Effective November 11, 2025

TrackMetra Privacy Policy

Signalhauz built TrackMetra so drivers own their telemetry and benefit from community insights without surrendering control. This privacy policy explains how we protect that promise, the choices you have, and how we comply with the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act, as amended by the CPRA ("CCPA").

1. Who we are & scope

Signalhauz LLC ("Signalhauz," "we," "our," or "us") operates the TrackMetra driver coaching platform, the signalhauz.com website, and related preview programs (collectively, the "Services"). We are the data controller/business for personal data collected through the Services unless we tell enterprise customers in writing that we are acting as their processor/service provider. This policy covers data we collect online, in app, through connected hardware, and via community programs.

2. Data we collect

We minimize collection to what is needed to deliver high-fidelity telemetry experiences. You always retain ownership of your raw telemetry and community contributions.

  • Account & contact details: name, display name, email addresses, password hashes, authentication tokens, and team/coach affiliations.
  • Telemetry & vehicle signals: GPS traces, CAN bus values (speed, throttle, braking, steering), inertial data, environmental readings, lap timing splits, and optional safety inputs like tire temps or biometrics when you connect supported sensors.
  • Session media: video overlays, audio notes, chat with coaches, shared annotations, and generated insights derived from your telemetry.
  • Community content: presets, setup sheets, forum posts, feedback, and waveform art you upload to the Knowledge Vault or Build Lab.
  • Device & usage data: app logs, crash reports, browser type, preferred language, IP-derived coarse location, and cookie identifiers. We do not collect fine location from your browser; only the TrackMetra recorder hardware/app captures precise GPS you authorize.
  • Support & compliance data: identity verification documents, consent records, and communications with our team.

3. Why we use data

We rely on different legal bases depending on the activity. The most common are contract performance (Article 6(1)(b) GDPR), legitimate interests balanced against your rights (Article 6(1)(f) GDPR), legal obligations (Article 6(1)(c) GDPR), and consent where required.

  • Delivering the platform: create accounts, process lap data, provide comparisons, sync hardware, and maintain cloud workspaces.
  • Safety & integrity: detect anomalies, flag risky maneuvers, prevent fraud, and secure the infrastructure.
  • R&D and product insights: anonymize telemetry to improve cues, train heuristics, and benchmark circuits without tying the results back to identifiable drivers unless you opt in.
  • Community moments: showcase presets, publish data stories, or host livestreams when you choose to share content publicly.
  • Communication: send service updates, respond to support requests, and—if you opt in—share marketing or community announcements. You can unsubscribe anytime.
  • Compliance: keep audit logs, honor legal requests, and enforce agreements.

4. User ownership & controls

You own the telemetry, media, and community content you contribute. By uploading it, you grant Signalhauz a limited license to host, process, and share it with collaborators per your settings. You can download any session, retract shared laps, or delete entire data sets. If you join a team account, your organization may control access but Signalhauz never sells telemetry to third parties.

5. Sharing & disclosures

  • Service providers: managed cloud, storage, authentication, analytics, and payment processors bound by data processing agreements.
  • Coaches, teams, and community members: only when you invite them into a workspace or publish content.
  • Hardware & integration partners: limited data required to pair your approved devices or verify firmware status.
  • Legal and safety: regulators or law enforcement when legally compelled, or to protect life, property, or our rights.
  • Corporate transactions: if we merge or sell our assets, we will ensure the successor honors this policy.

We do not "sell" or "share" (as defined by the CCPA/CPRA) personal information for cross-context behavioral advertising, and we do not use or disclose sensitive personal information beyond the services you request.

6. California privacy rights

California residents can exercise these rights without discrimination:

  • Right to know, access, and obtain a portable copy of the personal information collected, used, or disclosed in the past 12 months.
  • Right to delete personal information, subject to legal or safety exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of any sale or sharing of personal information and to limit the use of sensitive personal information.
  • Right to opt out of automated decision-making or profiling if we deploy such features; today TrackMetra only provides driver-facing cues and reviewers remain in the loop.

Submit requests at privacy@signalhauz.com, via the in-app privacy console, or by calling +1 (737) 471-9664. We will verify your identity (or your authorized agent) before fulfilling a request and respond within 45 days, with one possible extension. We honor browser-based Global Privacy Control signals for Do Not Sell/Share preferences.

7. GDPR & UK privacy rights

If you are in the European Economic Area or United Kingdom, you can:

  • Access, rectify, or erase your personal data.
  • Restrict or object to certain processing, including profiling.
  • Receive your data in a portable format.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with your supervisory authority.

Signalhauz LLC is the controller. We are appointing an EU/UK representative; until then, contact privacy@signalhauz.com and we will route your request. International transfers rely on Standard Contractual Clauses and complementary safeguards, including encryption in transit and at rest.

8. Data hygiene & security

  • Encryption in transit (TLS 1.3+) and at rest (AES-256) for all telemetry, video, and account data.
  • Least-privilege access, hardware security keys for admins, and quarterly access reviews.
  • Environment segmentation: raw telemetry buckets are isolated from identity services, with separate encryption keys.
  • Automated log scrubbing to remove driver identifiers and detect anomalies before retention.
  • Vendor diligence, incident response runbooks, and annual audits.

9. Retention & deletion

TrackMetra keeps personal data only as long as needed:

  • Account credentials and consent records: life of the account plus 3 years.
  • Raw telemetry, aligned video, and annotations: 24 months by default, customizable per workspace. You can accelerate deletion or archive sessions offline.
  • Aggregated, anonymized metrics: retained indefinitely without identifiers.
  • Support tickets and safety investigations: 5 years or longer if required by law.

10. Cookies, SDKs, and signals

We use first-party cookies for authentication and preferences, plus privacy-centric analytics that avoid cross-site tracking. You can adjust cookie settings in the app or browser and still use core features. We do not allow third-party advertising cookies. Mobile SDKs are scoped to crash reporting and do not collect your precise location.

11. Children’s privacy

The Services are designed for professional and enthusiast drivers aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child provided data, contact us immediately so we can delete it.

12. Changes & notice

We will update this policy when we add hardware, analytics, or compliance requirements. Material changes will be posted here with a new effective date and, when required, emailed or surfaced in-app.

13. Contact us

Email privacy@signalhauz.com or mail Signalhauz LLC, Attn: Privacy, Austin, Texas 78701, USA. If you prefer phone support, request a callback through the app or via email so we can verify your identity before discussing account details. For quicker help, include the email tied to your account and the region you live in.