aggregate, anonymized traffic metrics.

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking scripts that collect personal data or behavioral profiles.

8. Other

Children: The Services are not directed to children under 13. We do not knowingly collect their information and will delete it if discovered.

Third-party links: Our documentation links to external sites (GitHub, npm, Stripe, etc.). This policy does not apply to those sites.

10. EU/EEA and UK Residents

10.1 Data Controller

For EU/EEA and UK residents, Kritic LLC dba RaceHooks, 2014 Olivetre Dr, Cheswick, PA 15024, United States, is the data controller responsible for your personal data.

10.2 Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
  • Restriction: Request that we restrict processing of your data
  • Portability: Receive a copy of your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise these rights, email: privacy@racehooks.io. We will respond within 30 days.

10.3 Lawful Bases for Processing

Processing ActivityLawful Basis
Account management and API accessPerformance of contract (Art. 6(1)(b))
Billing and paymentPerformance of contract; legal obligation (Art. 6(1)(b), (c))
Security monitoringLegitimate interests (Art. 6(1)(f))
Product communicationsLegitimate interests; consent where required (Art. 6(1)(a), (f))
Legal complianceLegal obligation (Art. 6(1)(c))

10.4 International Data Transfers

RaceHooks processes data on Google Cloud Platform in the US (us-east4 / Northern Virginia). Transfers of EU personal data to the US are made pursuant to Standard Contractual Clauses (SCCs) as approved by the European Commission.

10.5 Data Processing Agreements

Enterprise customers requiring a Data Processing Agreement (DPA) in accordance with GDPR Article 28 may request one from: legal@racehooks.io.

10.6 Right to Complain

You have the right to lodge a complaint with your local supervisory authority. In the EU, find your supervisory authority at edpb.europa.eu. In the UK, contact the Information Commissioner's Office at ico.org.uk.

11. California Residents (CCPA)

11.1 Your CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Know/Access: Request information about categories and specific pieces of personal information we have collected, sold, or disclosed
  • Delete: Request deletion of personal information we have collected (subject to certain exceptions)
  • Correct: Request correction of inaccurate personal information
  • Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is needed.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

11.2 Categories of Personal Information Collected

CategoryCollected?
Identifiers (email, IP address)Yes
Commercial information (subscription, billing)Yes
Internet or network activity (API logs)Yes
Professional or employment-related informationLimited (company name if provided)
Sensitive personal informationNo

11.3 To Exercise Your Rights

Submit requests to privacy@racehooks.io or via the account settings page. We may need to verify your identity before responding.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email with at least 30 days' notice before the new policy takes effect. The "Effective date" at the top of this page reflects the most recent revision.

13. Contact

Privacy inquiriesprivacy@racehooks.io
Legal / DPA requestslegal@racehooks.io
Security / data breachsecurity@racehooks.io
Kritic LLC dba RaceHooks
2014 Olivetre Dr
Cheswick, PA 15024
United States
Terms of Service →Privacy Policy — Version 1.0