Skip to content
TIF1 AI
Sign In

Last updated:

Privacy Policy

1. Overview & Data Controller

TIF1 AI is a Formula 1 statistics chatbot that lets you ask natural-language questions about F1 data. The service combines an in-browser analytics engine (DuckDB-WASM) with third-party AI providers to generate and execute SQL queries.

The data controller is the operator of TIF1 AI. The application is hosted on a Hetzner VPS located in Nuremberg/Falkenstein, Germany, within the European Union. All server-side data processing falls under EU jurisdiction and GDPR regulations.

For privacy questions or data requests, contact us at the email address listed in Section 10.

2. Data We Collect: Anonymous / Free Tier

The free tier does not require an account and collects no personal data. All data listed below is stored exclusively in your browser’s IndexedDB via Dexie.js and is never sent to the TIF1 AI server.

API Keys (Bring Your Own Key)

Provider API keys you enter are stored in the providerKeysLocal IndexedDB table with the field storedValue. Keys are masked in the UI and never transmitted to the TIF1 AI server. They are used only for direct browser-to-provider API calls.

Chat History

Your question-and-answer conversations are stored locally in the queryHistoryLocal IndexedDB table. This history is lost if you clear your browser cache or storage.

Saved Queries

Queries you explicitly save are stored locally in the savedQueriesLocal IndexedDB table.

F1 Data Cache

Parquet data files (49 F1 tables) are cached in the tableBlobs IndexedDB store with ETag-based updates to minimize re-downloads.

3. Data We Collect: Paid Sponsor Tier

The paid sponsor tier ($4.99/month via GitHub Sponsors) requires authentication and stores additional data server-side. All server-stored sensitive data is encrypted at rest.

OAuth Authentication

You sign in via GitHub or Google OAuth using Better Auth. OAuth tokens are encrypted at rest in the database (encryptOAuthTokens: true). A database-backed session cookie is used to maintain your login; this is an essential cookie and does not require consent.

User Profile

The user_profile table stores: user_id, is_sponsor, sponsor_checked_at, sponsor_tier_cents, and github_login.

Provider API Keys (Encrypted)

Paid-tier API keys are encrypted with AES-256-GCM envelope encryption. The paid_provider_keys table stores encrypted_key, iv, and auth_tag. The master encryption key is derived from the ENCRYPTION_KEY environment variable. Keys are decrypted only per-request and immediately discarded.

Chat Conversations

Conversations are stored in the chat_conversations and chat_messages tables. Messages are stored as JSONB with a GIN index for efficient retrieval.

Saved Queries

Queries you save in the paid tier are stored server-side in the saved_queries table, including the query name, SQL, description, and tags.

4. AI Provider Data Sharing

TIF1 AI supports three AI providers: Google AI Studio, OpenRouter, and Cerebras. Your natural-language questions and the resulting SQL query results are sent to the provider you select to generate answers.

Anonymous Tier

Your browser calls the AI provider directly using your API key. The TIF1 AI server never sees the request or your key.

Sponsor Tier

Your browser calls /api/chat → the server decrypts your stored key → proxies the request to the provider → the key is re-encrypted and discarded.

Content Security Policy

The application’s CSP connect-src directive specifically allows connections to only these three origins: generativelanguage.googleapis.com, openrouter.ai, api.cerebras.ai.

5. Observability & Analytics

Cloudflare Web Analytics

Edge-side analytics with no cookies and no JavaScript snippet. Measures page views, Core Web Vitals, and country-level geography. No personal data is collected. Only active when PUBLIC_CLOUDFLARE_WEB_ANALYTICS_TOKEN is configured.

PostHog Cloud (EU Region)

PostHog is hosted in the EU (eu.i.posthog.com). Zero data is collected when POSTHOG_API_KEY is not configured (the client is a no-op).

  • Server-side: Error tracking ($exception events), AI observability (ai_call with model, provider, input/output truncated at 10 KB), and product events (account_deleted, saved_query_created, provider_key_saved).
  • Client-side: Via /ingest reverse proxy. capture_exceptions: true, session recording disabled (disable_session_recording: true), IP geolocation disabled (disableGeoip: true), opt_in_site_apps: false. Feature flags disabled due to known memory leak (PostHog issue #2206).

Server Logs

Structured JSON logs are written to journald. Logs may include userId, provider, and model identifiers. No API keys are ever included in log output. Retention follows journald system defaults.

6. Local Processing (DuckDB-WASM)

All SQL query execution runs entirely in your browser via DuckDB-WASM. DuckDB-WASM has no network capabilities and cannot communicate with any server.

  • Only read-only SELECT and WITH queries are permitted. Write statements are rejected.
  • Malformed or resource-intensive SQL may crash your browser tab, not the server.
  • Parquet files are served as static assets; the service worker excludes /f1db/* paths.

7. Cookies

TIF1 AI uses only essential cookies: the Better Auth session cookie required to maintain your authenticated session. No tracking cookies, marketing cookies, or third-party advertising cookies are used. Because only essential cookies are set, no cookie consent banner is required under the ePrivacy Directive.

8. Data Retention

  • Anonymous / Free Tier: All data in browser. Deleted when browser storage cleared.
  • Paid Sponsor Tier: Retained until account deletion or manual deletion.
  • Cloudflare: Aggregate data up to 6 months.
  • PostHog: AI events 30 days; product events 1 year.
  • Server logs: Per journald configuration.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of your data
  • Rectification — correct inaccurate data
  • Erasure — delete your data (right to be forgotten)
  • Restriction — limit processing of your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest

Account Deletion

Users can delete their account at any time via POST /api/account/delete. Free-tier accounts are deleted immediately. Sponsor accounts have a 48-hour recovery window before permanent deletion, during which the user can cancel by signing in. Deletion is cascading: saved_queriespaid_provider_keyschat_conversationsuser_profile, followed by sign-out.

Local Data

Free-tier users can clear all local data by clearing their browser storage or using the “Delete local data” action in the settings.

Because our server infrastructure is hosted on Hetzner in Germany, your data remains within the EU at all times.

10. Contact

For privacy inquiries, data access requests, or deletion requests, contact us at:

Email: privacy@tracinginsights.com

We aim to respond to all privacy-related inquiries within 14 calendar days.

TracingInsights Logo

Your one-stop home for unparalleled F1 insights

Support Data Contact Privacy Terms Changelog

Connect on Socials

TracingInsights and this website are unofficial and are not associated in any way with the Formula 1 companies. F1, FORMULA ONE, FORMULA 1, FIA FORMULA ONE WORLD CHAMPIONSHIP, GRAND PRIX and related marks are trade marks of Formula One Licensing B.V. This is a non-commercial, fan-made application. Data is used for non-commercial, fair use. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Any product names, logos, brands, and other trademarks or images featured or referred to within the app are the property of their respective trademark holders. These trademark holders are not affiliated with TracingInsights or its contributors. They do not sponsor or endorse TracingInsights or any of our products.

© 2026 TIF1 AI · Hosted in Germany.