Policy

Privacy.

This notice covers how LAP handles personal data on this marketing site (lap-coach.racing). The webapp on app.lap-coach.racing has a separate, broader notice that ships when the webapp launches. The framework that applies here is the EU General Data Protection Regulation (GDPR).

Who we are

LAP is the controller of the personal data processed on this site. LAP is run by a solo founder, contactable at [email protected] for any privacy question or rights request, and at [email protected] for everything else.

What we collect, why, and on what legal basis

We collect three categories of data on this site, each tied to a specific purpose and legal basis.

Waitlist email. When you join the waitlist, we collect your email address and a record of your consent. The purpose is to send you the public-beta launch invite and a short series of founder-pricing emails. The legal basis is your consent (GDPR Article 6(1)(a)). You can withdraw it at any time by clicking the unsubscribe link in any of those emails or by emailing us. We keep the address for as long as you are subscribed; once you unsubscribe, we soft-delete it (mark unsubscribed in our email-sending system) so the same address is not accidentally re-added later.

Cookieless analytics. We measure aggregate traffic (page views, referrers, country, device class) using PostHog configured in cookieless mode. No tracking cookie is set on first visit and no cross-session identifier is built. The legal basis is our legitimate interest in understanding which pages help visitors decide whether LAP is for them (GDPR Article 6(1)(f)). You can object at any time by emailing us; the analytics are aggregated to a level where individual exclusion is straightforward.

Error monitoring. When a JavaScript error happens on the site, we send the error message, the page URL, and the browser type to Sentry so we can fix it. No form input or email is included. The legal basis is our legitimate interest in keeping the site working (GDPR Article 6(1)(f)).

Who we share it with

We do not sell or rent personal data. The processors we use, each under a written data processing agreement, are:

  • Resend — sends the waitlist confirmation email and the founder-rate drip emails. Stores your email and unsubscribe state. US-based, GDPR-compliant data processing terms.
  • Cloudflare — hosts the site and runs Turnstile, the spam-check challenge on the waitlist form. Sees standard request data (IP address, user agent) for security purposes. US-based with EU points of presence.
  • PostHog — receives cookieless analytics events as described above. EU-hosted instance.
  • Sentry — receives error reports as described above. EU-hosted instance.

International transfers

Some of our processors are based outside the EU (Resend, Cloudflare). Those transfers rely on the European Commission’s Standard Contractual Clauses or an equivalent adequacy mechanism. If you want a copy of the safeguards in place for a specific processor, email us.

Your rights

Under GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify data that is inaccurate.
  • Erase your data, subject to the limits of what is required for an active legal obligation. For waitlist data this means full deletion; nothing about a withdrawn waitlist signup is kept beyond the soft-delete audit record.
  • Restrict or object to processing, including the legitimate-interest analytics described above.
  • Withdraw consent at any time, by clicking the unsubscribe link in any drip email or by emailing us. Withdrawal does not affect processing already done.
  • Data portability — receive your data in a portable format. For a waitlist record this is a single line of email + consent timestamp.
  • Lodge a complaint with your national data protection authority (the supervisory authority in your EU country of residence). We would prefer you contact us first so we can fix what went wrong, but the regulator route is your right.

To exercise any of these rights, email [email protected] with the request and the email address tied to your data. We respond within 30 days as GDPR requires, usually faster.

Cookies

We do not set tracking cookies on this site. Cloudflare may set short-lived security cookies to run the spam-check on the waitlist form (the cookie is not used for tracking). PostHog runs in cookieless mode and sets none. If a future change requires a tracking cookie, this notice gets updated and the relevant consent surface added before the change goes live.

Changes to this notice

When we update this notice we change the “last updated” date below. For a material change (new processor, new processing purpose, expanded data category) we email waitlist subscribers in advance.

Last updated: 25 April 2026.