Privacy Policy

Last updated: 17 May 2026

This Privacy Policy explains how Carbon Code Product Development SRL ("Carbon Code", "we", "our", or "us") collects, uses, and protects your personal data when you use the Lap Zero platform (the "Service") available at lapzero.com, app.lapzero.com, and related subdomains.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection laws.

1. Who we are

Data Controller: Carbon Code Product Development SRL Str. Bucur nr. 2, Sector 4, Bucharest, Romania Tax ID (CUI): RO45019100 Trade Register: J40/17192/2021

Contact for privacy inquiries: contact@lapzero.com

2. What data we collect

We collect different categories of personal data depending on how you use the Service.

2.1 Account data

When you create an account, we collect:

  • Name

  • Email address

  • Password (stored as a hash, never in plain text)

  • Organization name (for organizers)

  • Country and language preferences

2.2 Event and registration data

When you use the Service to organize events or register as a driver, we collect:

  • Driver names, contact details, and event-related information you provide

  • Race numbers, class assignments, and lap times

  • Tech inspection records, including photos and signatures

  • Disclaimers and digital signatures

2.3 Payment data

Payments are processed through Stripe (Stripe, Inc. and Stripe Payments Europe Ltd.). We do not store full credit card numbers or banking credentials. We receive limited transaction data, including:

  • Transaction ID and timestamp

  • Amount paid

  • Last four digits of the card used

  • Status (paid, refunded, failed)

For full information about how Stripe processes your data, please see Stripe's Privacy Policy.

2.4 Usage data

We automatically collect technical information when you use the Service, including:

  • IP address (truncated where possible)

  • Browser type and version

  • Device type and operating system

  • Pages visited and actions taken within the platform

  • Timestamps of activity

2.5 Communications

If you contact us via email or other channels, we keep a record of the correspondence and the contact information you provide.

3. How we use your data

We process your personal data for the following purposes and legal bases:

Purpose Legal basis (GDPR Article 6) Providing the Service (accounts, events, registrations, results) Performance of a contract (Art. 6(1)(b)) Processing payments and billing Performance of a contract (Art. 6(1)(b)) Sending service-related notifications (event updates, password resets, billing) Performance of a contract (Art. 6(1)(b)) Security, fraud prevention, and protecting our legitimate interests Legitimate interests (Art. 6(1)(f)) Complying with legal obligations (tax, accounting, regulatory) Legal obligation (Art. 6(1)(c)) Responding to your inquiries Legitimate interests (Art. 6(1)(f)) Improving the Service through aggregated, anonymized analytics Legitimate interests (Art. 6(1)(f)) Sending marketing communications (only with consent) Consent (Art. 6(1)(a))

4. Who we share your data with

We do not sell your personal data. We share it only with the following categories of recipients, and only when necessary:

4.1 Service providers

We use trusted third-party providers to operate the Service. These include:

  • Stripe — payment processing

  • Cloud hosting providers — infrastructure and data storage (within the EU/EEA where possible)

  • Email delivery services — transactional emails

  • Analytics providers — aggregated usage statistics

All providers act as data processors on our behalf under Data Processing Agreements (DPAs) compliant with GDPR.

4.2 Event organizers and drivers

The Service connects organizers with drivers. As a natural consequence of the Service:

  • If you are a driver, your registration data (name, race number, class, results) is visible to the organizer of the event you register for.

  • If you are an organizer, the data you enter about your events is visible to drivers who register.

4.3 Legal authorities

We may disclose personal data when required by law, court order, or to protect our legal rights.

4.4 Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring party. We will notify you in advance.

5. International data transfers

We strive to keep your data within the European Economic Area (EEA). When data must be transferred outside the EEA (for example, to Stripe in the United States), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6. How long we keep your data

We retain personal data only as long as necessary for the purposes described above:

Data category Retention period Account data While your account is active, plus 12 months after closure Event and registration data While the related championship/season is active, plus 7 years (accounting requirements) Payment data 7 years (Romanian accounting law) Usage data 24 months Communications 3 years after last contact

After the retention period, data is deleted or anonymized.

7. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you

  • Right to rectification — correct inaccurate or incomplete data

  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention requirements

  • Right to restriction — request that we limit how we process your data

  • Right to data portability — receive your data in a structured, machine-readable format

  • Right to object — object to processing based on legitimate interests

  • Right to withdraw consent — where processing is based on consent, withdraw it at any time

  • Right to lodge a complaint — with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro

To exercise any of these rights, contact us at contact@lapzero.com. We respond within 30 days.

8. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest where applicable

  • Hashed passwords (never stored in plain text)

  • Access controls and authentication

  • Regular security reviews

  • Incident response procedures

However, no system is 100% secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authority without undue delay, in accordance with GDPR.

9. Cookies and tracking technologies

We use cookies and similar technologies to operate the Service and analyze usage. For details, please see our Cookie Policy.

10. Children's privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at contact@lapzero.com and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through the Service. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Carbon Code Product Development SRL Str. Bucur nr. 2, Sector 4, Bucharest, Romania Email: contact@lapzero.com

Built for race day. Ready when you are.

Start for free