top of page

Privacy Policy

RaceProX Privacy Policy

Last updated: 28 May 2026
Effective date: 28 May 2026

1. Who We Are

RaceProX is operated by Dynomatik Limited.

Dynomatik Limited
2 Chichester Drive
Cannock, Staffs
WS12 3YL
United Kingdom

Contact: Support@dynomatik.com

In this Privacy Policy, "RaceProX", "we", "us", and "our" mean Dynomatik Limited. "Services" means the RaceProX platform, RaceProX mobile app, RaceProConnect, white-label mobile apps, web dashboards, guest links, event tools, and related services we provide.

2. What This Policy Covers

This Privacy Policy explains how we collect, use, share, retain, and protect personal data when people use or are included in our Services.

It applies to:

  • people who create or use a RaceProX account

  • users of white-label apps powered by RaceProX

  • event guests using access codes, QR codes, invitations, PDFs, or guest links

  • organisation administrators using RaceProX dashboards

  • people whose data is uploaded by a team, organisation, event organiser, supplier, sponsor, or administrator

  • people using RaceProConnect networking and messaging features

  • people who appear in event, travel, attendee, guest, document, media, or contact records

  • people accessing public or token-based features such as calendar feeds, TV display links, guest links, or event information links

Some personal data is provided directly by you. Some personal data may be provided by an organisation that uses RaceProX, such as your team, employer, event host, sponsor, supplier, or race organisation.

3. Our Role And Customer Roles

RaceProX is used by organisations to manage motorsport events, people, guests, travel, communications, documents, media, and operational content.

Depending on the situation, we may act as either:

  • a controller, where we decide why and how personal data is used; or

  • a processor, where we process personal data on behalf of an organisation customer and follow that customer's instructions.

We usually act as a controller for:

  • account registration and login

  • platform security

  • audit logs

  • product analytics

  • crash/error diagnostics

  • service improvement

  • RaceProConnect networking and direct user-to-user communications outside organisation-controlled event spaces

  • legal compliance and abuse prevention

An organisation customer will usually be the controller for data it uploads, configures, or manages in RaceProX, including:

  • event attendees and guests

  • team members and organisation membership

  • travel assignments and itineraries

  • event documents and media

  • messages, notifications, schedules, maps, links, guides, FAQs, and event content

  • guest invitations and event access codes

  • data imported by administrators using AI-assisted tools

Where we process personal data for an organisation customer, that organisation is responsible for making sure it has a valid legal basis to provide and use that data. We support the organisation as its service provider.

4. Information We Collect

Account And Profile Data

We may collect and process:

  • name

  • email address

  • phone number

  • profile image or avatar

  • password and authentication information

  • account ID and session identifiers

  • preferred language

  • nationality or country of residence, if provided

  • organisation membership and approval status

  • event access status

  • admin status or internal administrator status

  • security settings, where applicable

Guest And Ticket Data

For event guests, we may process:

  • name

  • email address

  • access code

  • event and organisation association

  • invitation status

  • ticket count and related ticket records

  • ticket PDFs or guest links

  • check-in, redeemed, or access timestamps

  • device ID and push notification token, if notifications are enabled

Guests do not need a full RaceProX account. Guest access is normally limited to a specific event or organisation context.

Event And Operational Data

We may process event-related data such as:

  • event access and group/silo membership

  • schedules and sessions

  • maps, locations, venues, and links

  • guides, FAQs, contacts, key people, sponsors, drivers, cars, and reference content

  • messages, announcements, and track updates

  • event documents

  • event photos, videos, stories, live media, and galleries

  • content visibility and targeting settings

Much of this information is provided, configured, or managed by organisation customers.

Travel Data

RaceProX may be used to manage travel and event logistics. We may process:

  • flight numbers, airlines, airports, terminals, gates, times, status, seats, class, and booking references

  • hotel names, room types, check-in/check-out dates, confirmation numbers, and room occupants

  • hire car/rental details, vehicles, pickup/dropoff locations, pickup/dropoff times, and booking references

  • train operators, routes, seats, carriage details, times, and booking references

  • passenger, occupant, and attendee relationships

Travel data may be entered manually, uploaded by an organisation administrator, imported from documents, or enriched through third-party travel data providers.

Digital Vault And Sensitive Data

The Digital Vault allows users to store and share selected information with organisations. Depending on the fields enabled and information entered, this may include:

  • mobile phone number

  • emergency contact name, phone, and relationship

  • medical conditions

  • passport full name, passport number, passport expiry, and passport nationality

  • date of birth

  • national ID number

  • frequent flyer programmes and membership numbers

  • home airports and travel preferences

  • driving licence and rental programme details

Some of this information is sensitive. Medical conditions and health-related information may be special category data under UK GDPR or similar laws.

Sensitive vault fields are protected with additional safeguards, including encryption for sensitive values, access controls, sharing controls, and audit logging. The mobile app may require device biometric authentication, such as Face ID, Touch ID, or fingerprint, to unlock the vault. Biometric checks are handled locally by the device/platform and RaceProX does not receive or store biometric templates.

Users should only enter information that is necessary for the relevant event, travel, safety, or operational purpose.

Communications And RaceProConnect

We may process communications data, including:

  • event messages and announcements

  • direct messages

  • RaceProConnect connections

  • QR connection tokens

  • connection requests and responses

  • sender and recipient profile previews

  • message timestamps

  • read/unread metadata

RaceProConnect allows users to connect and communicate outside organisation-controlled event spaces. RaceProX acts as controller for that networking feature.

We do not describe RaceProConnect messages as end-to-end encrypted unless and until that is technically true.

Device, Usage, Analytics, And Diagnostics

We may process technical and usage data, including:

  • device or installation ID

  • app variant

  • bundle ID

  • platform, such as iOS, Android, or web

  • app version

  • push notification token

  • IP address and user-agent, especially for security and audit logs

  • app events, such as sign-in, sign-out, guest code entry, document download, video play, schedule view, travel view, widget tap, map open, and vault open

  • crash reports, errors, diagnostic breadcrumbs, and related metadata

We use analytics and diagnostics to understand feature usage, improve the product, maintain reliability, investigate errors, and protect the platform.

Uploaded Content And Files

We may process files and content uploaded by users or organisation administrators, including:

  • event documents

  • travel documents

  • PDFs, images, spreadsheets, pasted text, and other files used for AI-assisted imports

  • profile images and avatars

  • event photos and videos

  • feedback screenshots or attachments

  • generated guest PDFs

Public And Token-Based Link Data

Some Services may be accessible using links or tokens rather than account login, such as:

  • guest links

  • ticket or QR links

  • calendar feeds

  • TV display links

  • public event or map data links

When these links are used, we may process token/access metadata, request metadata, and the event or schedule data exposed by the link.

5. Where We Get Personal Data From

We may receive personal data:

  • directly from you

  • from your team, employer, event organiser, sponsor, supplier, or organisation administrator

  • from other users, for example through RaceProConnect, chat, or attendee features

  • from documents or files uploaded by administrators

  • from travel and place data providers

  • from device/platform services

  • from analytics and diagnostic tools

  • from security logs and audit events

If an organisation provides your data to RaceProX, that organisation is responsible for telling you how and why it uses your data where required by law.

6. How We Use Personal Data

We use personal data to:

  • create, authenticate, and manage accounts

  • provide event access and app functionality

  • provide white-label apps and organisation-specific experiences

  • manage guest access, invitations, access codes, and ticket PDFs

  • display event schedules, maps, documents, contacts, content, and operational information

  • manage travel and logistics

  • enable RaceProConnect connections and messaging

  • send push notifications and operational communications

  • provide Digital Vault storage, sharing, and access controls

  • process administrator-uploaded documents and travel data

  • support AI-assisted imports

  • provide customer support

  • improve, secure, and maintain the Services

  • monitor usage and diagnose errors

  • keep audit logs and investigate security events

  • comply with legal obligations

  • establish, exercise, or defend legal rights

7. Legal Bases For Processing

Depending on the data and context, we may rely on one or more of the following legal bases:

  • Contract: where processing is needed to provide the Services to you or an organisation customer.

  • Legitimate interests: where processing is needed to operate, secure, improve, and support the Services, provided those interests are not overridden by your rights.

  • Legal obligation: where we must process data to comply with applicable laws.

  • Consent: where we ask for consent, such as certain optional features, device permissions, or sensitive data sharing choices.

  • Customer instructions: where we process data as a processor for an organisation customer.

For special category data, such as health-related information, an additional legal condition may be required under UK GDPR or similar laws. Where required, we rely on an appropriate lawful basis and additional condition for processing that data.

8. AI-Assisted Features

RaceProX includes AI-assisted import and parsing features. These may help administrators extract or organise information from documents, travel files, text, PDFs, images, or other uploaded materials.

AI-assisted parsing is live and currently uses Google Gemini.

When an administrator uses these features:

  • uploaded content may be sent to Google Gemini or related Google services for processing

  • the output may include suggested travel, event, guest, or operational data

  • administrators remain responsible for reviewing and verifying outputs before relying on them or sharing them with users

  • AI output may be inaccurate, incomplete, or require correction

We use appropriate account, contractual, and technical settings for these AI services where available.

9. Push Notifications

If push notifications are enabled, we may process push tokens, device identifiers, app variant, bundle ID, platform, app version, target audience, notification content, delivery status, and related logs.

Organisation administrators may send or schedule notifications to event members, guests, groups, or selected users. In those cases, the organisation usually decides the notification content and audience.

You can control push notification permissions through your device settings. Disabling push notifications may mean you miss operational updates.

10. How We Share Personal Data

With Organisation Customers And Administrators

We share data with organisation customers and their authorised administrators where needed to provide the Services. This may include:

  • member and guest records

  • event access and attendance information

  • travel assignments and itineraries

  • uploaded documents and media

  • event communications

  • notification delivery information

  • vault data that a user has shared or that is otherwise available under configured permissions

Organisation administrators may upload information about people and choose how event content is targeted or displayed.

With Other Users

Depending on features and settings, other users may see limited information such as:

  • name

  • avatar

  • role/title

  • attendance or group context

  • shared phone number

  • RaceProConnect profile preview

  • messages or communications sent within a shared space

RaceProConnect shares limited profile information to support connection requests and user-to-user messaging.

With Service Providers

We use third-party providers to operate the Services. Current production providers include:

ProviderPurpose

Supabaseauthentication, database, storage, edge functions, realtime services

Cloudflarehosting, workers, delivery, public/token-based surfaces

PostHog EUproduct analytics

Sentryerror and crash reporting

Firebase Cloud Messagingpush notification delivery

Apple Push Notification serviceiOS push notification delivery

Postmarktransactional email, invitations, OTPs, password reset messages

Google Placesplace, hotel, map, and venue lookups

Ciriumflight and airport data enrichment

Google GeminiAI-assisted document and travel parsing

Apple App Storeapp distribution and platform services

Google Playapp distribution and platform services

We maintain information about the service providers we use and update it as our Services change.

For Legal, Security, And Business Reasons

We may share personal data where necessary to:

  • comply with law

  • respond to lawful requests

  • protect users, customers, RaceProX, or the public

  • investigate fraud, abuse, security events, or misuse

  • enforce terms or contracts

  • support a business sale, merger, financing, restructuring, or transfer of assets

11. International Transfers

Dynomatik Limited is based in the United Kingdom, and the Services are available globally.

Personal data may be processed in the UK, EEA, United States, or other countries depending on the service provider, user location, customer configuration, and technical infrastructure.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, standard contractual clauses, UK international data transfer terms, or other lawful transfer mechanisms.

The safeguards used may vary depending on the provider and processing activity.

12. Retention

We keep personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our current retention approach includes:

  • Account data: retained while the account is active. If a user deletes their account, account deletion occurs after 30 days, subject to exceptions.

  • Audit and security logs: may be retained where needed for security, compliance, dispute handling, or legal reasons. Some audit logs are designed to be preserved even if a user account is later deleted.

  • Push tokens: inactive push tokens are deleted after 90 days.

  • Notification logs: notification logs are deleted after 90 days.

  • Guest document signed URLs: signed URLs may expire after a short period, such as 1 hour, but this does not necessarily delete the underlying file.

  • OTP and password reset data: verification and reset tokens expire after short periods.

  • Event, guest, travel, document, photo, video, and chat data: retained unless deleted through a user request, customer request, contract process, legal requirement, or product deletion process.

  • RaceProConnect messages and DMs: retained unless deleted through a defined user, legal, or platform process.

We may review and update retention periods over time to reflect legal, operational, security, customer, and product requirements.

Where RaceProX processes data on behalf of an organisation customer, retention and deletion may depend on that customer's instructions, contract terms, and legal obligations.

13. Your Rights

Depending on where you are located and which laws apply, you may have rights to:

  • access your personal data

  • correct inaccurate data

  • delete your data

  • restrict processing

  • object to processing

  • receive a portable copy of your data

  • withdraw consent where processing is based on consent

  • complain to a data protection authority

To exercise rights, contact Support@dynomatik.com.

If your request relates to data controlled by an organisation customer, such as event, travel, guest, or team data that the organisation uploaded or manages, we may direct you to that organisation or work with that organisation to respond.

UK users may have the right to complain to the Information Commissioner's Office. Users in other countries may have the right to complain to their local data protection authority.

14. Account Deletion

Mobile app users may request account deletion through the app where available.

Based on the current product position, account data is retained for 30 days after deletion is requested and then deleted, subject to exceptions for:

  • security records

  • audit logs

  • legal compliance

  • dispute handling

  • fraud or abuse prevention

  • customer-controlled data where RaceProX acts as processor

  • records that must be retained or anonymised rather than deleted

Deleting your RaceProX account may not automatically delete all event, guest, travel, document, media, or organisation records if an organisation customer controls that data.

15. Children And Under-18 Users

RaceProX is not intended for children to use independently.

Under-18 users may appear in motorsport contexts, such as young drivers, guests, team members, or attendees. Where an organisation provides access to a person under 18 or uploads data about a person under 18, that organisation is responsible for having appropriate authority, consent, or legal basis to do so.

Additional age thresholds or parental/guardian consent requirements may apply in some regions.

16. Security

We use technical and organisational measures designed to protect personal data. These may include:

  • authentication and access controls

  • row-level and server-side access checks

  • private storage for certain event documents

  • signed URLs for time-limited document access

  • encryption for sensitive vault values

  • device biometric unlock for vault access where supported

  • no offline cache for vault data

  • audit logs for sensitive or security-relevant events

  • push token cleanup

  • notification targeting controls

  • monitoring and diagnostics for reliability and security

No service can guarantee absolute security. Users and organisation administrators should keep accounts, passwords, devices, access codes, and guest links secure.

17. Cookies, Local Storage, And Similar Technologies

RaceProX does not use cookies.

The Services may still use:

  • local storage or session storage for authentication and app functionality

  • mobile app storage for sessions, settings, offline documents, cache, and guest access

  • device or installation identifiers

  • analytics SDK identifiers

  • platform services used by Apple, Google, or other providers

If we introduce cookies in the future, we will update this policy or provide any additional notice required by law.

18. Automated Decision-Making

RaceProX does not currently make solely automated decisions that have legal or similarly significant effects on users.

AI-assisted import features may suggest extracted data, but administrators are responsible for reviewing and confirming outputs before use.

19. White-Label Apps

Some mobile apps powered by RaceProX may be branded for a specific organisation. These white-label apps are published through Dynomatik's developer account unless a specific app uses a different arrangement.

The organisation associated with a white-label app may control event, member, guest, travel, document, and operational data in that app. Dynomatik Limited operates the underlying technology and may process data as described in this Privacy Policy.

20. Changes To This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users or customers, such as updating the effective date, publishing the updated policy, or providing in-app or email notice where appropriate.

21. Contact Us

For privacy questions or requests, contact:

Dynomatik Limited
2 Chichester Drive
Cannock, Staffs
WS12 3YL
United Kingdom

Support@dynomatik.com

bottom of page