Privacy Policy

RefLight is operated by Tom Whittaker, trading as RefLight, based in the United Kingdom.

We are registered with the Information Commissioner's Office (ICO) as a data controller. ICO Registration Number: ZC120971

Contact: helloreflight@gmail.com

Website: www.ref-light.co.uk

When you use RefLight we may collect the following information:

• Video files — uploaded by you for analysis. These contain visual data of the athlete being filmed.
• Athlete information — name, weight class, and bodyweight entered voluntarily by the user at the time of analysis.
• Coach notes — any optional context you type into the coach notes field.
• Email address — collected when you register an account, contact us, or purchase a credit pack. Your email address is stored in our secure database to manage your account and credit balance.
• Payment information — handled entirely by Stripe. We do not store card details.
• Technical data — basic server logs including IP address and request timestamps, retained for security purposes.

We use the data we collect for the following purposes:

• To analyse the uploaded video and generate a technique assessment report
• To process payment for credit packs via Stripe
• To respond to support enquiries sent to helloreflight@gmail.com
• To maintain the security and integrity of our service

We do not use your data for advertising, profiling, or any purpose beyond delivering the RefLight service.

When you upload a video for analysis, the following process occurs:

1. The video is uploaded to our secure server for processing
2. Key frames are extracted from the video for AI analysis
3. The original video file is deleted immediately after frame extraction
4. Extracted frames are sent to the Anthropic Claude API for analysis. Anthropic's API does not use data for model training and deletes API logs within 7 days. Frames are not retained beyond this window.
5. The analysis report is returned to you in the browser session only

We do not store, archive, or retain video footage. No video data is shared with third parties beyond the frame extraction process described above.

AI model training: Your video and extracted frames are never used to train AI models. RefLight uses the Anthropic Claude API under Commercial Terms, which explicitly prohibit the use of API data for model training. This is confirmed by Anthropic's API policy, which states that API inputs and outputs are not used for training purposes.

Athlete names and session details entered at the time of analysis are used only to generate the report and are not stored in any database.

Under UK GDPR, we rely on the following legal bases for processing personal data:

• Contract — processing necessary to deliver the analysis service you have paid for or requested
• Legitimate interests — server security logs and maintaining the integrity of the service
• Consent — where you voluntarily provide optional information such as coach notes or athlete details

We use a small number of trusted third-party services to deliver RefLight:

• Anthropic (Claude API) — extracted frames are sent to Anthropic's Claude API for AI analysis. Anthropic's API is governed by their Commercial Terms, which explicitly exclude API data from model training. API data is never used to train Anthropic's AI models. Anthropic retains API logs for a maximum of 7 days for security purposes, after which they are permanently deleted. Frames sent via the API are not retained beyond this window and are never used for model training or any other purpose.
• Railway — our hosting provider. Video files are temporarily processed on Railway's servers and deleted immediately after frame extraction.
• Stripe — payment processing. Stripe handles all card data. We never see or store your payment details. Stripe is PCI DSS compliant.

We do not sell, rent, or share your personal data with any other third parties.

• Video files — deleted immediately after frame extraction (within seconds of upload)
• Extracted frames — not retained after analysis is complete
• Athlete details entered at analysis — not stored in our database. Athlete name, weight class, and session details are used only to generate the report and are not retained after your session ends
• Email correspondence — retained for as long as necessary to resolve your enquiry, then deleted
• Payment records — retained by Stripe in accordance with their data retention policy and applicable financial regulations
• Server logs — retained for up to 30 days for security purposes, then deleted
• Account data (email address and credit balance) — retained for as long as your account is active. You can request deletion at any time by contacting helloreflight@gmail.com

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate data
• Right to erasure — you can ask us to delete your personal data
• Right to restrict processing — you can ask us to limit how we use your data
• Right to data portability — you can request your data in a portable format
• Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, contact us at helloreflight@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

RefLight does not use tracking cookies or advertising cookies. We do not use Google Analytics or any third-party analytics platform.

Stripe may set cookies during the payment process in accordance with their own cookie policy.

If you have any questions about this privacy policy or how we handle your data, please contact us:

• Email: helloreflight@gmail.com
• Website: www.ref-light.co.uk

We aim to respond to all data protection enquiries within 5 working days.