Seal PushSeal Push
← Back to Grid Roar

Privacy Policy

Grid RoarEffective date · 25 April 2026

Overview

Grid Roar is a companion app for Formula 1 fans. It lets you react in real time during race sessions, vote on live polls, and climb a global leaderboard. This policy explains, in plain language, what personal information we collect when you use Grid Roar, why we collect it, who we share it with, how long we keep it, and the rights you have over it.

Who we are

Grid Roar is operated by Seal Push (the “Studio”, “we”, “us”). For the purposes of the EU and UK General Data Protection Regulations, the Studio is the data controller of the personal information described in this policy.

You can reach our privacy team at hello@sealpush.com.

Information we collect

Information you provide

  • Nickname — auto-generated when you first open the app, editable later.
  • Country — used to power region-specific leaderboards.
  • Favourite driver and team — optional, displayed on your profile and leaderboard rows.
  • Profile photo — optional. If you upload one, we store the image on your behalf so it can render on your profile and leaderboard rows.
  • Email address — only if you choose to link a verified account through our authentication provider. Used to sign you back in and to send transactional messages (e.g. password reset).
  • Support correspondence — if you email us, the contents of that email and your reply address.

Activity in the app

  • Reactions you send to live prompts (emoji + timestamp).
  • Votes you cast in polls.
  • Ad interactions — ads you tap on, used only to count clicks per ad. We do not build advertising profiles from this.
  • Points and rank — the points you earn from the interactions above and your position on the seasonal leaderboard.

Device and technical data

  • Device identifier — a per-installation identifier we generate so we can tie your interactions to your account. This is not Apple's IDFA and is not shared with advertisers.
  • Push notification token — issued by Apple Push Notification service or Firebase Cloud Messaging so we can notify you when a session goes live.
  • Diagnostic events — anonymised analytics and crash reports (screen views, button taps, errors) used to understand how the app is performing and to fix bugs.
  • Server logs — IP address, request path, status code, timestamp, user agent. Retained briefly for security and troubleshooting.

We do not collect your precise location, contacts, photo library (beyond the single image you choose to upload as a profile photo), microphone, camera, calendar, or browsing history outside the app.

How we use your information

We process the information above for the following purposes. Where you are in the European Union, the United Kingdom, or another GDPR-aligned jurisdiction, the relevant lawful bases are listed in brackets.

  • To provide the core features of the app: live reactions, polls, fan championship and leaderboards. (Performance of contract)
  • To attribute your reactions and votes to your account so you appear correctly on the leaderboard and in fastest-responder lists. (Performance of contract)
  • To send push notifications when a race session is about to start. (Consent)
  • To diagnose crashes, fix bugs, and improve performance using aggregated, anonymised analytics. (Legitimate interests in keeping the app reliable)
  • To prevent abuse, spam, and unauthorised access to our services. (Legitimate interests in security)
  • To comply with legal obligations and respond to lawful requests. (Legal obligation)

App permissions

Grid Roar asks for the following iOS / Android permissions. You can grant or revoke each one at any time from your device's system settings. Denying a permission will disable the related feature but will not prevent you from using the rest of the app.

  • Notifications — used to alert you when a race session is about to start. Optional.
  • Photo Library (limited) — only if you choose to upload a profile photo. We request limited / single-photo access; we do not see your full library.

App tracking & advertising

Grid Roar does not use Apple's Identifier for Advertisers (IDFA). Grid Roar does not share your data with third-party advertisers, data brokers, or analytics services that track you across other companies' apps or websites. As a result, the App Tracking Transparency dialog will not appear when you use Grid Roar — there is nothing for us to track.

The app may show in-app advertisements; we record only that an ad was tapped, never information about you that is shared with the advertiser. If we ever introduce cross-app tracking we will request your permission through Apple's App Tracking Transparency framework first, and update this policy and the App Store privacy labels at the same time.

Sharing your information

We share data only with the third-party processors we need to run the app. Each one is bound by its own privacy obligations and a data processing agreement. We do not authorise them to use your data for their own purposes.

  • WorkOS — handles authentication for signed-up users. Processes your email address and a user identifier on our behalf.
  • PostHog (EU region) — processes pseudonymised analytics events. Data is stored within the European Union.
  • Wasabi Cloud Storage (EU region) — stores uploaded profile photos and other image assets, encrypted at rest.
  • Apple Push Notification service and Firebase Cloud Messaging — deliver push notifications to your device. They receive your push token and the notification payload, but no other account data.
  • Database and hosting providers — store the data described above so the app can read and write it.
  • Email provider — sends transactional emails (account, password reset) on our behalf.

A current list of named sub-processors is available on request. We may also disclose information when required by law, court order, or to protect the rights, safety, and property of the Studio and its users.

International data transfers

Grid Roar is operated from, and stores most user data in, the European Union. Some of the sub-processors listed above (for example, push notification services operated by Apple and Google) process data outside the European Economic Area. Where we transfer personal data internationally, we rely on the European Commission's Standard Contractual Clauses or an adequacy decision as the legal basis for the transfer. By using the app you understand that your information may be processed in countries outside your own.

How long we keep it

  • Account data (nickname, country, favourites, profile photo, linked email if any) — retained until you delete your account.
  • Reactions, votes, and leaderboard points — retained for the duration of the relevant Formula 1 season and may be archived afterwards in anonymised aggregate form for historical leaderboards.
  • Diagnostic events — retained for up to 12 months and then automatically deleted or aggregated.
  • Server logs — retained for up to 30 days for security and debugging purposes.
  • Encrypted database backups — retained for up to 30 days before being overwritten.
  • Support correspondence — retained for up to 24 months after the last reply, to maintain context if you contact us again.

Your rights

Depending on where you live, you have the following rights over the personal data we hold about you:

  • The right to access the data we hold about you
  • The right to correct inaccurate or incomplete information
  • The right to delete your account and associated data
  • The right to restrict or object to certain processing
  • The right to receive a copy of your data in a portable format
  • The right to withdraw consent at any time (where processing is based on consent)
  • The right to lodge a complaint with your local data protection authority

Residents of California have additional rights under the California Consumer Privacy Act (CCPA / CPRA), including the right to know what personal information has been collected, the right to request deletion, the right to correct inaccurate information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioural advertising as those terms are defined under California law.

To exercise any of these rights, email us at hello@sealpush.com from the address on your account. We respond within 30 days. We may need to verify your identity before acting on the request.

Account deletion

You can delete your Grid Roar account at any time from inside the app. Open Account → Settings → Delete account and confirm. This permanently erases your account, your activity, and any associated data within 30 days. Encrypted backups containing the data may persist for up to another 30 days before being overwritten.

If you cannot access the app for any reason, email hello@sealpush.com from the email address registered to the account and we will process the deletion within 30 days.

Security

We use industry-standard practices to protect your information, including:

  • Authentication tokens are stored on your device using the iOS Keychain or Android Keystore, never in plain application storage.
  • All traffic between the app and our servers is encrypted in transit using TLS.
  • Profile photos and database backups are encrypted at rest in our cloud storage.
  • Administrative access to our backend is gated by multi-layer authentication.
  • Production secrets are never embedded in the mobile app binary or the public web bundle.

No system is perfectly secure. If we ever discover a security incident that affects your data, we will notify affected users without undue delay and report the incident to the relevant supervisory authority where required.

Children's privacy

Grid Roar is not directed at children under the age of 13 (or under 16 in the European Union). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@sealpush.com and we will delete it.

About this website

This website (sealpush.com) supports the app and uses a small number of additional services:

  • Self-hosted analytics — pageviews and click events are recorded on a Studio-operated Umami instance via a same-origin proxy. No cookies, no cross-site tracking, no IP address stored long-term.
  • hCaptcha — protects forms (beta signup, contact) from bot abuse. hCaptcha may set a session token in your browser to verify the challenge. See hCaptcha's privacy notice.
  • Beta signup form — submissions (first name, last name, email, platform interest) are stored in our Postgres database so we can invite you to the beta. We may notify our internal Telegram channel that a new signup arrived.
  • Contact form — your message is forwarded to our team inbox via a transactional email provider. Reply-To is set to your email so we can respond directly.
  • Cloudflare — hosts and serves this website at the edge. Cloudflare may process request metadata for security and performance.

Changes to this policy

We may update this privacy policy from time to time. The effective date at the top of the page will reflect the most recent change. If we make material changes (e.g. introducing a new category of data, a new sub-processor handling user content, or new cross-border transfers), we will notify you in the app or by email before they take effect.

Contact

If you have any questions about this policy or how Grid Roar handles your information, please contact us at hello@sealpush.com. We aim to respond within five business days.