Version: 2.1
Last Updated: December 18th, 2025
Welcome to Refine. This Privacy Policy details our commitment to protecting the privacy of individuals who use our services ("Users"). It explains what Personal Data we collect, our legal basis for processing it, how we use and share it, and your rights under the General Data Protection Regulation (GDPR).
Refine may act as either a Data Controller or a Data Processor under the General Data Protection Regulation (GDPR), depending on the context in which the Services are used.
Self-serve, demo, and trial use: When individuals or organizations use the Refine platform on a self-serve, demo, or trial basis, Refine determines the purposes and means of processing personal data necessary to provide and improve the Services. In this context, Refine acts as the Data Controller.
Enterprise or customer-managed deployments: When Refine provides the Services to an organization under a written agreement (for example, corporate training deployments with user management, analytics, or SSO integrations), the customer acts as the Data Controller and Refine acts as the Data Processor, processing personal data solely on the customer’s documented instructions pursuant to a Data Processing Agreement (DPA) or equivalent contractual terms.
Unless otherwise agreed in writing, the applicable role is determined by the contract governing the use of the Services.
The data controller for self-serve, demo, and trial use is:
We only process your personal data when we have a lawful basis to do so under Article 6 of the GDPR.
The legal bases below apply depending on whether Refine acts as a Data Controller or Data Processor, as described in Section 2, and where applicable are subject to customer instructions and contractual terms.
| Purpose of Processing | Type of Data Used | Legal Basis |
|---|---|---|
| To create your account and personalize your learning roadmap. | Identity, Account, Professional Context | Performance of a Contract |
| To process your audio and provide AI-driven coaching feedback. | User-Generated Content, Service-Generated Data | Performance of a Contract |
| To provide analytics and progress reports to authorized customer administrators. | Usage Data (Aggregated/Anonymized) | Performance of a Contract |
| To improve the security and performance of our platform. | Technical Data, Usage Data | Legitimate Interest |
| To improve our core AI models (using anonymized data only, where permitted by contract). | Anonymized User-Generated & Service-Generated Data | Legitimate Interest |
| To send essential service emails (e.g., password resets). | Identity Data (Email) | Legitimate Interest |
Your data is stored and processed securely. Where Refine acts as a Data Controller or Data Processor, we have signed Data Processing Agreements (DPAs) with all our sub-processors.
All international data transfers are protected by Standard Contractual Clauses (SCCs).
Under GDPR, you have the right to:
You can exercise these rights from your account settings page or by contacting our Data Protection Officer. For enterprise deployments where Refine acts as a Data Processor, data subject rights requests are handled in coordination with the customer, who acts as the Data Controller.
x-auth-token).For any questions about this policy, please contact our Data Protection Officer at: cto@refine-skills.com