How SplitStep handles your data.

Last updated June 6, 2026. This policy explains what SplitStep collects, how we use it, and how to contact us about your data.

1. Who this policy covers

This policy applies to SplitStep websites, accounts, training tools, partner pages, and billing flows at splitstep.net and www.splitstep.net.
SplitStep is a tennis reaction-training product. It is not a medical device, a professional coaching substitute, or a replacement for safe in-person training.

Account data includes your email address, password-auth account records, Google OAuth profile information made available by Google, username, avatar URL, account creation date, and subscription status.
Billing data includes Stripe customer IDs, subscription IDs, plan tier, invoice history, payment status, cancellation status, renewal dates, and related checkout metadata. SplitStep does not receive or store full card numbers.
Training and product data may include selected drill settings, session settings, score counts, progress/report details you submit, support messages, and partner or referral attribution data.
Referral data may include referral slug, visitor ID, landing path, referrer, browser user agent, and IP-derived information used to prevent abuse and attribute partner links.

Camera access only starts after browser permission. SplitStep uses MediaPipe in the browser for hand-tracking and movement feedback.
Camera video, camera frames, and raw hand-tracking landmarks are processed on your device and are not sent to SplitStep servers by the training tool. MediaPipe model assets may be loaded from Google or CDN-hosted resources, but SplitStep does not send them your camera feed.
Local training preferences such as dominant hand and calibration can be stored in your browser localStorage so the tool can remember your setup.

We use your information to create and secure accounts, provide the court experience, manage subscriptions, show billing history, process cancellations, support partner referrals, respond to support requests, and improve product reliability.
We may use operational logs from hosting, database, authentication, and payment providers to debug errors, prevent fraud, protect the service, and understand whether core product flows are working.

SplitStep uses necessary cookies for Supabase authentication sessions, checkout redirects, and referral attribution. Referral cookies are time-limited and used to credit partner links or promo codes.
SplitStep also uses browser localStorage for referral handoff, lightweight signed-in UI state, and local training setup preferences. As of this policy, SplitStep does not use third-party advertising cookies or behavioral ad targeting.

Supabase processes authentication, database records, storage, session cookies, and server-side account operations. Stripe processes checkout, subscriptions, invoices, refunds, and payment method handling.
Vercel hosts the website and may process request logs and deployment telemetry. Google processes Google OAuth sign-in and provides hosted MediaPipe model resources used for on-device vision. These providers process data under their own terms and privacy policies.

You can request a copy of your account data, correction of inaccurate profile data, deletion of your account, or cancellation assistance by emailing support@splitstep.net. Support mailto links include splitstepsupport@gmail.com as a backup address.
Deleting an account removes the Supabase profile tied to that user and related account records where deletion is technically and legally available. Stripe invoice and transaction records may be retained when required for tax, accounting, fraud prevention, or legal compliance.
You can clear localStorage and cookies in your browser. Doing so may sign you out, clear referral attribution, or reset local camera calibration preferences.

We use role-based database access, Supabase row-level security, payment-provider tokenization, HTTPS, and provider-managed infrastructure controls to protect personal information.
We keep account, billing, support, and referral records for as long as needed to provide the service, resolve disputes, meet legal obligations, prevent abuse, and maintain accurate business records.

Contact SplitStep at support@splitstep.net for privacy questions, export requests, deletion requests, or support with your account. splitstepsupport@gmail.com is the backup support address.
We may update this policy as the product changes. Material updates will be reflected on this page with a new updated date.

Camera stays local: MediaPipe tracking runs in the browser; camera frames are not uploaded by the training tool.
Payments stay with Stripe: Stripe handles cards, checkout, invoices, subscriptions, and refunds.
Account data is limited: Core records are email, profile, plan, billing state, referral attribution, and support details.