Legal

Privacy Policy

Last updated: February 2026

1. Who We Are

Refract (“we”, “us”, “our”) operates the website refractai.xyz (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect information that you provide directly to us:

  • Email Address — provided when you submit a pitch deck for analysis.
  • Pitch Deck Files — PDF documents you upload for evaluation.
  • Consent Records — your consent preferences and timestamps.

We also automatically collect certain technical information:

  • Browser type and version
  • Usage data and interaction patterns (via Sentry error monitoring)
  • Email delivery and engagement data (opens, clicks) via our email service provider

3. How We Use Your Information

We use the information we collect to:

  • Analyse your pitch deck and generate feedback using AI
  • Send you the analysis results via email
  • Provide a web-based fallback link to view your feedback
  • Monitor and improve the reliability of our Service (error tracking)
  • Respond to your enquiries when you reply to our emails

4. AI Processing

Your pitch deck is processed by Anthropic’s Claude API to generate the analyst memo. The PDF content is sent to Anthropic’s API as part of a single analysis request. We do not use your pitch deck to train AI models unless you have explicitly opted in to model improvement consent. Anthropic’s own data usage policies apply to their processing of your content — see Anthropic’s Privacy Policy.

5. Data Storage and Security

Your data is stored securely using the following measures:

  • Pitch decks are stored in a private Supabase storage bucket, accessible only via service-role credentials.
  • Submission data (email, feedback, metadata) is stored in a Supabase PostgreSQL database with Row Level Security (RLS) enabled.
  • Security headers including CSP, HSTS, X-Frame-Options, and X-Content-Type-Options are enforced on all pages.
  • PII scrubbing is applied to error monitoring events to prevent accidental data exposure.

6. Data Sharing

We share your information only with the following service providers, solely for the purpose of operating the Service:

  • Anthropic — AI analysis of your pitch deck
  • Supabase — database and file storage
  • Resend — transactional email delivery
  • Vercel — application hosting
  • Sentry — error monitoring (with PII scrubbing)

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Retention

We retain your submission data (email, pitch deck, feedback) for as long as necessary to provide the Service and for our legitimate business interests. You may request deletion of your data at any time by contacting us at hello@refractai.xyz.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Data portability

To exercise any of these rights, please contact us at hello@refractai.xyz.

9. Cookies and Tracking

We use essential cookies required for the Service to function. We use Sentry for error monitoring with minimal session replay (0% session sampling, 10% error sampling). Email open and click tracking is enabled for delivery monitoring purposes. We do not use advertising cookies or third-party analytics trackers.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

11. International Data Transfers

Your data may be processed in countries other than your own, including the United States (where our service providers operate). By using the Service, you consent to the transfer of your data to these jurisdictions.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@refractai.xyz.

← Back to Refract