How Reflect OS collects, uses, and protects your personal data.
Euan Pallister trading as Reflect OS is the data controller for personal data processed through the Reflect OS service ("Service"). We are based in England and Wales.
If you have any questions about how we handle your data, please contact us at [email protected].
We collect personal data only where we have a lawful basis for doing so. The tables below describe what we collect, why, and on what legal basis.
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Account creation, authentication, system communications | Contract |
| Display name | Personalisation within the Service | Contract |
| Password hash | Authentication (stored hashed; we never see your plaintext password) | Contract |
| Subscription and billing data | Processing payments and managing your subscription | Contract |
| Account preferences and settings | Delivering personalised experience | Contract |
| Data | Purpose | Legal basis |
|---|---|---|
| Decision titles and metadata | Core Service functionality — logging and retrieving decisions | Contract |
| Decision descriptions, situational context, outcome text, projected outcomes | Core Service functionality; AI-assisted analysis | Contract |
| Confidence scores and risk assessments | Calibration and intelligence features | Contract |
| Outcome checkpoint records | Outcome tracking and review | Contract |
| Team workspace membership and permissions | Enabling collaboration features | Contract |
| Data | Purpose | Legal basis |
|---|---|---|
| IP address and device type | Security, fraud prevention, and service delivery | Legitimate interests |
| Browser/app version and OS | Compatibility and bug diagnosis | Legitimate interests |
| Feature usage logs | Understanding how the Service is used to improve it | Legitimate interests |
| Error logs and crash reports | Diagnosing and fixing technical issues | Legitimate interests |
| Data | Purpose | Legal basis |
|---|---|---|
| Content sent to AI features (decision text, context) | Generating AI-assisted analysis, risk assessments, and suggestions | Contract |
| AI model responses | Delivering AI features; stored to allow review of prior AI interactions | Contract |
We do not use your data to train or fine-tune AI models. See Section 5 for details on AI providers.
| Data | Purpose | Legal basis |
|---|---|---|
| Calendar event titles and times (where you grant access) | Creating outcome checkpoint reminders in your calendar | Consent |
Calendar integration is optional. You may revoke access at any time via Settings → Integrations.
| Data | Purpose | Legal basis |
|---|---|---|
| Coaching notes and session records | Enabling the coaching feature; stored encrypted | Contract / Consent |
| Coach-shared decision content | Facilitating coach review of decisions you have shared | Contract |
| Data category | Retention period |
|---|---|
| Account and profile data | For the duration of your account, plus 30 days after closure to allow account recovery |
| Decision records and workspace data | For the duration of your account. Deleted 30 days after account closure unless you request earlier deletion |
| Billing records | 7 years from the date of the transaction, as required by HMRC guidance |
| Usage and technical logs | 90 days on a rolling basis |
| AI interaction logs | 30 days, then anonymised |
| Audit logs | 12 months |
| Coaching notes | For the duration of your account, unless you delete them earlier |
| Backup copies | Overwritten on a 30-day cycle |
After the applicable retention period, data is securely deleted or anonymised. Anonymised, aggregated data (which cannot identify you) may be retained indefinitely for product improvement.
We share data with the following third-party sub-processors who provide infrastructure or services necessary to operate Reflect OS:
| Provider | Purpose | Data location |
|---|---|---|
| Supabase | Database, authentication, storage, and serverless Edge Functions | EU (eu-west-1) |
| Stripe | Payment processing and subscription management | EU / US (SCCs) |
| Anthropic (Claude) | AI-assisted features (risk, scenario, review) | US (SCCs, no training) |
| Google (Firebase / Google Cloud) | Push notifications (mobile app) | EU / US (SCCs) |
| Microsoft (Azure) | Calendar integration (where you enable it) | EU / US (SCCs) |
| Resend | Transactional email delivery | EU |
Where sub-processors are located outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the ICO.
If you are a member of a team workspace, other members of that workspace (subject to their permission level) may be able to view decisions and content you have added to the shared workspace. The Workspace Admin controls who has access. We are not responsible for how other workspace members use content you share within the workspace.
If you use the coaching feature and share content with a coach, that coach will have access to the content you have designated as shared. Coaches are bound by confidentiality obligations.
We may disclose your data to law enforcement, regulators, or other third parties where we are required to do so by applicable law, regulation, or court order, or where disclosure is necessary to protect our legal rights or the safety of others.
In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the acquiring entity, subject to the same protections as described in this Privacy Policy.
We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes.
AI-assisted features in Reflect OS are powered by Anthropic Claude (models including Claude 3.5 Haiku and Claude 3.5 Sonnet). When you use an AI feature, relevant portions of your decision data (such as the decision description and context) are sent to Anthropic's API for processing.
Anthropic does not use data submitted via the API to train its AI models. Data sent to the Anthropic API is processed only to return the requested output and is not stored by Anthropic beyond the period required to generate the response, in accordance with Anthropic's API data usage policy.
We process your data when sending it to Anthropic on the basis of our contract with you (providing the AI features you have requested). You may disable AI features at any time via Settings → AI Features, in which case no data is sent to Anthropic.
We use cookies and similar technologies on the web version of Reflect OS. Full details of the cookies we use, why we use them, and how to manage your preferences are set out in our Cookie Notice.
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:
| Right | What it means |
|---|---|
| Access | You can request a copy of the personal data we hold about you. |
| Rectification | You can ask us to correct inaccurate or incomplete personal data. |
| Erasure ("right to be forgotten") | You can ask us to delete your personal data in certain circumstances. |
| Data portability | You can ask us to provide your data in a machine-readable format so you can transfer it to another service. |
| Restriction | You can ask us to restrict processing of your data in certain circumstances, such as while a dispute is resolved. |
| Objection | You can object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue. |
| Withdraw consent | Where processing is based on consent (e.g. optional cookies, calendar integration), you may withdraw consent at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, please email [email protected]. We will respond within one calendar month. We may ask you to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
You can manage and delete your data directly within the Service at any time:
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
No system is completely secure. If you believe your account has been compromised, please contact us immediately at [email protected].
The Service is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with their personal data, please contact us at [email protected].
We may update this Privacy Policy from time to time. For material changes that significantly affect how we process your data or your rights, we will provide at least 14 days' advance notice by email or prominent notice within the Service before the changes take effect.
The version number and "last reviewed" date at the top of this page will be updated with each revision. We recommend checking this page periodically.
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
We aim to respond to all data-related enquiries within 5 business days.