Effective May 25, 2026 · Operator: Tonka Tech LLC (JD Solutions Group S-Corp) · Privacy Contact: privacy@kartgenius.app
KartGenius ("the App," "we," "us," or "our") is a mobile application developed and operated by Tonka Tech LLC (JD Solutions Group S-Corp), a Minnesota limited liability company. KartGenius connects to AIM Technologies MyChron data loggers via local WiFi, downloads kart racing session telemetry, and uses artificial intelligence to generate personalized coaching insights for drivers and coaches.
This Privacy Policy describes the information we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have regarding your personal data. It applies to all users of the KartGenius iOS application and the website at https://kartgenius.app.
By downloading or using KartGenius, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the App.
This Policy applies to:
Additional jurisdiction-specific disclosures are provided in Section 9 (California residents), Section 10 (European Economic Area, United Kingdom, and Switzerland), and Section 11 (Children). Where a specific section conflicts with the general provisions of this Policy, the more specific section governs for residents of that jurisdiction.
KartGenius uses anonymous authentication by default. No account, name, or email address is required to access core features. If you voluntarily choose to create a named account, we collect:
When you connect your AIM MyChron data logger to KartGenius over local WiFi, the App downloads session telemetry stored on the device. This data originates from the device's own sensors and is not collected from your iPhone. It may include:
When you request an AI coaching analysis, session telemetry is transmitted to our servers and processed by Anthropic's Claude large language model to generate coaching insights. We store:
Coaching requests are made server-side via Supabase Edge Functions. Your KartGenius API credentials are never exposed to client devices. We do not transmit your name, email address, or account identifiers to Anthropic.
We automatically collect limited technical data to operate and improve the App:
We do not collect: advertising identifiers (IDFA), device location from iPhone GPS, contacts, camera or microphone input, browsing history, health or fitness data, or data from other applications on your device.
In-app subscription purchases are processed exclusively by Apple through the App Store. KartGenius does not collect, process, or store payment card numbers, bank account information, or other financial credentials. We receive from RevenueCat, our subscription management provider, confirmation of subscription status, product identifiers, and anonymized purchase receipts.
KartGenius requests iOS Local Network permission to discover AIM MyChron devices connected to the same WiFi network. During discovery:
We use personal data only for the purposes described below. We do not use your data to serve third-party advertising. We do not sell personal data as defined under applicable law.
| Processing Activity | Purpose | Legal Basis (GDPR) | Article |
|---|---|---|---|
| Creating and managing your account | Identity and authentication | Contract performance | Art. 6(1)(b) |
| Storing session telemetry | Core app functionality | Contract performance | Art. 6(1)(b) |
| Generating AI coaching reports | Core app functionality | Contract performance | Art. 6(1)(b) |
| Managing subscriptions | Billing and access control | Contract performance | Art. 6(1)(b) |
| Crash reporting and diagnostics | App stability and security | Legitimate interests | Art. 6(1)(f) |
| Usage analytics | Product improvement | Legitimate interests | Art. 6(1)(f) |
| Legal compliance | Regulatory obligations | Legal obligation | Art. 6(1)(c) |
Where we rely on legitimate interests as our legal basis, we have conducted the required balancing assessment. Our legitimate interests in maintaining App security, diagnosing crashes, and understanding feature usage are necessary to deliver a reliable service. These interests do not override your fundamental rights and freedoms because: (a) the data involved is limited and non-sensitive; (b) processing is proportionate to the purpose; (c) users have reasonable expectations that a technology service monitors its own performance; and (d) we apply appropriate safeguards including anonymization and limited retention periods.
We do not sell, rent, or trade personal data to third parties for marketing purposes. We share data only in the following circumstances:
We engage the following companies as data processors acting on our instructions. Each has entered or is required to enter into a Data Processing Agreement (DPA) with us as required by GDPR Article 28.
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase Inc. | Database, authentication, storage, edge functions | Anonymous user ID, session telemetry, coaching reports | supabase.com/privacy |
| Anthropic PBC | AI coaching generation | Session telemetry only — no name or account identifiers | anthropic.com/privacy |
| RevenueCat Inc. | Subscription management | Anonymous user ID, subscription status, App Store receipt | revenuecat.com/privacy |
| Sentry Inc. | Crash reporting and error monitoring | Anonymous device ID, app version, stack traces | sentry.io/privacy |
| Apple Inc. | App Store distribution, payments, Sign in with Apple | Governed by Apple's own policies | apple.com/privacy |
We may disclose personal data if required by law, regulation, legal process, or governmental authority, or where we believe disclosure is necessary to protect the rights, property, or safety of KartGenius, our users, or others.
If KartGenius or its assets are acquired by or merged with another entity, personal data may be transferred as part of that transaction. We will notify you via in-app notice or email before your data becomes subject to a materially different privacy policy.
We may share your data for other purposes with your explicit prior consent, such as if you choose to share a session file or coaching report with a coach or third party through a future feature.
Your data is stored on infrastructure operated by Supabase Inc., located in the United States (Amazon Web Services, us-east-1 region). We do not currently operate data centers in the European Economic Area.
We implement the following security controls:
No security system is impenetrable. If we become aware of a security breach that affects your personal data, we will notify you as required by applicable law.
We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law. The following table sets out our standard retention schedule:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Session telemetry (lap times, GPS, sensor data) | Life of account | Contract — required to provide core service |
| AI coaching reports | Life of account | Contract — required to provide core service |
| Anonymous user identifier | Life of account | Contract — required to maintain session continuity |
| Email address (if provided) | Life of account + 30 days | Contract; deleted upon account deletion request |
| Crash reports and error logs (Sentry) | 90 days | Legitimate interests — proportionate to stability purpose |
| Usage analytics events | 24 months rolling | Legitimate interests — product improvement |
| Subscription and purchase records | 7 years from transaction | Legal obligation — tax and financial recordkeeping |
| Server access logs | 30 days | Legitimate interests — security monitoring |
Upon valid deletion request or account closure, we will delete or anonymize your personal data within 30 days, except where a longer retention period is required by law or legitimate business necessity (such as active fraud investigations or pending litigation).
Regardless of where you are located, you may exercise the following rights by contacting us at privacy@kartgenius.app:
We will respond to all requests within 30 days. We may need to verify your identity before processing requests. We will not discriminate against you for exercising any privacy right.
To submit a request, email privacy@kartgenius.app with subject line "Privacy Request — [type of request]."
This section supplements the general Policy for residents of California and applies to the extent KartGenius is subject to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA").
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
We collect information directly from you (through the App), from your AIM device (via local WiFi connection), and automatically (usage events, crash reports).
We collect personal information for the purposes described in Section 4 of this Policy.
In the preceding 12 months we have disclosed personal information to service providers as described in Section 5.1 for operational purposes. We have not sold personal information.
California residents have the right to:
To submit a verifiable consumer request, contact privacy@kartgenius.app. We will verify your identity before processing. You may designate an authorized agent to make requests on your behalf.
California Civil Code Section 1798.83 permits California residents to request information about personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information for direct marketing purposes.
This section applies to users located in the European Economic Area (EEA), the United Kingdom, or Switzerland and supplements this Policy under the General Data Protection Regulation (GDPR) and applicable national implementations, including the UK GDPR and Swiss Federal Act on Data Protection (nFADP).
Tonka Tech LLC (JD Solutions Group S-Corp) is the data controller for personal data processed through the KartGenius App. Contact: privacy@kartgenius.app.
The legal bases for our processing activities are set out in the table in Section 4 of this Policy. In summary:
Your personal data is transferred to and processed in the United States. The US does not benefit from an EU adequacy decision for all transfers. We rely on the following transfer mechanisms:
Copies of applicable transfer mechanisms are available upon request by contacting privacy@kartgenius.app.
We have entered into or are required to enter into Data Processing Agreements (DPAs) with each of our processors named in Section 5.1, compliant with GDPR Article 28. These agreements impose data protection obligations on processors and restrict sub-processing without our prior consent.
EEA, UK, and Swiss residents have the following rights under applicable data protection law:
To exercise any of these rights, contact privacy@kartgenius.app with "GDPR Rights Request" in the subject line. We will respond within one month. This period may be extended by two months where requests are complex or numerous; we will notify you of any extension within one month of receipt.
We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive.
You have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement. A directory of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
UK residents may contact the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/
Swiss residents may contact the Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch/
We ask that you contact us at privacy@kartgenius.app before lodging a complaint so that we have the opportunity to address your concern directly.
KartGenius is designed for use by kart racing participants of all ages, including minors, under appropriate parental or guardian supervision. The App is rated 4+ on the Apple App Store.
We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA). KartGenius's default anonymous authentication mode does not require any child to provide a name, email address, or other identifying information.
If a parent or guardian believes that their child under 13 has provided personal information without consent, please contact us at privacy@kartgenius.app and we will promptly delete such information.
Where a user between 13 and 17 years of age provides personal information (such as creating a named account), we encourage parents and guardians to review and supervise their minor's use of the App. Parents may contact privacy@kartgenius.app to review, request correction of, or delete information associated with a minor's account.
For EEA users, where processing is based on consent and the user is under 16 years of age (or the lower age threshold applicable in their member state), parental or guardian consent is required. Given that KartGenius does not rely on consent as a legal basis for core processing (we rely on contract performance), this requirement applies primarily to optional features such as email communications.
The KartGenius iOS App does not use cookies. The website at https://kartgenius.app may use essential technical cookies required for page rendering and security. We do not use advertising cookies, cross-site tracking, or third-party behavioral analytics cookies on our website.
We do not use Apple's Advertising Identifier (IDFA) or any other cross-app advertising identifier.
We may update this Privacy Policy periodically. When we make material changes, we will:
Your continued use of KartGenius after the effective date of an updated Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you should discontinue use of the App and may request deletion of your data per Section 8.
The current version of this Policy is always available at https://kartgenius.app/privacy. Prior versions are available upon request.
For any privacy questions, data requests, or to exercise your rights, please contact us at:
Tonka Tech LLC (JD Solutions Group S-Corp)
Privacy: privacy@kartgenius.app
Support: support@kartgenius.app
Website: https://kartgenius.app/privacy
State of Incorporation: Minnesota, United States
We aim to respond to all privacy inquiries within 5 business days and to complete data requests within 30 calendar days.