Cookie Policy

10s Vision Cookie and Similar Technologies Policy

Effective date: [EFFECTIVE DATE]

Last updated: [LAST UPDATED DATE]

This Policy explains how [FULL LEGAL ENTITY NAME], trading as 10s Vision, uses cookies and similar technologies on the 10s Vision website, progressive web application and related online services.

It should be read with the 10s Vision Privacy Policy.

1. What cookies and similar technologies are

Cookies are small text files stored on a browser or device. Similar technologies include local storage, session storage, software development kits, pixels, tags, device identifiers and scripts that read or write information on a user's device.

These technologies may be used to keep a user signed in, protect the service, remember settings, manage a video upload, process a payment, measure service performance or understand how optional features are used.

2. Our consent approach

We divide technologies into:

  • Strictly necessary: required to provide a feature expressly requested by the user, maintain security, authenticate an account, remember privacy choices, process a payment or keep an upload session functioning. Where the legal exemption applies, these operate without optional consent.
  • Functional: remember optional preferences or enable convenience features that are not strictly necessary.
  • Analytics: help us understand product usage, diagnose journeys and improve performance.
  • Advertising or cross-site tracking: used to personalize advertising or track users across unrelated services.

At launch, 10s Vision should not use advertising or cross-site behavioral-tracking cookies. If this changes, this Policy and the consent interface must be updated before activation.

Where consent is required, optional functional, analytics and advertising technologies will remain off until the user chooses them. Refusing optional technologies will not block the core tennis-analysis service.

The first layer of the consent banner must offer equally accessible choices to:

  • Accept optional cookies;
  • Reject optional cookies; and
  • Manage choices.

No optional category may be pre-selected. A user can withdraw or change consent at any time through the persistent Cookie Settings link in the footer or account settings. Withdrawal must be as easy as giving consent.

3. Recommended first-layer banner text

Your privacy choices
We use necessary technologies to sign you in, secure 10s Vision and process video uploads. With your permission, we also use optional analytics to understand product performance. Select “Accept optional”, “Reject optional” or “Manage choices”. You can change your choice at any time.

Buttons:

  • Accept optional
  • Reject optional
  • Manage choices

Do not use misleading colors, pre-ticked boxes, hidden rejection controls or wording that suggests optional cookies are required.

4. Cookie and technology register

The production register must be generated from the live implementation and updated whenever a vendor, cookie name, duration or purpose changes. Do not publish a vendor merely because it appears in the technical plan; publish it only if it is actually deployed.

The following is a recommended launch inventory for first-party technologies controlled by 10s Vision. Names may be adjusted during implementation, but the final policy must list the deployed names accurately.

| Name or storage key | Provider | Purpose | Category | Typical duration | |---|---|---|---|---| | 10sv_cookie_choices | 10s Vision | Records consent categories and policy version | Strictly necessary | 6-12 months | | 10sv_session | 10s Vision / authentication provider | Maintains an authenticated session | Strictly necessary | Session or up to 30 days if “remember me” is selected | | 10sv_csrf | 10s Vision | Protects forms and account actions against request forgery | Strictly necessary | Session | | 10sv_upload_state | 10s Vision | Preserves an active trim, upload or analysis workflow | Strictly necessary | Up to 24 hours | | 10sv_units | 10s Vision | Remembers metric or imperial display preference | Functional | 12 months | | 10sv_onboarding | 10s Vision | Remembers completion of optional onboarding | Functional | 12 months |

The following rows must be completed only if the relevant services are deployed:

| Technology | Provider | Purpose | Category | Duration / transfer information | |---|---|---|---|---| | [AUTHENTICATION COOKIE OR LOCAL-STORAGE KEY] | [SUPABASE OR OTHER PROVIDER] | Authentication and token refresh | Strictly necessary | [DURATION] | | [PAYMENT/FRAUD TECHNOLOGY] | [STRIPE OR OTHER PROVIDER] | Payment processing and fraud prevention | Strictly necessary where applicable | [DURATION] | | [ERROR-MONITORING IDENTIFIER] | [SENTRY OR OTHER PROVIDER] | Error diagnosis and service security | [NECESSARY OR ANALYTICS AFTER REVIEW] | [DURATION] | | [PRODUCT-ANALYTICS IDENTIFIER] | [POSTHOG OR OTHER PROVIDER] | Optional product analytics | Analytics | [DURATION] | | [CDN/LOAD-BALANCER COOKIE] | [AWS OR OTHER PROVIDER] | Traffic routing, availability and security | Strictly necessary | [DURATION] | | [SUPPORT-CHAT COOKIE] | [PROVIDER] | Optional support chat | Functional or analytics | [DURATION] |

For each third-party provider, the live register should identify whether data may be processed outside the EEA and link to the relevant provider information.

5. Strictly necessary technologies

Strictly necessary technologies may be used to:

  • establish and maintain a secure session;
  • authenticate a user;
  • prevent fraud and cross-site request forgery;
  • remember cookie choices;
  • manage the selected video, trim window and upload state;
  • route traffic and maintain service availability;
  • deliver a user-requested download;
  • retain the contents of a shopping basket or selected plan; and
  • process a payment and meet fraud-prevention requirements.

Disabling these through browser settings may prevent the service from functioning.

6. Functional technologies

Functional technologies may remember:

  • metric or imperial units;
  • language;
  • interface density;
  • overlay choices;
  • playback speed;
  • onboarding completion; and
  • accessibility preferences.

Where applicable law requires consent because the preference is not essential to a requested feature, the technology must remain off until selected.

7. Analytics technologies

Optional analytics may help us understand:

  • whether upload and calibration flows work;
  • how long processing takes;
  • where users encounter errors;
  • which dashboard views are used;
  • aggregate retention and conversion trends; and
  • performance by device class or browser.

Configure analytics to minimize data. Avoid collecting raw video, names, email addresses, free-text support content, precise location or full IP addresses unless strictly necessary and lawfully justified. Do not send video-frame images to a product-analytics provider.

Analytics must not be activated before consent where consent is legally required.

8. Error monitoring and security

Error and security tools should be configured to redact:

  • video URLs and signed tokens;
  • account passwords and authentication tokens;
  • payment information;
  • video file names where they contain personal data;
  • raw request bodies containing user content; and
  • unnecessary IP or device identifiers.

Whether a specific error-monitoring technology is strictly necessary or optional depends on its configuration and purpose. Complete a documented assessment before assigning its category.

9. Mobile applications and SDKs

If 10s Vision releases a native mobile application, this Policy also applies to SDKs and device storage that perform equivalent functions. The mobile privacy controls must provide the same meaningful choices as the website where consent is required.

Device permissions, such as access to photos, camera, microphone or notifications, must be requested just in time and only when needed. A device permission is not a substitute for GDPR consent where GDPR consent is required for a separate processing purpose.

10. Managing choices

Users may manage technologies through:

  • the Cookie Settings link;
  • account privacy settings;
  • browser cookie and site-data controls;
  • mobile operating-system permissions; and
  • provider-specific opt-out controls where applicable.

Blocking all cookies may sign the user out, erase preferences or prevent uploads and payments.

Deleting cookies does not necessarily delete server-side personal data. Requests concerning server-side data should be made under the Privacy Policy.

11. Consent records

We may record:

  • consent categories;
  • date and time;
  • policy and banner version;
  • region;
  • truncated or pseudonymous device identifier; and
  • withdrawal or change history.

We retain these records for a period reasonably necessary to demonstrate compliance and resolve disputes, normally [5 YEARS OR OTHER LOCAL PERIOD], then delete or anonymize them.

12. Changes to this Policy

We may update this Policy when technologies, vendors or legal requirements change. The current version will show its effective date. Where a change requires a new consent, we will request it before activating the relevant technology.

13. Contact

Questions about cookies or privacy choices may be sent to [FULL LEGAL ENTITY NAME], [REGISTERED ADDRESS], at [PRIVACY EMAIL].