Sign in

Privacy Policy

Last updated: March 25, 2026

SimProfile is operated by Appgineering GbR (hereinafter “Appgineering”). This policy explains how we collect, use, and protect your personal data when you use our service.

Data We Collect

When you sign in with your iRacing account, we receive and store:

  • Your iRacing display name and customer ID
  • Your real name (as provided by iRacing)
  • Your email address
  • Your avatar URL

We also automatically collect:

  • IP address and user agent (stored in our consent audit log)
  • Session data (authentication cookies)

How We Use Your Data

Authentication

We use iRacing OAuth to verify your identity. Your iRacing credentials are never shared with us — authentication is handled entirely by iRacing.

Consent Management

The core purpose of SimProfile is to let you control whether your real name is displayed on public facing Appgineering services such as Live Timing. When you enable name display consent, your real name may be shared with these services via our API. When disabled, only your iRacing display name is used.

Audit Logging

Every consent change is recorded in an append-only audit log with your IP address, user agent, and a timestamp. This log is maintained for legal compliance and security purposes.

Lawful Basis for Processing

  • Consent (Article 6(1)(a) GDPR): Displaying your real name on public facing Appgineering services.
  • Contract performance (Article 6(1)(b)): Authentication and core service functionality.
  • Legitimate interest (Article 6(1)(f)): Security logging, session management, and fraud prevention.

Data Sharing

When you consent to displaying your real name, it is made available to other public facing Appgineering services (e.g., Live Timing) via an authenticated API. We do not sell or share your data with any third parties outside of Appgineering.

Cookies

SimProfile uses only strictly necessary session cookies for authentication. We do not use tracking, analytics, or marketing cookies. No cookie consent banner is required for essential cookies under the ePrivacy Directive.

Data Retention

  • Account data: Retained until you delete your account.
  • Session data: Automatically expired by the authentication system.
  • Audit log: Retained for compliance purposes. When you delete your account, audit log entries are anonymized (personal identifiers are removed) but the consent action records are kept.

Your Rights

Under the GDPR, you have the right to:

  • Accessyour personal data — visible on your profile page.
  • Rectification— your profile data is synced from iRacing on each sign-in. Update your details at iRacing to correct them here.
  • Erasure— delete your account from your profile page at any time.
  • Withdraw consent— toggle your name display preference off at any time.
  • Data portability— contact us to request an export of your data.
  • Lodge a complaint with your local data protection authority.

Contact

For data protection inquiries, contact us at privacy@appgineering.com.