Skip to content
Unfair Racing — racing helmet with cyan circuit traces

Privacy

What we collect — and what stays on your machine.

Last updated: 28 May 2026.

This Privacy Policy explains how Mikalsen AI AS ("we", "us", "Unfair Racing") collects, uses, and protects personal data when you use the Unfair Racing desktop app, the Unfair Racing mobile companion apps for iOS and Android, and this website. We built Unfair Racing to be local-first: most of your racing data stays on your own device, and we collect as little as we can to run the service.

We never sell your personal data, we do not use it for advertising, and we run no advertising SDKs. We do use two privacy-respecting tools — PostHog (product analytics and session replay, hosted in the EU) and Sentry (crash and error reporting) — to understand how features are used and to fix bugs. This policy describes exactly what we collect, why, who processes it on our behalf, and the rights you have over it.

Who we are (data controller)

Unfair Racing is operated by Mikalsen AI AS, a company registered in Norway with organisation number 932 254 026. Mikalsen AI AS is the data controller responsible for the personal data described in this policy.

For any privacy question or to exercise your rights, contact us at support@unfair.racing. You can use the same address for account or data-deletion requests.

What this policy covers

This policy applies to all of the Unfair Racing products:

  • The Unfair Racing desktop app for Windows — a native application that runs and stores your telemetry locally.
  • The Unfair Racing companion app for iOS — the trackside phone app.
  • The Unfair Racing companion app for Android — the trackside phone app.
  • This marketing website at unfair.racing.

Local-first by design

The desktop app is local-first. Raw telemetry, lap data, setup snapshots, change-log entries, and your per-driver coaching history are stored on your own machine in a local database. This data is not uploaded to our servers unless you explicitly turn on a feature that needs it — for example cross-device sync or an opt-in data pool.

When data does sync to the cloud, it is sent over an encrypted HTTPS connection to our backend and tied to your account, so that only you (and team members you authorise) can read it.

What data we collect

Depending on which features you use, we may collect the following categories of data:

  • Account data — your email address and a unique user ID. If you choose a password instead of a magic link, we store a securely hashed version of it, never the plain text.
  • Driver profile data — information you enter about a driver, such as name or nickname, year of birth or age, height, weight, experience level, home track, and class. A profile may describe a young driver entered by a parent or guardian (see "Children and young drivers").
  • Racing content you create — setups, change-log entries, session notes, and telemetry. On the desktop app this stays local unless you enable sync.
  • Trackside observations from the mobile apps — tire-pressure readings and competitor lap times you record on your phone, plus any notes you add.
  • Subscription and billing data — your plan tier, subscription status, and the customer and subscription identifiers from our payment processor. We never receive or store your full card number.
  • Anti-abuse data — to enforce the one-trial-per-device rule, we store a one-way hashed fingerprint of a paired hardware device. The original hardware identifier never leaves your machine; we only ever see the irreversible hash.
  • Crash and error diagnostics — we use Sentry to collect crash reports, error messages, and basic technical context (such as app version, device or browser type, and operating system) so we can find and fix bugs.
  • Optional shared data pools — if you opt in, we collect anonymised, aggregate racing signals (for weather, elevation, optimal-line, and driver-comparison features). These contributions are pseudonymised and strictly exclude your identity (see "Who we share data with").
  • Product analytics and session replay — across our apps and this website we use PostHog to understand how features are used and to reproduce problems. This includes usage events (such as which screens and features you open), app or browser and device information, an analytics identifier (stored in a cookie or local storage on the website), your IP address (used for coarse location and then discarded or truncated), and session replays that record how you interact with the screens. We enable PostHog's masking so the content of sensitive fields, such as passwords, is not captured. Where you are signed in, this activity can be linked to your account.
  • Marketing and waitlist data — if you join our waitlist or sign up for product updates, we collect your email address (and any name or details you choose to give) so we can contact you. You provide this by opting in, and you can unsubscribe at any time.

The mobile companion apps (iOS and Android)

The Unfair Racing companion apps require an existing Unfair Racing account and exist to log data at the track and sync it to your account. They collect only:

  • Your email address and user ID, used to sign you in and link your data to your account.
  • Tire-pressure observations you record.
  • Competitor lap times you record, including the kart number you assign and any notes.
  • Crash and error diagnostics via Sentry — app version, device type, and error details that help us fix bugs.
  • Usage analytics and session replays via PostHog — how you move through the app and which features you use, so we can improve it.

Your account and trackside data is sent to our own backend over an encrypted HTTPS connection; analytics and diagnostics go to PostHog (hosted in the EU) and Sentry. The companion apps do not collect your location, contacts, photos, health or fitness data, or financial information, and they contain no advertising SDKs. They do not use Bluetooth, the local network, or any device peripherals.

You can request deletion of this data at any time (see "Deleting your account and data").

How we use your data

We use the data above only for the following purposes:

  • To provide and operate the apps and your account.
  • To authenticate you and keep your account secure.
  • To sync your data across your devices when you enable sync.
  • To generate the coaching, analysis, and debrief features you ask for.
  • To process subscriptions, trials, and payments.
  • To prevent abuse of free trials and protect the integrity of the service.
  • To diagnose crashes and errors, and to analyse how features are used through analytics and session replay, so we can improve the product.
  • To run our waitlist and send you the early-access updates and marketing emails you opted in to.
  • To comply with our legal obligations and respond to your requests.

AI coaching and processing

Some coaching features use a large-language-model service hosted on Microsoft Azure OpenAI. When you use these features, we send a redacted, aggregated digest of your session — not your raw telemetry stream and not your personal identity — so the model can generate feedback.

Your data is not used to train third-party AI models. The AI provider processes the request on our behalf under its enterprise data-protection terms and does not retain the content for its own purposes.

Cookies and consent

On our website we use cookies and similar storage. Some are strictly necessary to make the site work; others — including the PostHog analytics and session-replay storage described above — are optional and load only with your consent.

  • Strictly necessary — required for the site to function and to remember your consent choice. These do not need consent.
  • Analytics and session replay — set by PostHog to measure how the site is used and to reproduce issues. These load only if you accept them.

We manage consent through our own cookie banner (built on the open-source CookieConsent library and hosted by us, not a third-party manager). It records your choice, keeps non-essential tags — including analytics and session replay — switched off until you allow them, and supports Google Consent Mode v2 for any Google tags. You can change or withdraw your consent at any time through the "Cookie settings" link in the site footer.

Legal bases for processing (GDPR)

Where the EU/EEA General Data Protection Regulation applies, we rely on the following legal bases:

  • Performance of a contract — to provide the account, app, and subscription you signed up for.
  • Consent — for optional features such as data pools, analytics and session replay, marketing emails and our waitlist, and storing data about a young driver. Where consent is the basis (including non-essential cookies on the website), you can withdraw it at any time.
  • Legitimate interests — to keep the service secure, prevent trial abuse, and improve reliability, balanced against your rights.
  • Legal obligation — to meet accounting, tax, and other legal requirements.

Children and young drivers

Our apps are not directed to children, and we do not knowingly let children create their own accounts. Account holders must be adults, or otherwise have the legal capacity to enter into these terms.

Karting involves young drivers. Where a driver profile describes a minor, it is created and managed by a consenting parent, guardian, or coach who holds the account. When such a profile is stored in the cloud, we record a consent stamp identifying the adult who authorised it.

If you are a parent or guardian and want to review, correct, or delete a young driver's data, or withdraw your consent, contact us at support@unfair.racing and we will act on it.

Who we share data with

We do not sell your personal data and we do not share it for advertising. We do use a small set of trusted service providers ("sub-processors") who process data on our behalf, under contract, only to run the service:

  • Convex — our cloud backend and database, which stores synced account and racing data.
  • Better Auth — the authentication system that manages sign-in and your account credentials.
  • Resend — sends transactional email such as sign-in links, verification, and trial reminders.
  • Stripe — processes subscription payments made through the desktop app and stores billing details.
  • Microsoft Azure OpenAI — runs the AI coaching model on the redacted digests described above.
  • Sentry — receives crash reports and error diagnostics so we can find and fix bugs.
  • Weather data providers — receive track coordinates, not your identity, to return forecasts.
  • Cloudflare — hosts our downloads and provides content delivery and anti-bot protection for the website.
  • Apple and Google — distribute the mobile apps through their app stores; if you ever buy a subscription through an app store, that store processes the payment under its own terms.
  • PostHog — product analytics and session replay across our apps and website, hosted on PostHog's EU Cloud (data stored in the European Union).
  • Loops — our email platform for the waitlist and marketing campaigns; it stores the contact details of people who opt in and sends those emails on our behalf.

We may also disclose data if required by law, to protect our rights, or as part of a business transfer — in which case we will tell you.

International data transfers

Some of our sub-processors are based outside Norway and the EEA, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or an equivalent mechanism to protect it.

How long we keep data

We keep personal data only as long as we need it:

  • Account and profile data — for as long as your account is active, and for a short period afterwards, then deleted.
  • Trackside observations and synced racing data — until you delete them or close your account.
  • Billing records — for as long as required by accounting and tax law.
  • Opt-in pooled contributions — irreversibly anonymised and unable to be linked back to you, so retained in aggregate form.
  • Waitlist and marketing-email data — until you unsubscribe or ask us to remove you.

How we protect your data

We protect your data with encryption in transit (HTTPS/TLS), access controls that tie every record to its owner, one-way hashing of sensitive identifiers, and a local-first design that keeps most data off our servers entirely.

No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant authority if a breach ever affects you.

Your privacy rights

Under the GDPR and similar laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (the "right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent you previously gave, at any time.
  • Lodge a complaint with a data-protection authority.

To exercise any of these rights, email support@unfair.racing. If you are in Norway or the EEA and believe we have mishandled your data, you can also complain to the Norwegian Data Protection Authority (Datatilsynet) or your local authority.

If you are a California resident, you have the right to know what personal information we collect, to request its deletion, and not to be discriminated against for exercising your rights. We do not sell or share your personal information as those terms are defined under California law.

Deleting your account and data

You can delete your account and the personal data associated with it at any time. You can do this from within the Unfair Racing app, or by emailing support@unfair.racing from the address on your account.

When you delete your account, we remove your account data, driver profiles, and synced racing data — including the tire-pressure and competitor-lap observations from the mobile apps — from our active systems. We complete deletion requests within 30 days. Irreversibly anonymised aggregate data and records we must keep by law are the only exceptions.

Local data stored only on your own device is removed when you uninstall the app or clear its data.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email. Continuing to use Unfair Racing after a change means you accept the updated policy.

Contact us

Mikalsen AI AS (organisation number 932 254 026), Norway. For any privacy question or request, email support@unfair.racing. EEA users may also contact the Norwegian Data Protection Authority (Datatilsynet).