Legal

Privacy Policy

Last updated: 29 April 2026

This policy explains how draib ("we", "us") collects, uses, and protects your personal data when you use our website and PWA. We've tried to keep it short and concrete — no boilerplate.

1. Who we are

draib provides AI-powered motion analysis for racket sports athletes and coaches. You can reach us at hello@draib.app.

2. What we collect

Account

  • Email address and password. Passwords are hashed by our authentication provider — we never see them in plaintext.
  • Profile details you provide: sport, skill level, handedness, goals, and an optional avatar.

Content you upload

  • Video clips of your strokes.
  • Audio voice notes (Coach plan).
  • Text notes and side-by-side comparisons you create.

Derived data

  • Pose landmarks extracted from your clips on-device in your browser by MediaPipe BlazePose. Landmarks only leave your device when you save a session.
  • AI-generated coaching reports produced from selected video frames and structured prompts.

Coach-tier data

  • Coach–student relationships, invite tokens, and student notebooks. Only available on the Coach plan and only between users who have explicitly accepted the link.

Billing

  • A Stripe customer ID and your subscription status. Card details are entered directly with Stripe — we never see or store them.

Technical

  • IP address, browser type, and basic device information automatically collected by our hosting provider for security and operations.

3. How we use your data

  • Provide the service — analyze your videos, generate coaching reports, save your sessions, comparisons, and notes.
  • Manage your account, authentication, and subscription.
  • Send service-critical email about account changes, billing, and security.
  • Diagnose bugs and improve the product.

We do not sell your data, run advertising on it, or share it with data brokers.

4. Legal basis (GDPR)

If you are in the EU or UK, we rely on the following lawful bases:

  • Performance of a contract — to deliver the service you signed up for.
  • Legitimate interests — security, anti-abuse, and service improvement.
  • Consent — for any optional marketing communication. You can withdraw consent at any time.
  • Legal obligation — for tax, accounting, and regulatory compliance.

5. Who we share data with (sub-processors)

draib relies on trusted third-party services to run the product. We share the minimum data necessary for each to do its job:

  • Supabase — authentication, Postgres database, and file storage for your videos, notes, and audio.
  • Stripe — payment processing and subscription management. Card data is collected and stored by Stripe directly, under their PCI DSS scope.
  • OpenAI — generation of structured coaching reports. We send selected video frame images and a prompt. Per OpenAI's API policy, this data is not used to train their models by default.
  • Vercel — hosting. Receives standard request logs (IP, headers) for operations and security.

6. Where your data is stored

Data is stored on our sub-processors' infrastructure, primarily in the European Union and the United States. International transfers are governed by the Standard Contractual Clauses (SCCs) where applicable.

7. How long we keep it

  • Account and content data: kept while your account is active. When you delete your account, we delete or anonymize your content within 30 days, except where retention is required by law.
  • Billing records: kept for the period required by tax law (typically up to 7 years in the EU).
  • Server logs: rotated within 30 days unless retained for security investigations.

8. Your rights

Under the GDPR and similar laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated content.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time, where consent is the basis.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at hello@draib.app. We respond within 30 days.

9. Cookies and tracking

We use first-party cookies strictly for authentication and to keep you signed in. We do not use third-party advertising or analytics cookies.

10. Children

draib is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal data from children below that age. If you believe a child has signed up, contact us and we will delete the account.

11. Security

Connections are encrypted with TLS. Passwords are hashed by our authentication provider. Internal access to your data is restricted to what is needed to operate the service. No system is perfectly secure — please use a strong, unique password and enable any additional protections we offer.

12. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated by email and reflected in the "Last updated" date above.

13. Contact

Questions, concerns, or requests: hello@draib.app.