User's blog

Privacy Policy

Privacy Policy

Version 1.0 — Effective Date: 9 February 2026 — Last Reviewed: 9 February 2026

This Privacy Policy describes how Pit² Technology Pty Ltd (“Operator”, “we”, “us”, “our”) collects, uses, stores, and protects your personal information when you use the PodiumEDI platform (“Platform”). This policy complies with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the European Union General Data Protection Regulation (GDPR) where applicable.

1. Identity of Data Controller

The data controller responsible for your personal data is:

Pit² Technology Pty Ltd
Email: P2Padmin@eacsystems.com.au

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Data

  • Username (chosen by you)
  • Email address (required for registration and communication)
  • Display name
  • Phone number (optional, provided at your discretion)
  • Organisation or team name (optional, provided at your discretion)
  • Account role and status

2.2 Authentication Data

  • Password: stored only as a one-way cryptographic hash using industry-standard algorithms. Your plaintext password is never stored, logged, or accessible to any person including administrators.
  • One-time verification codes (OTP): generated during email verification, valid for 15 minutes, stored as hashed values, automatically expired and cleared.

2.3 Telemetry Data

  • Motorcycle performance data from DataLogger devices (.DAT files), including but not limited to: suspension travel (fork and shock), wheel speed (front and rear), throttle position, brake pressure, engine RPM, gear position, and other sensor channels recorded by the logger.
  • This data is uploaded by you and processed for the sole purpose of telemetry analysis within the Platform.

2.4 GPS and Location Data

Important: The Platform processes GPS/location data, which is classified as sensitive personal data under GDPR. This data is explicitly collected and processed as follows:

  • Latitude, longitude, speed, heading, and altitude derived from on-bike GPS or GNSS/RTK receivers.
  • Track position data used for lap timing, sector analysis, brake/acceleration zone mapping, and track map rendering.
  • This data relates to motorcycle positioning on race circuits during track sessions only.
  • GPS data is not used for tracking your personal movements, location history, or any purpose outside of racing telemetry analysis.
  • GPS data is stored locally on the Platform server and is never transmitted to third parties.

2.5 Usage Data

  • Login timestamps and last-login records.
  • Feature usage metrics (pages visited, features used) for platform improvement.
  • Help Center chat conversations (questions you ask the AI assistant within the help system).

2.6 AI Interaction Data

  • Queries you submit to the AI Assistant and the responses generated.
  • AI interpretation requests and results for suspension analysis, setup recommendations, and telemetry review.
  • This data is sent to OpenAI’s API for processing (see Section 7 — Third-Party Processors).

2.7 Session Configuration Data

  • Motorcycle setup profiles (spring rates, damping settings, geometry, mass, drivetrain ratios).
  • Tyre selection and condition data.
  • Suspension analysis parameters and results.

3. Lawful Basis for Processing

Under GDPR Article 6, we process your personal data on the following lawful bases:

  • Consent (Article 6(1)(a)): You provide explicit consent by ticking the Privacy Policy acceptance checkbox during registration. Consent for update notifications is separate and optional.
  • Performance of contract (Article 6(1)(b)): Processing is necessary to provide you with the Platform service you have registered for.
  • Legitimate interest (Article 6(1)(f)): Processing is necessary for the Operator’s legitimate interests in platform security, fraud prevention, service improvement, and technical support, provided these interests are not overridden by your fundamental rights.

4. Purpose of Processing

Data Category Purpose
Account data Account creation, authentication, communication, platform administration
Authentication data Secure login, account recovery, email verification
Telemetry data Setup & Analysis, velocity analysis, kinematics, report generation
GPS/location data Track mapping, lap timing, sector analysis, brake/acceleration zone identification
Usage data Platform improvement, help content quality, support
AI interaction data Generating analysis interpretations, setup recommendations, coaching insights
Session configuration Motorcycle setup management, cross-session inheritance, report generation

5. Data Storage and Security

  • All data is stored on locally-hosted servers managed by the Operator. The Platform is not hosted on public cloud infrastructure (such as AWS, Azure, or Google Cloud).
  • Servers are protected by hardware and software firewalls, virtual private network (VPN) access controls, and restricted physical access.
  • Data in transit between your browser and the server is encrypted using TLS (Transport Layer Security).
  • Passwords are hashed using Werkzeug’s PBKDF2-SHA256 implementation with random salts. Plaintext passwords are never stored.
  • Backups are performed regularly and stored on secured network-attached storage behind the same firewall and VPN infrastructure.
  • Security is provided on a best-efforts basis. No computer system can guarantee absolute security against all threats. The Operator takes reasonable technical and organisational measures to protect your data but cannot warrant that the Platform is immune to all security threats, including but not limited to zero-day vulnerabilities, sophisticated persistent threats, or social engineering attacks.

6. Data We Do Not Collect

  • We do not use advertising networks, analytics tracking services, or marketing platforms.
  • We do not use third-party cookies or tracking technologies. The Platform uses session cookies for authentication only.
  • We do not sell, rent, trade, or otherwise share your personal data with any third party for marketing or advertising purposes.
  • We do not collect biometric data, health data, or financial data.

7. Third-Party Data Processors

The Platform uses the following third-party service for specific features:

Processor Purpose Data Shared Basis
OpenAI (via API) AI interpretation, chat, setup recommendations Telemetry summaries and user queries, sent per-request only when you initiate an AI feature Performance of contract + consent
  • Data is sent to OpenAI only when you actively use AI-powered features (AI Assistant, Interpretation tab, Help Center chat).
  • OpenAI processes data under its own data processing agreement. The Operator does not store copies of OpenAI’s responses beyond the session context.
  • OpenAI API calls may be routed through servers located in the United States. This constitutes an international data transfer (see Section 10).
  • No other third-party processors are used. There are no advertising networks, analytics services, or data brokers.

8. Data Retention Policy

8.1 Active Accounts

While your account is active, all data associated with your account (telemetry files, setup profiles, GPS data, chat history, notes, reports) is retained on the Platform server for as long as you maintain your account.

8.2 Deleted Accounts

  • When you request account deletion (via your Profile page or by contacting the administrator), your account status is set to “deleted” and you will no longer be able to log in.
  • Your data is retained for a period of 3 months (90 days) from the date of deletion.
  • After the 3-month retention period, all personal data, telemetry files, session configurations, GPS data, chat history, notes, and reports associated with your account are permanently and irreversibly purged from the server and all backups.
  • The 3-month retention period exists for the following legitimate purposes:
    • Backup integrity: ensuring consistent backup sets during the retention window.
    • Dispute resolution: preserving evidence in case of a dispute arising from your use of the Platform.
    • Legal compliance: meeting any applicable legal obligation to retain records.
    • Account recovery: allowing restoration if the deletion was accidental or you change your mind within the retention window.

8.3 AI Chat Logs

Help Center chat messages are retained for the purpose of improving help content quality. After account deletion, chat logs are anonymised (your username and email are removed) and retained in anonymised form only.

9. Your Rights

Under the GDPR (Articles 15-22) and the Australian Privacy Principles (APPs 12-13), you have the following rights:

  • Right of access (GDPR Art. 15 / APP 12): You may request a copy of all personal data we hold about you.
  • Right to rectification (GDPR Art. 16 / APP 13): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure / right to be forgotten (GDPR Art. 17): You may request deletion of your personal data, subject to the 3-month retention period described above.
  • Right to data portability (GDPR Art. 20): You may request an export of your data in its original format (e.g. .DAT files, JSON configuration files).
  • Right to restrict processing (GDPR Art. 18): You may request that we limit how your data is processed while a concern is being resolved.
  • Right to object (GDPR Art. 21): You may object to processing based on legitimate interest.
  • Right to withdraw consent (GDPR Art. 7(3)): You may withdraw your consent at any time without affecting the lawfulness of processing that occurred before withdrawal.

To exercise any of these rights, contact the administrator via email at P2Padmin@eacsystems.com.au or use the relevant features on your Profile page within the Platform.

10. International Data Transfers

  • Your data is primarily stored on locally-hosted servers in Australia. There is no routine international transfer of your data.
  • When you use AI-powered features, data is sent to OpenAI’s API, which may process requests on servers located in the United States. This transfer is necessary for the performance of the service and is covered by OpenAI’s data processing terms.
  • No other international data transfers occur.

11. Children

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has created an account, we will take steps to delete the account and associated data.

12. Cookies and Tracking

  • The Platform uses session cookies for authentication and session management only.
  • No third-party cookies are used.
  • No tracking cookies, analytics cookies, advertising cookies, or fingerprinting technologies are used.
  • You can manage cookies through your browser settings. Disabling session cookies will prevent you from logging in.

13. Data Breach Notification

  • In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, the Operator will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
  • If the breach is likely to result in a high risk to your rights and freedoms, the Operator will also notify you directly without undue delay, in accordance with GDPR Article 34.
  • Under Australian law, the Operator will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches.

14. GPS/Telemetry Data Addendum

Given the sensitive nature of GPS and telemetry data, the following additional disclosures apply:

  • GPS coordinates (latitude, longitude), speed data, acceleration data, and lean angle data are processed by the Platform for the sole purpose of motorcycle racing performance analysis.
  • GPS data is used to generate track maps, identify brake and acceleration zones, calculate lap and sector times, and provide position-based analysis overlays.
  • This data is not used to track your personal location, movements, or whereabouts outside of the racing/track context.
  • GPS data is not shared with any third party (including law enforcement) unless required by a valid legal order.
  • You may delete all your telemetry and GPS data at any time by requesting account deletion or by individually removing session files through the Platform interface.

15. Changes to This Policy

  • The Operator reserves the right to update this Privacy Policy at any time.
  • Material changes will be communicated to you by email (if you have opted in to notifications) and you will be prompted to review and re-accept the updated policy on your next login.
  • The “Last Reviewed” date at the top of this document indicates when the policy was last reviewed. The Operator commits to reviewing this policy at least every 3 months.
  • If you do not agree to an updated policy, you may request account deletion.

16. Complaints

If you believe your privacy rights have been breached, you may lodge a complaint with:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
  • European Union: Your local data protection supervisory authority under GDPR.
  • United Kingdom: Information Commissioner’s Office (ICO) — ico.org.uk

We encourage you to contact us first at P2Padmin@eacsystems.com.au so we can attempt to resolve your concern directly.

17. Contact

For privacy inquiries, data access requests, or questions about this policy, contact:

Pit² Technology Pty Ltd
Email: P2Padmin@eacsystems.com.au

Document version: 1.0 — Pit² Technology Pty Ltd. All rights reserved.

Home   ·   Terms of Use   ·   Privacy Policy