Privacy Policy

At Spotter Toolbox, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under applicable data protection laws.

1. Data we collect

We only collect the information necessary to provide our service:

• Account details you provide during registration (such as name, email address, and password).
• Session information required for login and security (via cookies such as laravel_session and XSRF-TOKEN).
• Any data you voluntarily enter when using the application (e.g., lap time data or notes you save).
• Login activity data — each time you log in we record your IP address, browser and device information (user agent), the date and time of the login, and the approximate country derived from your IP address. If repeated failed login attempts are detected for your account, a record of that burst (including IP address, browser information, and failure count) is also stored. This data is collected solely for account security and fraud detection purposes.

2. How we use your data

• To create and manage your account.
• To keep you authenticated and maintain secure sessions.
• To operate and improve the Spotter Toolbox service.
• To detect and investigate suspicious login activity such as credential stuffing or unauthorised access attempts.
• To understand broad geographic trends in service usage (country-level only — we do not track precise locations).

3. What we do not do (at this time)

• We do not currently use analytics, advertising, or marketing trackers.
• We do not sell or trade your personal data.
• We do not share your data with third parties for marketing purposes.

4. Possible future changes

If in the future we introduce analytics tools, advertising technologies, or data sharing arrangements, this Privacy Policy will be updated to explain what is collected, why, and with whom it may be shared. Where legally required, we will seek your consent before processing your data for any new purpose.

5. Legal basis

We process your personal data on the basis of contract (to provide the service you sign up for) and legitimate interest (to maintain security and functionality). Login activity data — including IP addresses, browser information, and country of origin — is processed under legitimate interest for the purpose of detecting unauthorised access and protecting user accounts. This processing is limited to what is necessary for that purpose and is not used for profiling or automated decision-making.

6. Data storage and retention

Your account data is stored securely on our servers and retained for as long as your account is active. You can request deletion of your account and associated data at any time.

Login activity records (successful logins and failed login bursts) are retained for 90 days and then automatically deleted. This period is sufficient for security investigation purposes while minimising the retention of personal data.

7. Your rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Restrict or object to certain processing.
• Request a copy of your data in a portable format.

8. Contact

If you have any questions about this Privacy Policy or your data, you can contact us at:
admin@kxrtech.eu

9. Changes

We may update this Privacy Policy from time to time. The latest version will always be available on this page.