Privacy Policy

Last updated: February 15, 2026

drilx, Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered basketball coaching platform at drilx.app (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the collection and use of your information as described herein.

1. Information We Collect

Account Information (via Google OAuth)

  • Email address (from your Google account)
  • Display name (from your Google account)
  • Profile photo URL (from your Google account)

Profile Information (provided during onboarding)

  • Physical attributes: gender, age, height, weight, wingspan, dominant hand
  • Basketball details: position, experience level, play style, role model player
  • Training goals and preferences
  • Injury history (optional, used to customize safe training recommendations)

User-Generated Content

  • Basketball training videos (up to 15 seconds, max 50MB, automatically deleted after 12 hours)
  • AI analysis results and coaching feedback

Usage and Device Information

  • Device type, operating system, and browser information
  • IP address, access times, and pages viewed
  • Feature usage patterns and interaction data

2. How We Use Your Information

  • To provide AI-powered basketball video analysis and personalized coaching feedback
  • To personalize your experience based on your physical attributes, skill level, and goals
  • To improve and optimize the Service, including AI model performance
  • To communicate with you about your account, updates, and relevant information
  • To detect, prevent, and address security issues and abuse
  • To comply with legal obligations and enforce our Terms of Service

3. Data Storage and Infrastructure

Supabase (Database and Backend)

Your personal data and analysis results are stored in a Supabase PostgreSQL database hosted on Amazon Web Services (AWS). Supabase provides enterprise-grade security with encrypted connections and access controls.

Supabase Auth (Authentication)

Authentication is handled through Supabase Auth using Google OAuth as the identity provider. We do not store or have access to your Google account password.

Supabase Storage (Video Files)

Uploaded videos are stored in Supabase Storage with time-limited access URLs. All videos are automatically deleted after 12 hours. Video access requires authenticated session tokens.

Row Level Security (RLS)

Supabase Row Level Security is enforced on all database tables. This means each user can only access their own data. RLS policies ensure that no user can read, modify, or delete another user's information, even through direct database access.

4. Data Sharing and Third-Party Services

We share your information with the following third-party service providers solely to operate and improve the Service:

Anthropic (Claude API) - AI Analysis

Video frames extracted from your uploaded videos are sent to Anthropic's Claude API for AI-powered movement analysis. Anthropic processes this data according to their privacy policy. We send video frame images along with your physical attributes and basketball profile to generate accurate analysis. Anthropic does not use this data to train their models under our commercial agreement.

Polar - Payment Processing

Subscription billing and credit pack purchases are processed through Polar. Polar handles payment card information directly; we do not store your full payment card details on our servers.

Google - Authentication

We use Google OAuth for account authentication. Google provides us with your email, name, and profile photo. We do not access any other Google account data.

Vercel - Hosting

The Service is hosted on Vercel's edge network. Vercel may collect standard web server logs including IP addresses and request metadata.

We do NOT sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

5. Data Retention

Uploaded videosDeleted after 12 hours
Free tier analysis resultsRetained for 24 hours
Basic tier analysis resultsRetained for 14 days
Pro tier analysis resultsRetained permanently (while subscribed)
Account deletionAll data permanently removed

6. Children's Privacy (COPPA Compliance)

drilx is designed for basketball players aged 13 and older. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13.

Users aged 13 to 17 must have verifiable parental or legal guardian consent. Parents or guardians may review, request deletion of, or refuse further collection of their child's information by contacting us at privacy@drilx.app.

If we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that information and terminate the associated account.

7. Your Data Rights

You have the following rights regarding your personal data:

  • Right to Access: View your personal data through your profile page
  • Right to Export: Download all your data via Settings > Privacy > Export Data
  • Right to Delete: Delete your account and all associated data via Settings > Account > Delete Account
  • Right to Correct: Update your personal information through your profile settings
  • Right to Opt-Out: Opt out of marketing communications at any time

To exercise any of these rights, you can use the in-app settings or contact us at privacy@drilx.app. We will respond to verified requests within 30 days.

8. Security Measures

We implement industry-standard security measures to protect your personal information:

  • Supabase Row Level Security (RLS) ensuring data isolation between users
  • TLS/SSL encrypted connections for all data transmission
  • API keys and sensitive credentials stored as environment variables, never in client-side code
  • Secure authentication via Google OAuth with session token management
  • Automatic video deletion after 12 hours to minimize data exposure

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. California Residents (CCPA Notice)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at privacy@drilx.app or use the data management tools in your account settings. We will verify your identity before processing requests.

10. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your country of residence.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@drilx.app

Terms of ServiceBack to Home