Privacy Policy

10s Vision Privacy Policy

Effective date: [EFFECTIVE DATE]

Last updated: [LAST UPDATED DATE]

Controller: [FULL LEGAL ENTITY NAME], trading as 10s Vision ("10s Vision", "we", "us" or "our")

Registered address: [REGISTERED ADDRESS]

Company registration number: [COMPANY NUMBER]

Privacy contact: [PRIVACY EMAIL]

Data Protection Officer, if appointed: [DPO NAME OR TITLE AND EMAIL]

EU representative, if required: [EU REPRESENTATIVE NAME, ADDRESS AND EMAIL]

1. Important summary

10s Vision provides video-based tennis analytics. Users may upload a tennis video of up to 59 seconds so that the service can estimate and display player movement, court-position heat maps, distance covered, player speed, step count, split-step events, ball-bounce locations, racket-contact events and estimated ball speed.

The following points are especially important:

  • Uploaded videos are private by default and are processed only to provide the requested analysis, operate and secure the service, comply with law, and for any other purpose clearly described in this Policy.
  • We do not use facial recognition, create facial templates, or attempt to identify people shown in videos.
  • We do not use a user's raw video to train general-purpose or shared machine-learning models unless the user gives a separate, specific and optional opt-in permission.
  • The uploader is responsible for ensuring that the recording and its upload are lawful, that all required notices, permissions and consents have been obtained, or that no such third-party consent or permission is legally required.
  • People shown in a video uploaded by another person may contact us to exercise applicable data-protection rights.
  • Our default raw-video retention period is [7 DAYS AFTER ANALYSIS], unless the user selects a shorter period, a longer permitted period, or applicable law requires otherwise.

This summary does not replace the full Policy below.

2. Scope

This Privacy Policy explains how we process personal data when a person:

  • visits the 10s Vision website or progressive web application;
  • creates or administers an account;
  • uploads, records, imports, trims, calibrates, analyzes, views, exports or shares a video;
  • appears in a video uploaded by another user;
  • purchases a subscription, analysis credit or other service;
  • contacts support, responds to a survey or communicates with us; or
  • interacts with our business, club, academy, coach or tournament services.

This Policy applies to the 10s Vision consumer service and to personal data for which 10s Vision acts as controller. Where a club, academy, team, coach, tournament, employer or other organization uses a business account and determines why videos are analyzed, that organization may be the controller and 10s Vision may process the video and derived analytics as its processor under a data processing agreement. In that situation, the organization's own privacy notice also applies.

Controller and processor roles are determined by the actual facts and applicable law. Contract labels do not override those legal roles.

3. Categories of people whose data we process

We may process personal data relating to:

  • account holders and prospective users;
  • players, opponents, doubles partners, coaches, officials, ball persons, spectators and other people who appear in uploaded footage;
  • parents and legal guardians;
  • staff and authorized users of clubs, academies, teams and tournaments;
  • payers and billing contacts;
  • support contacts and people submitting rights or infringement requests; and
  • website and application visitors.

4. Personal data we collect

4.1 Account and profile data

This may include name, email address, password hash or authentication identifier, profile image, preferred language, country, time zone, unit preference, account type, organization, role, subscription status and notification preferences.

4.2 Uploaded video and audio

This may include:

  • the video file and any embedded audio;
  • visible faces, bodies, clothing, equipment and surroundings;
  • player movement, posture, pose, gait and foot placement;
  • court, venue, tournament, scoreboard and match information;
  • voices, racket impacts, ball bounces and ambient sound;
  • file metadata, including duration, resolution, frame rate, codec, timestamps, device metadata and rotation; and
  • user-selected crop, trim, court-calibration points, selected player and point labels.

A video may contain personal data of people who do not have a 10s Vision account. Users must not upload covert, unlawful or improperly obtained recordings.

4.3 Derived tennis-analysis data

Our systems may generate:

  • player coordinates and movement trajectories;
  • time-spent, distance-covered and speed-intensity heat maps;
  • estimated distance covered, lateral movement and forward/backward movement;
  • estimated average and peak player speed;
  • average court depth, furthest depth and court-position ranges;
  • estimated steps, foot contacts, split-step events, step rate and distance per step;
  • ball tracks, bounce locations, in/out estimates and bounce depth;
  • estimated racket-contact events and player position at contact;
  • estimated ball travel time, post-bounce speed and incoming speed;
  • confidence scores, quality warnings and missing-data indicators;
  • manually corrected events and calibration information; and
  • annotated videos, image summaries, CSV files and JSON outputs.

These are estimates generated from computer vision and physics-based models. They are not biometric identity profiles, medical measurements, officiating decisions or radar-grade speed measurements.

4.4 Payment and transaction data

Payment providers may process card or bank details. We ordinarily receive transaction identifiers, payment status, billing country, product, amount, currency, tax information and limited card information such as card brand and last four digits. We do not intend to store complete payment-card numbers.

4.5 Device, usage and security data

This may include IP address, device and browser type, operating system, application version, language, time zone, referring page, pages viewed, button interactions, crash logs, upload diagnostics, authentication events, security events, approximate location derived from IP, and identifiers stored through cookies or similar technologies.

4.6 Communications and support data

This may include emails, chat messages, support requests, survey responses, feedback, attached files, call notes and records of complaints or rights requests.

4.7 Consent, rights and compliance records

We may retain records of:

  • acceptance of the Terms of Use;
  • per-upload rights and consent attestations;
  • cookie choices and marketing preferences;
  • parental or guardian authorizations where applicable;
  • privacy notices supplied to third parties;
  • data-subject requests and our response;
  • content-rights complaints;
  • business-customer instructions; and
  • legal holds, audit logs and compliance decisions.

5. Sources of personal data

We obtain personal data:

  • directly from a user;
  • from a video uploaded by a user or business customer;
  • from an account administrator, parent, guardian, coach, club or organization;
  • automatically from a device, browser, application or security system;
  • from payment, authentication, hosting, analytics and support providers;
  • from publicly available sources where needed to investigate fraud, rights complaints or misuse; and
  • from another person who submits a complaint or rights request.

6. Purposes and lawful bases

We process personal data only where we have a lawful basis. The basis depends on the data, purpose and person concerned.

| Purpose | Typical data | Lawful basis | |---|---|---| | Create and administer an account | Account, profile and authentication data | Performance of a contract; steps requested before entering a contract | | Upload, trim, calibrate and analyze a user's own video | Video, audio, calibration and derived analytics | Performance of a contract | | Process incidental personal data of other people shown in a privately analyzed video | Video, audio and derived analytics | Legitimate interests where available following a documented necessity and balancing assessment; consent or another lawful basis where required; processor instructions for eligible business accounts | | Generate and deliver heat maps, movement, step, bounce, contact and speed results | Video and derived analytics | Performance of a contract; legitimate interests for quality and reliability where appropriate | | Secure accounts, prevent fraud and investigate abuse | Account, device, logs, video and compliance records | Legitimate interests; legal obligation where applicable | | Process payments, taxes, refunds and accounting | Account and transaction data | Performance of a contract; legal obligation | | Provide support and respond to requests | Account, communication and analysis data | Performance of a contract; legitimate interests; legal obligation for statutory rights requests | | Maintain service reliability and diagnose errors | Device, logs and limited service data | Legitimate interests; consent where a non-essential terminal-storage technology requires it | | Optional product analytics | Cookie and usage data | Consent where required by ePrivacy or national law | | Improve models using a user's raw video | Raw video and labels | Separate, specific and optional consent; no conditioning of the core service on this consent | | Improve systems using aggregated or effectively de-identified statistics | Aggregated system and performance data | Legitimate interests, provided the data no longer identifies a person | | Send marketing communications | Contact and preference data | Consent, or legitimate interests only where permitted by applicable electronic-marketing law | | Establish, exercise or defend legal claims | Relevant account, content, log and communication data | Legitimate interests; legal obligation | | Comply with court orders, law-enforcement requests and regulatory duties | Relevant data | Legal obligation; legitimate interests where appropriate |

6.1 Legitimate interests involving third-party video data

Where we rely on legitimate interests to process people incidentally shown in an uploaded tennis video, our interests are to provide a private, user-requested sports-analysis service, secure that service, detect misuse and resolve complaints. We use safeguards intended to reduce impact, including short raw-video retention, private-by-default access, no facial recognition, no identity matching, data minimization, per-upload warranties, restricted sharing, event-level confidence, and rights-request procedures.

Legitimate interests are not available automatically. We must consider necessity, reasonable expectations and impact. Where the balance does not support processing, or consent is required by applicable law, the uploader must not submit the video unless the appropriate lawful basis, notices and permissions are in place.

6.2 Special-category data

We do not design the service to identify or infer racial or ethnic origin, political opinions, religion, trade-union membership, genetic information, biometric identity, health status, sex life or sexual orientation. A video may incidentally reveal information of this nature. Users must not upload video for the purpose of inferring sensitive characteristics. If a proposed business use intentionally involves special-category data, the customer must contact us before use and establish an applicable condition under Article 9 GDPR or other applicable law.

7. How the automated analysis works

The service may automatically:

  1. inspect media metadata and video quality;
  2. detect and calibrate visible tennis-court lines;
  3. detect and track the selected near-side player;
  4. estimate foot position and pose landmarks;
  5. map image pixels to calibrated court coordinates;
  6. estimate movement, distance, speed, court depth and steps;
  7. track the ball over sequential frames;
  8. estimate bounce and racket-contact events;
  9. fit a constrained trajectory to estimate ball speed; and
  10. render an annotated video and dashboard.

The service may exclude low-confidence frames or mark a metric unavailable. Users may be able to correct court anchors, player selection, bounces and contacts.

The service does not make decisions that produce legal effects or similarly significant effects concerning a person. The analysis is informational and must not be used as the sole basis for employment, education, insurance, medical, disciplinary, eligibility, betting, officiating or other high-impact decisions.

8. No facial recognition or biometric identification

We may detect a person's body, pose or foot position to calculate tennis movement. We do not use facial recognition, compare a face against an identity database, create a reusable facial template, or identify an unknown person. We do not sell or license identity profiles.

If future functionality would materially change this position, we will complete an appropriate legal and risk assessment, update this Policy and obtain any consent required before enabling it.

9. People appearing in a video uploaded by someone else

If you appear in a video uploaded by another person, we may have received your image, voice and movement data indirectly from that uploader. The uploader is required by our Terms to have all necessary rights and to provide any privacy notice or obtain any consent required by law.

You may contact [PRIVACY EMAIL] to request information, access, objection, restriction or deletion, subject to applicable law. To help us find the relevant video without collecting unnecessary data, provide as much of the following as reasonably possible:

  • uploader or organization name;
  • approximate upload or match date;
  • court or event;
  • timestamp or screenshot;
  • a description of where you appear; and
  • the right you wish to exercise.

We may need to verify identity. We may also need to protect the rights of other people in the footage, for example by providing a redacted extract rather than an unredacted copy. We may ask the uploader or business customer for assistance. If a business customer is the controller, we may direct the request to that customer and support it under our data processing agreement.

10. User responsibilities concerning other people

A user who uploads a video containing another person must, where applicable:

  • have a lawful basis for recording, possessing, uploading, analyzing and sharing the footage;
  • provide required privacy information to the people shown;
  • obtain valid consent, guardian authorization, release or venue permission where required;
  • ensure that no third-party consent or permission is legally required if relying on that position;
  • comply with image, publicity, confidentiality, copyright, employment, sports, venue, broadcast and platform rules;
  • avoid including unnecessary spectators, minors or sensitive information;
  • use cropping or masking where appropriate; and
  • cooperate with rights requests and complaints.

Our acceptance of an upload does not confirm that the uploader has complied with law.

11. Sharing personal data

We may share personal data with:

11.1 Service providers and subprocessors

These may include providers of:

  • cloud hosting and object storage;
  • GPU computing and job queues;
  • authentication and database services;
  • video transcoding and content delivery;
  • payment processing and fraud prevention;
  • customer support and email;
  • error monitoring, security and optional analytics;
  • consent management;
  • legal, accounting and professional advice; and
  • data deletion, backup and disaster recovery.

A current subprocessor list should be published at [SUBPROCESSOR URL]. Business customers may receive notice of relevant changes as stated in their data processing agreement.

11.2 Account administrators and authorized recipients

If an account belongs to a club, team, academy or organization, its authorized administrators may access account data, videos and analyses according to assigned permissions.

11.3 User-directed sharing

We may disclose a video or analysis through a private share link, export, coach invitation or integration when the user instructs us to do so. The user is responsible for selecting appropriate recipients and settings.

11.4 Legal and safety disclosures

We may disclose data where reasonably necessary to comply with law, court process or valid government requests; protect rights or safety; investigate fraud or abuse; respond to a content or privacy complaint; or establish, exercise or defend legal claims.

11.5 Corporate transactions

Data may be disclosed in connection with due diligence, financing, merger, acquisition, reorganization or sale, subject to confidentiality and applicable law.

We do not sell personal data for money. We do not share raw videos for third-party behavioral advertising.

12. International transfers

Our providers may process data outside the European Economic Area. Where required, we use an applicable transfer mechanism, such as an adequacy decision, the European Commission's Standard Contractual Clauses, supplementary measures, or another lawful safeguard. Details of the relevant safeguard may be requested at [PRIVACY EMAIL], subject to redaction of confidential information.

13. Retention

We retain data only for as long as necessary for the relevant purpose, taking account of user choices, contractual requirements, security, legal obligations and claims.

Recommended launch schedule, to be confirmed against the deployed system:

| Data | Default retention | |---|---| | Raw uploaded video | Delete immediately after analysis if selected; otherwise [7 days] after completion; maximum user-selectable period [30 days] unless a business contract states otherwise | | Temporary analysis proxy and extracted frames | [24-72 hours] after completion or failure | | Annotated video and image exports | Until the user deletes the analysis, closes the account, or after [12 months of account inactivity], subject to notice | | Derived metrics and event data | Until the user deletes the analysis or account, unless retained in aggregated non-identifying form | | Failed or abandoned uploads | [24-72 hours] | | Account data | During the account and [30 days] after closure, except required records | | Security and audit logs | Typically [12 months], longer where an investigation or legal obligation requires | | Billing and tax records | The period required by applicable accounting and tax law | | Consent and rights-request records | As needed to demonstrate compliance and resolve claims, typically [5-7 years] subject to local law | | Backups | Rotated and overwritten within [30-90 days], unless subject to legal hold |

When data is deleted from active systems, residual copies may remain in encrypted backups until overwritten. We may retain information where required for legal claims, fraud prevention, regulatory obligations or a lawful preservation request.

14. Security

We use technical and organizational measures appropriate to the risk, which may include:

  • encryption in transit and at rest;
  • private object storage;
  • short-lived signed upload and download links;
  • role-based access and least privilege;
  • multi-factor authentication for privileged access;
  • separation of customer data;
  • access logging and monitoring;
  • secure software-development practices;
  • vulnerability and dependency management;
  • incident-response procedures;
  • retention and deletion automation;
  • vendor due diligence and data-processing agreements; and
  • employee confidentiality and access controls.

No system is completely secure. Users must protect account credentials and notify us promptly of suspected compromise.

15. Data-protection rights

Subject to conditions and exceptions in applicable law, a person may have the right to:

  • be informed about processing;
  • access personal data and receive a copy;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • receive certain data in a portable format;
  • object to processing based on legitimate interests;
  • withdraw consent at any time, without affecting prior lawful processing;
  • object to direct marketing; and
  • lodge a complaint with a supervisory authority.

Submit a request to [PRIVACY EMAIL] or through [PRIVACY REQUEST PORTAL]. We normally respond within one month, although the period may be extended where legally permitted for complex or numerous requests. We may request information necessary to verify identity and locate the relevant data.

Some rights may not apply in all circumstances. For example, we may retain data needed to comply with law or defend legal claims. Where 10s Vision acts solely as processor, we will generally refer the request to the relevant controller and assist it.

16. Objection to legitimate-interest processing

A person may object to processing based on legitimate interests for reasons relating to that person's particular situation. We will stop the relevant processing unless we demonstrate compelling legitimate grounds that override the person's interests, rights and freedoms, or the processing is needed for legal claims.

A person may object to direct marketing at any time, and we will stop using that person's data for that purpose.

17. Marketing communications

Marketing email is optional. Users may unsubscribe through the message or account settings. Service, security, billing and legal notices are transactional and may continue while an account remains active.

18. Cookies and similar technologies

We use cookies, local storage, SDKs and similar technologies as described in the 10s Vision Cookie Policy. Strictly necessary technologies are used to operate and secure the service. Optional analytics or marketing technologies are not activated where consent is required until the user makes an affirmative choice.

19. Children and minors

The consumer account service is intended for people aged [18] or older. A person below that age may use the service only through an account created and controlled by a parent or legal guardian, or through an authorized organization with an appropriate lawful basis and guardian permissions.

Users must not upload a video of a minor unless they have legal authority and all notices, consents, releases and safeguarding approvals required by applicable law, sports rules, school or club policies, and venue requirements. We may request evidence and may delete or suspend processing where authority is unclear.

If you believe a minor's data has been processed improperly, contact [PRIVACY EMAIL].

20. Model training and product research

We will not use a raw user video to train a model shared across customers unless the user has given a separate, specific, informed and revocable opt-in permission or another lawful basis clearly disclosed before collection applies.

Refusing model-training consent will not prevent use of the core paid or free analysis service. A user may withdraw training consent prospectively. Where technically feasible, we will remove unincorporated source files from future training pipelines. Withdrawal may not make it possible to remove statistical influence from a model already lawfully trained, and any such limitation will be clearly explained at the time consent is requested.

We may use aggregated or effectively de-identified operational statistics to improve latency, accuracy and reliability where they no longer identify a person.

21. Business customers and data processing agreements

Where a business customer is the controller and 10s Vision is its processor, the parties must enter into a data processing agreement meeting Article 28 GDPR requirements. The business customer is responsible for providing lawful instructions, notices and legal bases. 10s Vision will process customer content only on documented instructions, subject to legal requirements, and will maintain an authorized subprocessor process.

22. Data Protection Impact Assessment and governance

Before launch and after material changes, 10s Vision should assess whether a Data Protection Impact Assessment is required, especially in light of video processing, tracking, use of innovative technology, minors or large-scale processing. We should also document legitimate-interest assessments, records of processing, security risk assessments, retention rules, vendor due diligence and incident-response procedures.

23. Changes to this Policy

We may update this Policy to reflect legal, technical or business changes. We will post the new version with an updated date and provide prominent notice where a change materially affects rights or processing. Where required, we will seek consent before applying a new consent-based purpose.

24. Contact and complaints

Questions and requests may be sent to:

[FULL LEGAL ENTITY NAME]
[REGISTERED ADDRESS]
Email: [PRIVACY EMAIL]
DPO: [DPO EMAIL, IF APPLICABLE]
EU representative: [DETAILS, IF APPLICABLE]

A person may lodge a complaint with the supervisory authority in the EU or EEA country of habitual residence, place of work or alleged infringement. Our lead supervisory authority, if established, is [AUTHORITY NAME AND CONTACT].