Privacy Policy

Vihora (“we”, “us”) is the operator of the kinematic-analysis platform at this domain. We process personal data of athletes, scouts, and supporters who use the Service. For data-protection questions contact the contact form. A formal Data Protection Officer (DPO) appointment is planned in line with GDPR Article 37 thresholds; the support address acts as our data contact in the meantime.

• Account data — email address (used for login + transactional email), display name, country, birth date, gender, athletic profile (sport, position, age group, league, club).
• Uploaded clips — short video files (5-60 seconds). Audio and EXIF/GPS metadata are stripped server-side as part of our KPS analysis pipeline before the clip becomes visible to anyone (see Section 4).
• Generated metrics — performance numbers derived from clips by our analysis pipeline.
• Activity data — follow connections, messages, notifications, log of cost-relevant events (used for billing audit, not behavioural profiling).
• Technical data — IP address (request logs), browser fingerprint (Sentry for error attribution), session cookies.

• Contract (Article 6(1)(b)) — providing the analysis + discovery service you signed up for.
• Consent (Article 6(1)(a)) — at upload time you explicitly tick consent boxes for content rights, audio strip awareness, and third-party-person consent.
• Legitimate interest (Article 6(1)(f)) — security monitoring (rate limiting, anti-spam), aggregated platform-cost visibility.

Audio strip + EXIF/GPS strip happen server-side as the first stage of our KPS analysis pipeline (which runs on dedicated GPU infrastructure). The raw upload is processed in a transient working area and the stripped version replaces it in storage before any other user (scouts, supporters, our tagger team) can view it. The window in which the original with audio exists is measured in seconds, on infrastructure no one outside engineering can read.

Why server-side and not in your browser: this is the same pattern every major video platform (YouTube, Vimeo, TikTok) uses — it's reliable across every device, doesn't depend on browser capabilities, and lives next to the same GPU pipeline that produces your metrics.

Face blur of other identifiable persons is not yet automated. Our tagger team reviews each clip and rejects ones with prominent unconsented faces. Automated face blur ships in v1.0.

• You — full access to your own data via Your profile.
• Other signed-in users — your public profile (display name, avatar, country, sport, verified clips + metrics) is visible to any signed-in user, but only after you have at least one verified clip (“discoverability” gate).
• Unauthenticated viewers — your public profile at /p/[id] is shareable without login, again only after you become discoverable.
• Followers — accepted followers get notifications when you publish new verified clips.
• Our staff (admin + tagger) — for verification, moderation, and support. Staff actions are logged in our audit trail.
• Service providers — Supabase (database + storage + auth), Vercel (web hosting), Resend (transactional email), Sentry (error logging), PostHog (product analytics, opt-in via Settings). All bound by their own data-processor agreements.

• Failed clips — auto-deleted 24 hours after final failure status.
• Rejected clips — auto-deleted 7 days after rejection (grace window for admin to undo a mis-rejection).
• Verified clips inactive 90 days — archived to Cloudflare R2 (cold storage). Athlete can request restore.
• Account deletion — when you delete your account via Your profile → Danger zone, we cascade-delete all your clips, metrics, links, follow connections, messages, and storage objects. Cost-ledger and audit-log entries are kept (with your user id removed) for accounting and regulatory traceability.

You have the right to:

• Access your data — Your profile shows everything, and you can download a full machine-readable archive any time from Settings → Privacy.
• Rectify — edit profile, re-upload clips at any time.
• Erase — delete your account from Settings → Privacy (30-day grace, then permanent), or request via support if you can't sign in.
• Restrict / object to processing — contact support.
• Data portability — the self-service export above is a structured ZIP of your profile, clips, metrics, messages, and consent history.
• Lodge a complaint with your local supervisory authority. For Croatia: Agencija za zaštitu osobnih podataka (AZOP), azop.hr.

Logged-in users can report any clip via the Report button. We target a 24-hour response window. Outcomes range from no action (unfounded report) to clip removal or account suspension depending on severity.

We use first-party cookies for session management (Supabase Auth) and opt-in analytics (PostHog). On first visit we surface a cookie banner with Accept all / Reject / Customise options; you can change your preferences any time from Settings → Privacy. No advertising or third-party tracking cookies.

We are transparent about what we do not yet have in place but plan to ship:

• Automated face blur of non-subject persons (manual tagger QA today; automated blur ships next).
• Formal DPO appointment (planned when scale triggers GDPR Article 37 thresholds).
• External pen-test, SOC 2, ISO 27001 (planned as revenue scales).
• Quarterly transparency reports (planned once scout subscriptions create regulatory interest).

Users with concerns can contact the contact form at any time.

We use the following processors to run the Service. Each handles personal data only on our instructions, under a data-processing agreement, and only to the extent their function requires:

• Supabase — database, authentication, file storage (EU region). Hosts your account, clips, and metrics.
• Vercel — web hosting + edge delivery of the application.
• SimplePod — GPU compute that runs the analysis pipeline on your uploaded clips. Clips are processed transiently and not retained on the GPU host.
• PostHog — product analytics (only when you opt in to analytics cookies).
• Stripe — payment processing for subscriptions (only if/when you subscribe). We never see or store full card numbers.

We update this list when we add or change a processor. Material changes are notified per section 12.

Many of our athletes are under 18. For anyone under 16 (the digital-consent age under GDPR Article 8 in Croatia) we require verifiable consent from a parent or legal guardian before we process their data or make their profile discoverable. A minor's clips are not analysed and their profile is not public until that consent is recorded. A guardian can withdraw consent at any time via the contact form, after which the minor's data is removed.

Our sport catalogue (leagues, teams, venues) is derived from open data: Wikidata (CC BY-SA 4.0), Wikipedia (CC BY-SA 4.0). We credit these sources in the footer of every page.

We will email registered users at least 14 days before any material change to this Policy. Continued use after the effective date constitutes acceptance.

the contact form — privacy questions, data subject requests, complaints. We also publish a Cookie Policy.