Legal

Privacy Policy

Last updated: June 2026

Who we are

RefCoach is operated by David Resch (sole trader). For the personal data you provide to us through the service, we act as the data controller.

What we collect and why

• Account data (email, display name, Google profile basics if you sign in with Google) — to create and secure your account. Legal basis: contract performance.
• Content you create (referee profiles, evaluations, clips, scores, uploaded videos, pasted video links) — to deliver the core service. Legal basis: contract performance.
• Usage and device data (basic request logs, IP address, browser, error traces) — to keep the service running, prevent fraud and abuse, and debug issues. Legal basis: legitimate interests.
• Support messages you send us — to respond to your requests. Legal basis: legitimate interests.
• Billing metadata (plan, subscription status, customer ID at our payment provider). We do not store your card or bank details — those are handled entirely by Paddle. Legal basis: contract performance and legal obligation.

Who we share data with

• Lovable Cloud / Supabase — hosting, database, file storage (EU region by default).
• Google (Gemini, via Lovable AI Gateway) — AI processing of the prompts and clip excerpts you submit. Your content is not used to train AI models.
• Paddle.com — our Merchant of Record for sales, subscription management, payments, tax compliance, and invoicing. Paddle becomes a separate data controller for the payment data it collects from you.
• Professional advisers (legal, accounting) and authorities where required by law.

We don't sell your data, and we don't share it with advertising networks.

Storage and security

Data is stored on Lovable Cloud (Supabase infrastructure, EU region by default). Uploaded videos sit in a private bucket and are only reachable via your account or expiring share links. We use industry-standard technical and organisational measures including encryption in transit and at rest, scoped database access, and row-level security to keep your data separated from other users'.

International transfers

Some of our processors (e.g. Google) may process data outside the EEA/UK. Where that happens, transfers are protected by Standard Contractual Clauses or an equivalent legal mechanism.

Retention

We keep your content for as long as your account is active. When you delete your account, your content is deleted within 30 days, except where we are legally required to retain it (e.g. billing records, which Paddle retains under tax law).

Your rights

Under GDPR and equivalent laws you have the right to: access your data, correct it, erase it, restrict or object to processing, port it to another service, withdraw consent where we rely on it, and lodge a complaint with your supervisory authority. You can delete your account and export your data from Settings, or contact us via the in-app feedback widget. We respond within one month.

Sharing reports

Share links you generate are accessible to anyone who has the link (Pro users can add a password and expiry). Don't share links with people who shouldn't see the report.

Cookies

We use essential cookies and local storage to keep you signed in and to remember your preferences. No analytics, tracking, or advertising cookies. Paddle may set its own cookies during checkout, governed by their privacy notice.

Changes

We'll post updates here and update the "Last updated" date above. Material changes will be notified in-app or by email.

← Back to RefCoach