Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us, including:

• Account Information: Name, email address, phone number, track name, and business details
• Customer Data: Information about your track's customers including names, contact information, waiver signatures, and participation records
• Payment Information: Credit card details and billing information processed through secure third-party payment processors
• Communications: Messages you send us, support tickets, and feedback

1.2 Automatically Collected Information

When you use KartDesk, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Access times, error logs, and system activity
• Cookies: Session cookies and preference cookies to enhance your experience

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send transaction confirmations
• Send administrative information, updates, and security alerts
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms
• Send marketing communications (with your consent)

3. Information Sharing and Disclosure

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Payment processors for transaction processing
• Cloud hosting providers for data storage and infrastructure
• Email service providers for communications
• Analytics providers for usage analysis
• Customer support tools

3.2 Legal Requirements

We may disclose information if required by law or in response to:

• Legal processes, court orders, or government requests
• Compliance with applicable laws and regulations
• Protection of our rights, property, or safety
• Investigation of fraud or security issues

3.3 Business Transfers

If KartDesk is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.4 With Your Consent

We may share information with third parties when you give us explicit consent to do so.

4. Data Security

We implement industry-standard security measures to protect your information:

• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• PCI DSS Level 1 compliance for payment processing
• SOC 2 Type II certification
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Employee security training and confidentiality agreements

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., tax, accounting, waiver retention)
• Resolve disputes and enforce agreements
• Maintain business records

Customer waiver data is retained for a minimum of 7 years to comply with liability requirements. Transaction records are kept for accounting and tax purposes as required by law.

6. Your Rights and Choices

6.1 Access and Correction

You have the right to access and update your account information at any time through your account settings or by contacting us.

6.2 Data Portability

You can export your data in standard formats (CSV, JSON) through the platform or by requesting a data export from our support team.

6.3 Deletion

You may request deletion of your account and associated data, subject to legal retention requirements. Some information may be retained in backup systems for a limited time.

6.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link or by updating your communication preferences in your account settings.

6.5 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

7. Children's Privacy

KartDesk is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

While track customers may include minors, the KartDesk platform itself is intended for use by track operators and staff who are 18 years or older.

8. International Data Transfers

Your information may be transferred to and maintained on servers located outside your state, province, country, or other governmental jurisdiction where data protection laws may differ.

If you are located outside the United States and choose to provide information to us, we transfer your data to the United States and process it there. By using our services, you consent to this transfer.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to request deletion of personal information
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@kartdesk.com.

10. GDPR Compliance

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your data includes: contract performance, legal obligations, legitimate interests, and consent where required.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)
• Displaying a notice in the platform

Your continued use of KartDesk after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices: