Who we are
Data Racing is an online game that turns open data and market data into playable racing terrain. This policy explains how the Data Racing team collects, uses, stores, and protects personal data when you use our website, game, accounts, wallets, digital items, and related services.
If a formal operating company is created or changed, this policy will be updated with that entity name. Until then, references to Data Racing, we, us, or our mean the Data Racing project team operating the service.
Data we collect
Account and login data: wallet address (the primary entry point — every account is rooted in a wallet), optional linked identities (Farcaster ID, Telegram ID, email) if you connect them to the same account, username, display name, avatar, locale, authentication provider, session identifiers, and refresh-token records.
Pre-launch waitlist data: if you submit your email on the landing page before launch, we store the email address, the locale of the page at submit time, a salted one-way hash of your IP address (we never store raw IPs), a length-capped User-Agent string, and an optional referral code from the link you arrived through. We use it only to send you launch-related updates and to rate-limit signups. You can request deletion at privacy@datarace.club.
Security and rate-limit data: hashed IP-derived identifiers, coarse browser headers such as User-Agent, Accept-Language, and Sec-CH-UA, auth nonces, failed request counts, and session integrity signals. We do not store raw IP addresses in long-term databases.
Gameplay data: race metadata, selected track, result, leaderboard entries, replay digest, and limited gameplay input events needed for anti-cheat and leaderboard integrity. We do not record raw keyboard text.
Purchase and blockchain data: wallet address, transaction hash, network, item purchased, payment status, and accounting records. Blockchain transactions are public and may remain visible outside our control.
Sanctions screening data: to meet sanctions and anti-money-laundering obligations we screen payer wallet addresses against sanctions lists (including an on-chain sanctions oracle) and, where enabled, a third-party screening provider, and we keep the screening result with the payment record. We use this only for legal compliance, not for advertising or profiling unrelated to that purpose.
Preference and device data: language preference, cookie choices, equipped bike or texture, and coarse device tier when needed for reliability. We do not store precise geolocation, advertising IDs, WebGL/GPU fingerprints, battery readings, or cross-site tracking identifiers.
Support data: messages you send to us, contact details you provide, and records needed to resolve your request.
Why we use data
We use personal data to create and secure accounts, authenticate wallet or Farcaster sign-ins, operate gameplay, maintain leaderboards, process digital purchases, prevent abuse, rate-limit traffic, detect cheating, remember language and UI preferences, provide support, comply with law, and keep the service reliable.
We do not sell personal data. We do not use personal data for third-party advertising. We do not use gameplay or wallet activity to provide investment advice, credit decisions, insurance decisions, employment decisions, or similarly significant automated decisions.
Legal bases for processing
For users in the EEA, UK, and similar jurisdictions, we rely on contract where processing is needed to provide the game, account, purchases, and digital items; legitimate interests for security, rate limiting, anti-cheat, fraud prevention, service reliability, and abuse prevention; legal obligation for accounting, tax, sanctions, and dispute records; and consent where we ever use optional cookies or optional features that legally require consent.
You may withdraw consent for optional cookies or optional preference processing at any time in Cookie Settings. Withdrawal does not affect processing that occurred before withdrawal or processing we need for contract, security, legal compliance, or legitimate interests.
Cookies and storage
We use strictly necessary cookies and browser storage for login, security, consent choices, and service operation. We may use optional preference storage to remember language and display choices if you allow it.
We do not currently use advertising cookies, third-party tracking pixels, or behavioral advertising cookies. If that changes, we will ask for consent before loading them where required.
Sharing
We share data only with service providers that help us host, secure, process payments, screen transactions for sanctions and anti-money-laundering compliance, deliver email, provide support, or operate infrastructure. They may use data only for our instructions and must protect it appropriately.
Wallet addresses and blockchain transactions may be visible on public blockchains and to RPC providers or indexers. Where sanctions/AML screening is enabled, we share the payer wallet address with a specialised screening provider strictly to meet our legal compliance obligations. We may disclose information if required by law, to enforce our terms, protect users, respond to lawful requests, or investigate abuse.
Retention
We keep account data until account deletion or as long as needed to provide the service. Sessions are kept for up to 30 days after expiry. Gameplay input logs and replay data are generally kept for up to 90 days. Race metadata may be kept for leaderboard integrity for up to 365 days before aggregation or anonymization. Payment and accounting records may be kept for up to 7 years where required.
Security logs are generally kept for up to 30 days unless a longer period is needed to investigate abuse, fraud, security incidents, disputes, or legal obligations.
Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or export your personal data, and to withdraw consent. California residents may also request information about categories of personal information collected, disclosed, sold, or shared. We do not sell or share personal information as those terms are commonly used for cross-context behavioral advertising.
To exercise rights, contact us at privacy@datarace.club. Account deletion can also be self-served at any time from Settings → Danger zone; deletion is immediate and requires a wallet signature. Some records (anonymized payment records, the minimal deletion audit log, and on-chain transactions, which we cannot remove) may be retained where required for legal, tax, security, fraud-prevention, or dispute reasons.
Children and age
Data Racing is not intended for children. You must be at least 18 years old, or the age of majority in your jurisdiction if higher, to create an account, connect a wallet, make purchases, or use blockchain-related features.
We do not knowingly collect personal data from children under 13. If you believe a child provided personal data, contact privacy@datarace.club and we will take appropriate action.
Security and international transfers
We use technical and organizational measures designed to protect personal data, including hashed identifiers where possible, limited retention, access controls, and encryption in transit. No online service can guarantee absolute security.
We may process data in countries other than your own. Where required, we use appropriate safeguards such as contractual protections, access controls, encryption, and vendor due diligence.
Changes and contact
We may update this policy as the product, law, or infrastructure changes. Material changes will be posted on this page and, where appropriate, surfaced during login or purchase.
Questions or rights requests: privacy@datarace.club. General contact: hi@datarace.club.