Back to home

Privacy Policy

Last updated: January 2025 | GDPR Compliant

Our Privacy Commitment

  • End-to-end encryption for all coaching notes and sensitive data
  • We never sell, rent, or trade your personal information
  • Full GDPR compliance with all data subject rights
  • You control who sees your data and when

1. Introduction

Coach OS Inc. ("Coach OS", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, share, and protect information when you use our coaching platform service ("Service").

This policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller Information

Coach OS Inc.

General Inquiries:privacy@coach-os.com
Data Protection Officer:dpo@coach-os.com
Address:[Company Address]
EU Representative:[EU Representative Details]

3. Information We Collect

3.1 Information You Provide

Account Information

  • • Name and email address
  • • Password (encrypted)
  • • Professional information
  • • Timezone and language
  • • Billing information (processed securely)

Content Data

  • • Session notes (encrypted)
  • • Uploaded resources
  • • Messages (encrypted)
  • • Calendar entries
  • • Client relationships

3.2 Information Collected Automatically

Technical Data

  • IP address
  • Browser type and version
  • Device information and operating system
  • Access times and dates
  • Referring URLs

Cookies and Similar Technologies

  • Session cookies for authentication
  • Preference cookies for user settings
  • Analytics cookies (with consent)
  • Security cookies for fraud prevention

3.3 Information from Third Parties

  • Payment information from payment processors
  • Calendar data from integrated services
  • Authentication data from SSO providers

4. Legal Basis for Processing (GDPR)

We process personal data based on:

4.1 Contract Performance

Processing necessary to provide the Service you've contracted for, including:

  • Account creation and management
  • Service delivery and features
  • Customer support
  • Billing and payments

4.2 Legitimate Interests

Processing for our legitimate business interests, including:

  • Service improvement and development
  • Security and fraud prevention
  • Business operations and analytics
  • Direct marketing (with opt-out option)

4.3 Consent

Processing based on your explicit consent for:

  • Marketing communications
  • Analytics cookies
  • Sharing data with third parties (where applicable)

4.4 Legal Obligations

Processing necessary to comply with legal requirements:

  • Tax and financial regulations
  • Law enforcement requests
  • Legal proceedings

5. How We Use Your Information

5.1 Service Provision

  • Provide access to the coaching platform
  • Enable coach-coachee collaboration
  • Process payments and subscriptions
  • Provide customer support

5.2 Communication

  • Send service-related notifications
  • Respond to inquiries and support requests
  • Send marketing communications (with consent)
  • Provide security alerts

5.3 Improvement and Development

  • Analyze usage patterns
  • Develop new features
  • Optimize platform performance
  • Conduct research and analytics

5.4 Security and Compliance

  • Prevent fraud and abuse
  • Ensure platform security
  • Comply with legal obligations
  • Enforce our Terms of Service

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information.

6.2 Service Providers

We share data with trusted service providers:

Payment Processor

Secure payment handling

Supabase

Database and authentication

Vercel

Hosting and infrastructure

SendGrid

Email communications

All service providers are bound by data protection agreements.

6.3 Within Coach-Coachee Relationships

  • Coaches can access shared notes and resources
  • Coachees can access materials shared with them
  • Access is controlled by user permissions

6.4 Legal Requirements

We may disclose information when required by:

  • Court orders or legal proceedings
  • Government authorities
  • Law enforcement (with valid legal process)
  • Protection of rights and safety

6.5 Business Transfers

In case of merger, acquisition, or sale, user data may be transferred with appropriate protections.

7. Data Security

7.1 Encryption

Security Features

End-to-end encryption

For notes and sensitive data

TLS 1.3

For data in transit

AES-256 encryption

For data at rest

Zero-knowledge architecture

For sensitive content

7.2 Security Measures

  • Regular security audits
  • Access controls and authentication
  • Employee training and confidentiality agreements
  • Incident response procedures
  • Regular backups and disaster recovery

7.3 Data Breach Notification

In case of a data breach, we will:

  • Notify affected users within 72 hours
  • Inform relevant supervisory authorities
  • Provide details about the breach and mitigation steps

8. Your Rights (GDPR)

Access Right

Request a copy of your personal data we hold

Rectification Right

Request correction of inaccurate personal data

Erasure Right

Request deletion of your personal data

Data Portability

Receive your data in machine-readable format

Objection Right

Object to processing based on legitimate interests

Restriction Right

Request restriction of processing

How to Exercise Your Rights

Contact us at privacy@coach-os.com or through your account settings. We will respond within 30 days.

9. Data Retention

9.1 Active Accounts

We retain data as long as your account is active and as needed to provide services.

9.2 After Account Closure

  • Account data: Deleted after 30 days
  • Encrypted content: Immediately inaccessible
  • Legal/tax records: Retained as required by law
  • Anonymized analytics: May be retained indefinitely

9.3 Backup Retention

Backups are retained for 90 days and then securely deleted.

10. International Data Transfers

10.1 Data Location

Primary data storage is in [Location]. We may transfer data internationally with appropriate safeguards.

10.2 Transfer Mechanisms

We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Privacy Shield (where applicable)
  • Binding Corporate Rules

11. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect data from children. If we discover such data, we will promptly delete it.

12. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination

13. Cookie Policy

13.1 Essential Cookies

Required for Service operation:

  • Authentication cookies
  • Security cookies
  • Load balancing cookies

13.2 Functional Cookies

Enhance user experience:

  • Language preferences
  • User settings
  • Feature preferences

13.3 Analytics Cookies (Optional)

With your consent:

  • Usage analytics
  • Performance monitoring
  • Feature adoption tracking

13.4 Managing Cookies

You can manage cookies through:

  • Browser settings
  • Our cookie preference center
  • Account settings

14. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

15. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via:

  • Email notification
  • In-app notification
  • Website announcement

Continued use after changes constitutes acceptance.

16. Contact Us

General Inquiries

Email: privacy@coach-os.com

Address: [Company Address]

Data Protection Officer

Email: dpo@coach-os.com

EU Representative: [Details]

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

17. Specific Processing Activities

17.1 End-to-End Encryption

  • We cannot access encrypted content
  • You are responsible for key management
  • Lost keys cannot be recovered

17.2 Analytics and Improvement

With consent, we analyze:

  • Feature usage (anonymized)
  • Performance metrics
  • User behavior patterns

17.3 Marketing

With consent, we may:

  • Send promotional emails
  • Display relevant offers
  • Share success stories (anonymized)

18. Privacy by Design

We implement privacy by design principles:

  • Data minimization
  • Purpose limitation
  • Privacy defaults
  • Transparency
  • User control

19. Special Categories of Data

We do not intentionally collect special categories of personal data (health, religion, etc.). However, you may include such information in encrypted notes at your discretion.

20. Automated Processing

We use limited automated processing for:

  • Spam detection
  • Security threat detection
  • Usage analytics
  • Feature recommendations

You can opt-out of non-essential automated processing.

Your Privacy Matters

We are committed to protecting your privacy and giving you control over your data.

If you have questions or concerns, please contact us at privacy@coach-os.com

This privacy policy is provided in English but may be translated for convenience. In case of conflicts, the English version prevails.