Legal
PitWall Privacy Policy
Effective date: July 1, 2026
This Privacy Policy explains how Billy Jack Racing LLC, a Texas limited liability company, doing business as Convergence Engineering ("Convergence," "we," "us," "our") collects, uses, shares, and protects information in connection with PitWall (the "Service"), our software platform for motorsports teams. It also explains the choices and rights you have regarding your information. We have tried to write this policy in plain English. If anything is unclear, or if you want to exercise any of the rights described below, contact us at support@cvgeng.com.
1. Who We Are and What This Policy Covers
The Service is operated by Billy Jack Racing LLC, a Texas limited liability company, doing business as Convergence Engineering ("Convergence," "we," "us," "our").
Convergence Engineering also provides motorsports services and hardware. This Privacy Policy covers only PitWall, the software service — it does not cover our other services, hardware products, or any offline interactions you may have with us.
Some terms used throughout this policy:
- "PitWall" or the "Service" — the PitWall software platform, including the VitalScan product and any future products we make available through the platform.
- "Team" — a customer organization on PitWall. Each Team corresponds to an organization in our authentication system.
- "Team Content" — data and files that a Team or its members upload or create in the Service, including telemetry files.
How to reach us:
- Email: support@cvgeng.com (for privacy questions and data-deletion requests)
- Mail: 9018 Performance Ct, Cresson, TX 76035
2. What PitWall Is (Context for This Policy)
PitWall is a multi-tenant software-as-a-service platform for race teams. Our live product, VitalScan, lets Teams upload GEMS CSV telemetry logs — sensor data recorded from race cars — and runs automated health checks on that data, presenting the results in dashboards and exportable reports. We plan to offer additional products on the platform in the future (SetupBook, LapLogger, and LapOracle).
PitWall is primarily a business-to-business service: our customers are Teams, and most of the data in the Service is data about race cars, not about people. However, we do process personal data about the real individuals who use the Service (for example, names and email addresses used to sign in), and this policy describes that processing.
Each Team's data is scoped to that Team. Members of one Team cannot see another Team's data through the Service.
3. Information We Collect
We collect the following categories of information. This is the complete list of what we collect today.
3.1 Identity and account information
When you create an account or are added to a Team, we collect — through our authentication provider, Clerk — your name, email address, password or other sign-in credentials, and your Team/organization membership and role. If you sign in with Google single sign-on (SSO), we receive basic profile information from your Google account (such as your name and email address).
3.2 Team content
Information your Team creates in the Service to organize its work: the Team's name, and records describing the Team's cars, car types, and data sessions.
3.3 Uploaded content (telemetry files)
GEMS CSV telemetry files that you or your Team upload, stored as file blobs, together with records derived from them (file records, health-check runs, and check results). Telemetry files contain data about vehicles — sensor readings from race cars — not data about people. We nonetheless treat uploaded telemetry as the Team's confidential Team Content (see Section 6).
3.4 Technical and usage information
When you use the Service, we and our hosting provider automatically collect standard technical information: your IP address, device and browser information, and server logs. We may also use privacy-focused product analytics provided by our hosting provider (Vercel Web Analytics) to understand aggregate usage of the Service; it does not use cookies and does not track you across other websites.
3.5 Payments — none
We do not collect any payment or billing information. The current product tier is bundled at no charge, and there is no billing system in the Service today. If we launch paid billing in the future, we would use a payment processor and update this policy to describe it before that processing begins.
3.6 Where this information comes from
We collect information from the following sources:
- You directly — when you create an account, sign in, or upload content.
- Your Team's administrators — for example, when an admin invites you to a Team or manages your role, they provide us information about you (such as your email address).
- Google — when you choose to sign in with Google SSO.
- Automatically — technical and usage information collected through our hosting provider's server logs when you use the Service.
4. How and Why We Use Information
We use the information described above to:
- Provide and operate the Service — including running automated health checks on uploaded telemetry files and displaying the results in dashboards and reports.
- Authenticate you and manage Teams — signing you in, keeping your session secure, and enforcing Team membership and roles.
- Provide support — responding to your questions and troubleshooting problems.
- Protect the Service — detecting, investigating, and preventing security incidents, fraud, and abuse, and enforcing our Terms of Service.
- Improve the Service — understanding how the Service performs and fixing bugs, using technical and usage information.
- Comply with law — meeting our legal obligations.
Some plain-English commitments about what we do not do:
- We do not sell personal data.
- We do not use personal data for targeted advertising.
- We do not use Team Content to train AI models.
5. How We Share Information
We do not sell or rent personal data. We share information only in the limited circumstances below.
5.1 Service providers (sub-processors)
We use a small number of infrastructure providers to run the Service. They process data on our behalf and only as needed to provide their services to us:
| Provider | Role | Data involved |
|---|---|---|
| Clerk | Authentication and identity management | Name, email, sign-in credentials, Google SSO profile information, Team/organization membership and roles |
| Vercel | Application hosting and compute; Vercel Blob stores uploaded files | Technical and usage information (IP address, device/browser information, server logs); uploaded CSV telemetry files (stored in Vercel Blob) |
| Neon | Postgres application database | Account and Team records, Team content, and records derived from uploaded files (file records, check runs, check results) |
| Modal and Inngest | Planned / when enabled — not yet live. Analysis engine that processes uploaded telemetry and returns health-check results | Uploaded telemetry files and derived analysis results |
If we add or replace a sub-processor, we will update this policy.
5.2 Within your Team
Information you contribute to a Team — including Team Content and your name and role — is visible to other members of that Team, according to the Team's settings and roles.
5.3 Legal requirements
We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or a governmental request — for example, to comply with a subpoena or court order — or where disclosure is reasonably necessary to protect the rights, property, or safety of Convergence, our users, or the public.
5.4 Business transfers
If Convergence is involved in a merger, acquisition, financing, reorganization, or sale of some or all of its assets, information we hold may be transferred as part of that transaction. We would take reasonable steps to require that any successor honor the commitments in this policy or provide notice of any material changes.
6. Telemetry Data and Team Content
Because telemetry is the core of the Service, here is exactly how we handle it:
- Your Team owns its Team Content. Uploaded telemetry files and the records derived from them are Team Content, owned by the Team, as described in our Terms of Service.
- Team Content is confidential to your Team. The Service enforces team-scoped data isolation: uploaded files and their results are visible only to members of the Team that uploaded them. We do not publish, share, or expose one Team's telemetry to any other Team.
- Telemetry describes vehicles, not people. GEMS CSV logs contain race-car sensor data. We treat these files as the Team's confidential content regardless.
- Deletion. When a file is deleted, or when a Team or account is deleted, the associated telemetry files and derived records are deleted within a reasonable period, except that copies may persist in routine backups until those backups expire in the ordinary course, or where retention is required by law (see Section 7).
Our own access to Team Content is limited to what is needed to operate, support, and secure the Service (for example, investigating a processing failure at a Team's request).
7. Data Retention
- Account and Team data, Team Content, and uploaded files are retained while the account or Team is active. They are deleted when you or your Team delete them, when you make a verified deletion request, or when the account or Team is closed.
- Server logs and technical data are retained for a limited period according to our hosting provider's default log-retention practices.
- We may retain limited information longer where reasonably necessary to comply with legal obligations, resolve disputes, or enforce our agreements, and copies may persist in routine backups until those backups expire in the ordinary course.
8. Security
We take reasonable measures to protect the information we process, and we want to be straightforward about what those measures are today:
- Access controls and authentication. Access to the Service requires authentication, which is handled by Clerk, our identity provider.
- Team-level data isolation. The Service is built with strict team-scoped isolation, so each Team's data is segregated from every other Team's data at the application and database level.
- Reputable infrastructure. We run on established infrastructure providers (Vercel, Neon, Clerk), which apply industry-standard protections to the systems they operate.
We do not currently hold security certifications (such as SOC 2 or ISO 27001), and we do not make specific encryption claims in this policy.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we learn of a security incident affecting your personal data, we will notify affected users and Teams as required by applicable law.
9. Your Privacy Rights
We extend the following rights to all users of the Service, regardless of where you live:
- Access — ask us whether we process your personal data and receive a copy of it.
- Correction — ask us to correct inaccurate personal data.
- Deletion — ask us to delete your personal data.
- Portability — receive a copy of personal data you provided to us in a portable, machine-readable format where technically feasible.
How to exercise these rights: email support@cvgeng.com from the email address associated with your account (or provide enough information for us to verify your identity). We will respond within the timeframes required by applicable law. Note that if your account belongs to a Team, some requests (for example, deletion of Team Content) may need to be directed through or confirmed with your Team's administrator, since the Team owns its Team Content.
9.1 Texas residents — Texas Data Privacy and Security Act (TDPSA)
If you are a Texas resident, the TDPSA may give you the right to:
- Confirm whether we process your personal data and access it;
- Correct inaccuracies in your personal data;
- Delete personal data provided by or obtained about you;
- Obtain a copy of your personal data in a portable format, where feasible; and
- Opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not sell personal data, use it for targeted advertising, or engage in such profiling.
Appeals. If we decline to act on a rights request, you may appeal our decision by replying to our response or emailing support@cvgeng.com with the subject line "Privacy Appeal." We will respond to your appeal within the timeframe required by the TDPSA and explain the reasons for our decision. If your appeal is denied, you may contact the Texas Attorney General to submit a complaint.
9.2 California residents — CCPA/CPRA
If you are a California resident, and to the extent the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) applies to us, you have the right to:
- Know/access — request the categories and specific pieces of personal information we have collected about you, the sources, our purposes, and the categories of third parties with whom we share it;
- Delete — request deletion of personal information we collected from you;
- Correct — request correction of inaccurate personal information;
- Opt out of sale or sharing — direct us not to sell your personal information or share it for cross-context behavioral advertising. We do not sell personal information and do not share it for cross-context behavioral advertising; and
- Non-discrimination — not receive discriminatory treatment for exercising these rights.
To exercise these rights, email support@cvgeng.com. You may use an authorized agent to submit a request on your behalf; we may require proof of the agent's authorization and verification of your identity.
10. Cookies
The Service uses only essential cookies — session and authentication cookies set by Clerk, our authentication provider — to keep you signed in and to secure your session. These are necessary for the Service to function.
We do not use advertising cookies, and we do not use cookies to track you across other websites. If we enable product analytics (see Section 3.4), it does not use cookies.
Because we use only essential cookies, blocking them in your browser will prevent you from signing in to the Service.
11. Children's Privacy
The Service is a business tool for motorsports teams and is not directed to children under 13. Team members between 13 and 17 (for example, junior drivers) may use the Service only as described in our Terms of Service, with parent or guardian consent. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at support@cvgeng.com and we will delete it.
12. International Users and Data Transfers
Convergence is a United States company, and the Service is operated and hosted in the United States. If you use the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you understand that your information will be processed in the United States.
We do not specifically target users in the European Union or other jurisdictions outside the United States.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this policy. For material changes, we will provide reasonable notice — for example, by email to Team administrators or by a notice in the Service — before the changes take effect. Your continued use of the Service after the effective date of an updated policy means the updated policy applies to you.
14. Contact Us
For privacy questions, rights requests, or data-deletion requests:
- Email: support@cvgeng.com
- Mail: Billy Jack Racing LLC, a Texas limited liability company, doing business as Convergence Engineering, 9018 Performance Ct, Cresson, TX 76035
For questions about content ownership and your Team's rights in Team Content, please see our Terms of Service.