Track Racer IO ("the Game") is operated by Royal Fork Oy, a limited liability company registered in Finland ("Royal Fork," "we," "our"), which is the data controller for your personal data. This policy explains how we collect, use, and protect your information.
Last Updated: June 20, 2026
Account Information: Email, username, display name, and profile data provided at registration.
Authentication Data: Credentials and tokens from email/password login, Google Sign-In, or Discord Sign-In; we receive public profile info (name, email, avatar) from these providers.
Gameplay Data: Race times, lap records, leaderboard positions, track creations, campaign progress, medals, vehicle configurations, and driver customizations.
Device & Technical Data: Browser type/version, operating system, screen resolution, IP address, and crash/error reports. We do not collect advertising identifiers (such as Apple's IDFA or Android's Advertising ID) and do not use them for tracking.
Usage & Analytics Data: Features used, session duration, progression events, and performance metrics via GameAnalytics. On our website we also use Google Analytics; our iOS and Android apps do not include Google Analytics.
Purchase Data: Transaction records for in-app purchases/subscriptions through RevenueCat (we do not store payment card details).
We use data to:
Operate and maintain the Game and your account.
Authenticate your identity and secure your account.
Display leaderboards, statistics, and multiplayer features.
Process in-app purchases and subscriptions.
Analyze usage patterns to improve the Game.
Detect and prevent cheating, fraud, and abuse.
Communicate updates, announcements, and support responses.
Validate race times and replay data for anti-cheat purposes.
For users in the European Economic Area (EEA):
Contract: To provide the Game and fulfill our Terms of Service.
Legitimate Interest: To improve the Game, prevent fraud, and ensure security.
Consent: For analytics and optional communications (withdrawable at any time).
Legal Obligation: To comply with applicable laws.
Data is stored securely using Supabase (database and authentication) and hosted on Render.com. We use TLS/SSL, encrypted storage, access controls, and regular security reviews. While we take industry-standard precautions, no method is 100% secure.
We use the following service providers, each with its own privacy policy and, where required, acting as our processor under contract:
Supabase — Authentication and database
Google Sign-In & Discord Sign-In — OAuth authentication
RevenueCat — In-app purchases and subscriptions
GameAnalytics — Gameplay analytics and progression tracking
Sentry — Crash and error reporting
ipapi.co — Approximate, IP-based location used only for in-game weather (no precise or device location is collected)
Google Analytics & Google Ads (website only; not used in our mobile apps) — Usage analytics and measurement of our own marketing campaigns
Render.com — Hosting
Local Storage: Saves preferences (settings, language, UI state) and authentication tokens.
Cookies: Used on our website by Google Analytics and Google Ads for analytics and marketing measurement. Our iOS and Android apps do not use these cookies or trackers.
You can control or block cookies via your browser, but this may affect Game functionality.
The Game contains no third-party advertisements. On our website we use Google Ads (and, where enabled, the Meta Pixel) to measure and optimize our own marketing campaigns; these tools are not included in our iOS or Android apps. We do not sell your personal data, and we do not use it to serve you third-party targeted advertising.
We do not sell personal information. We may share data with:
Service providers listed above under contractual obligations.
Other players: usernames, avatars, race statistics, leaderboard positions, and published tracks are public.
Law enforcement/regulatory authorities when legally required.
In connection with mergers, acquisitions, or asset sales, with notice to users.
Aggregated or anonymized gameplay statistics may be shared publicly.
Your data may be processed outside your country. We implement appropriate safeguards, including standard contractual clauses for GDPR compliance.
The Game is not for children under 13 (or 16 in the EEA). We do not knowingly collect personal info from children. If we learn that a child has provided personal info, we will delete it immediately.
Depending on your jurisdiction, you may:
Access the personal data we hold.
Request correction of inaccurate or incomplete data.
Request deletion of your account and personal data.
Object to or restrict certain processing.
Receive your data in a structured, machine-readable format.
Withdraw consent where processing is consent-based.
Lodge a complaint with a supervisory authority.
To exercise these rights, contact us via Discord or [email protected]. We respond within 30 days.
We retain data while your account is active and as necessary to provide the Game. Upon account deletion, personal data is removed or anonymized within 30 days, except where retention is legally required (e.g., transaction records). Aggregated gameplay stats may be retained indefinitely.
California residents may: (a) know what personal info is collected, used, and shared; (b) request deletion of personal info; (c) opt out of the sale of personal info (we do not sell it); (d) receive non-discrimination for exercising these rights.
We may update this policy. Significant changes will be communicated via in-game notifications or email at least 30 days before they take effect. Continued use after updates constitutes acceptance.
Data controller: Royal Fork Oy (Finland).
For privacy inquiries: [email protected] or our Discord server (https://discord.gg/DZfCkSmRvR).