Last updated: March 27, 2026
Important: This Privacy Policy explains how RaceTagger collects, uses, and protects your information when you use our AI-powered race photography analysis service, including our website, desktop application, and related services.
RaceTagger ("we," "our," or "us") is an AI-powered race photography analysis service operated by Federico Pasinetti, based in Italy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at racetagger.cloud, our desktop application for Windows and macOS, and any related services (collectively, the "Service").
We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Italian data protection laws (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).
Data Controller: Federico Pasinetti, operating as RaceTagger. Contact: privacy@racetagger.cloud
When you register for our Service, we collect:
When you purchase token packages, we collect billing information through our payment processor, Stripe, Inc. We do not store credit card numbers or full payment details on our servers. We retain:
Our core service processes your photographs for race number detection and participant identification. When you use our analysis features:
For supported sport categories (currently IMSA WeatherTech), our Service includes an optional face recognition feature that identifies drivers from facial features in photographs. Under GDPR Article 9, facial recognition data constitutes special category (biometric) data and requires explicit consent for processing.
Face recognition is performed using on-device ONNX models and does not transmit biometric data to external servers. You can disable this feature per-analysis in the desktop app settings. Facial feature vectors are not stored persistently; they are computed at analysis time and discarded after matching.
Our desktop application collects the following technical data to improve performance and diagnose issues:
You can disable non-essential telemetry in the desktop app settings. Error reporting that is essential for service stability cannot be fully disabled but is always sanitized.
Our website uses the following analytics and tracking technologies, subject to your consent:
These technologies are loaded only after you provide consent through our cookie banner. You can change your preferences at any time via the cookie settings on our website.
If you subscribe to our newsletter or marketing communications, we collect:
We process your personal data on the following legal bases:
| Processing Activity | Legal Basis | GDPR Article | Your Control |
|---|---|---|---|
| Account creation & authentication | Contract performance | Art. 6(1)(b) | Account deletion |
| Image analysis & race number detection | Contract performance | Art. 6(1)(b) | Per-execution |
| Payment processing & invoicing | Contract + Legal obligation | Art. 6(1)(b)(c) | N/A (required) |
| Face recognition (biometric) | Explicit consent | Art. 9(2)(a) | Opt-in per analysis |
| AI model training with your images | Consent | Art. 6(1)(a) | Opt-out in settings |
| Desktop app telemetry | Legitimate interest | Art. 6(1)(f) | Settings toggle |
| Error reporting (sanitized) | Legitimate interest | Art. 6(1)(f) | Partially configurable |
| Website analytics (GA4, Clarity) | Consent | Art. 6(1)(a) | Cookie banner |
| Advertising tracking (Meta Pixel) | Consent | Art. 6(1)(a) | Cookie banner |
| Marketing emails & newsletters | Consent | Art. 6(1)(a) | Unsubscribe link |
| Tax compliance & financial records | Legal obligation | Art. 6(1)(c) | N/A (required) |
We use your data to provide, maintain, and improve the Service, including: analyzing your photographs using AI models, matching detected race numbers to participant databases, generating analysis results and visual tags, managing your token balance and purchase history, and delivering email notifications about your analysis results.
With your consent, we may use anonymized analysis data and image crops to train and improve our AI models for race number detection, scene classification, and related features. This processing is governed by the training consent toggle in your account settings. You may withdraw consent at any time, and we will cease using your data for training purposes going forward.
We monitor for abusive use of our Service, including device fingerprinting for rate limiting and fraud prevention. This processing is based on our legitimate interest in maintaining service integrity and protecting our users.
We do not sell, rent, or trade your personal data. We share data with the following categories of processors, each bound by data processing agreements:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase (PostgreSQL) | Database, Auth, Storage | Account data, analysis results | EU (Frankfurt) |
| Google Vertex AI | AI image analysis (Gemini) | Image crops, prompts | EU (Netherlands) |
| Stripe, Inc. | Payment processing, Tax | Billing info, transactions | US (SCCs) |
| Brevo (Sendinblue) | Email marketing & transactional | Email, preferences | EU (France) |
| Cloudflare (R2) | Image storage (galleries) | Gallery images | EU |
| Vercel, Inc. | Website hosting | IP, request logs | US (SCCs) |
| Google Analytics | Website analytics | Anonymized usage data | US (SCCs) |
| Microsoft Clarity | UX analytics | Session recordings | US (SCCs) |
| Meta Platforms | Ad conversion tracking | Sanitized events | US (SCCs) |
Where data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or the data processor's adherence to an adequate level of protection as determined by the Commission. You may request a copy of the applicable safeguards by contacting us.
We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of RaceTagger, our users, or the public.
We retain your data for the following periods:
As a data subject, you have the following rights under GDPR. You may exercise these rights by contacting us at privacy@racetagger.cloud or through your account settings where applicable:
You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data. We will respond to your request within 30 days.
You may request correction of inaccurate personal data or completion of incomplete data. You can update your email and profile information directly in your account settings.
You may request deletion of your personal data. Upon receiving a valid erasure request, we will delete your account and associated data within 30 days, except where retention is required by law (e.g., tax records). Account deletion can be initiated through your account settings or by contacting us.
You may request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of contested data or assess whether our legitimate interests override your rights.
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV). This includes your account information, analysis results, and execution history. You can export your data through your account settings.
You may object to processing based on legitimate interests (such as telemetry collection). We will cease processing unless we demonstrate compelling legitimate grounds. You may also object to direct marketing at any time, and we will comply without exception.
Where processing is based on consent (analytics cookies, marketing emails, AI training), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it, or with the supervisory authority in your EU Member State of residence.
These cookies are strictly necessary for the operation of our website and cannot be disabled:
These cookies help us understand how visitors interact with our website:
You can manage your cookie preferences at any time through the cookie settings banner on our website. You may also configure your browser to block or delete cookies, although this may affect website functionality.
The desktop application stores the following data locally on your device:
The desktop application communicates with our servers for the following purposes:
When using local ONNX models for analysis, the desktop app can function partially offline. However, token authorization, result storage, and certain features require an active internet connection.
Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
We implement appropriate technical and organizational measures to protect your personal data, including:
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
For any questions, concerns, or requests regarding this Privacy Policy or our data practices:
Privacy inquiries: privacy@racetagger.cloud
General inquiries: info@racetagger.cloud
Legal matters: legal@racetagger.cloud
Abuse reports: abuse@racetagger.cloud
Data Controller: Federico Pasinetti
Website: https://racetagger.cloud
This Privacy Policy is effective as of March 27, 2026.