Privacy Policy

RefLight is operated by Tom Whittaker, trading as RefLight, based in the United Kingdom.

We are registered with the Information Commissioner's Office (ICO) as a data controller. ICO Registration Number: [PENDING — TO BE ADDED ON RECEIPT]

Contact: helloreflight@gmail.com

Website: www.ref-light.co.uk

When you use RefLight we may collect the following information:

• Video files — uploaded by you for analysis. These contain visual data of the athlete being filmed.
• Athlete information — name, weight class, and bodyweight entered voluntarily by the user at the time of analysis.
• Coach notes — any optional context you type into the coach notes field.
• Email address — collected when you contact us or purchase a credit pack.
• Payment information — handled entirely by Stripe. We do not store card details.
• Technical data — basic server logs including IP address and request timestamps, retained for security purposes.

We use the data we collect for the following purposes:

• To analyse the uploaded video and generate a technique assessment report
• To process payment for credit packs via Stripe
• To respond to support enquiries sent to helloreflight@gmail.com
• To maintain the security and integrity of our service

We do not use your data for advertising, profiling, or any purpose beyond delivering the RefLight service.

When you upload a video for analysis, the following process occurs:

1. The video is uploaded to our secure server for processing
2. Key frames are extracted from the video for AI analysis
3. The original video file is deleted immediately after frame extraction
4. Extracted frames are sent to the Anthropic Claude API for analysis and are not retained after the report is generated
5. The analysis report is returned to you in the browser session only

We do not store, archive, or retain video footage. No video data is shared with third parties beyond the frame extraction process described above.

Athlete names and session details entered at the time of analysis are used only to generate the report and are not stored in any database.

Under UK GDPR, we rely on the following legal bases for processing personal data:

• Contract — processing necessary to deliver the analysis service you have paid for or requested
• Legitimate interests — server security logs and maintaining the integrity of the service
• Consent — where you voluntarily provide optional information such as coach notes or athlete details

We use a small number of trusted third-party services to deliver RefLight:

• Anthropic (Claude API) — extracted frames are sent to Anthropic's API for AI analysis. Anthropic processes this data in accordance with their privacy policy and API terms. Frames are not retained by Anthropic beyond the API request.
• Railway — our hosting provider. Video files are temporarily processed on Railway's servers and deleted immediately after frame extraction.
• Stripe — payment processing. Stripe handles all card data. We never see or store your payment details. Stripe is PCI DSS compliant.

We do not sell, rent, or share your personal data with any other third parties.

• Video files — deleted immediately after frame extraction (within seconds of upload)
• Extracted frames — not retained after analysis is complete
• Athlete details entered at analysis — not stored; exist only in your browser session
• Email correspondence — retained for as long as necessary to resolve your enquiry, then deleted
• Payment records — retained by Stripe in accordance with their data retention policy and applicable financial regulations
• Server logs — retained for up to 30 days for security purposes, then deleted

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate data
• Right to erasure — you can ask us to delete your personal data
• Right to restrict processing — you can ask us to limit how we use your data
• Right to data portability — you can request your data in a portable format
• Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, contact us at helloreflight@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

RefLight does not use tracking cookies or advertising cookies. We do not use Google Analytics or any third-party analytics platform.

Stripe may set cookies during the payment process in accordance with their own cookie policy.

If you have any questions about this privacy policy or how we handle your data, please contact us:

• Email: helloreflight@gmail.com
• Website: www.ref-light.co.uk

We aim to respond to all data protection enquiries within 5 working days.