Coachalyst

🎉 Limited-time early adopter benefits available.

Privacy Policy

Last updated: December 28, 2024

Your privacy is important to us. This Privacy Policy explains how Coachalyst LLC ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our services.

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when using Coachalyst:

  • Account Information: Name, email address, password, profile photo, and account preferences
  • Profile Data: Age, gender, fitness goals, experience level, and other optional profile details
  • Training Data: Workout logs, exercise history, performance metrics, training plans, and progress photos
  • Nutrition Data: Meal logs, nutrition plans, dietary preferences, and supplement tracking
  • Health Information: Body measurements, weight history, health conditions, and fitness assessments (optional)
  • Communication Data: Messages exchanged with coaches or support, feedback, and survey responses
  • Payment Information: Billing address and payment details (processed securely by third-party payment processors)
  • Content You Create: Custom workout templates, notes, client plans, and uploaded media

1.2 Information Collected Automatically

When you use our services, we automatically collect:

  • Usage Data: Features accessed, actions performed, time spent, and interaction patterns
  • Device Information: Device type, operating system, browser type and version, device identifiers
  • Technical Data: IP address, connection information, crash reports, and error logs
  • Analytics Data: Session duration, page views, click paths, and feature usage statistics
  • Location Data: General geographic location based on IP address (precise location only with explicit consent)

1.3 Information from Third Parties

We may receive information from:

  • Authentication Providers: If you sign up using third-party services (e.g., Google, Apple)
  • Payment Processors: Transaction confirmations and payment status
  • Integration Partners: If you connect third-party fitness devices or apps
  • Marketing Partners: Campaign performance data (anonymized)

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

  • Provide, maintain, and improve our platform features
  • Process and manage your account and subscriptions
  • Enable coach-client communication and program delivery
  • Synchronize data across your devices
  • Generate progress analytics and insights
  • Facilitate workout tracking and nutrition logging

2.2 Communication

  • Send service announcements and important updates
  • Respond to your inquiries and support requests
  • Send subscription and billing notifications
  • Provide educational content and training tips (with consent)
  • Notify you about new features or offerings

2.3 Security and Safety

  • Detect and prevent fraud, abuse, and security incidents
  • Protect against unauthorized access or malicious activities
  • Monitor system performance and identify technical issues
  • Enforce our Terms of Service and policies

2.4 Analytics and Improvement

  • Analyze usage patterns to improve user experience
  • Develop new features and optimize existing ones
  • Conduct research and statistical analysis
  • Measure effectiveness of marketing campaigns
  • Test new features and functionality

2.5 Legal Obligations

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect our rights, property, and safety
  • Resolve disputes and enforce agreements

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on:

  • Contract Performance: Processing necessary to provide services you've requested (Article 6(1)(b) GDPR)
  • Legitimate Interests: Processing for fraud prevention, security, analytics, and service improvement (Article 6(1)(f) GDPR)
  • Consent: Processing based on your explicit consent for marketing communications or special categories of data (Article 6(1)(a) GDPR)
  • Legal Obligations: Processing required to comply with legal requirements (Article 6(1)(c) GDPR)

For health-related data, we rely on your explicit consent (Article 9(2)(a) GDPR) or processing necessary for health/medical purposes with professional secrecy obligations.

4. Data Sharing and Disclosure

We do not sell your personal information. We share data only in limited circumstances:

4.1 With Your Consent

We share information with your explicit permission, such as:

  • Sharing training data with your assigned coach
  • Connecting with third-party fitness integrations you authorize
  • Participating in community features or leaderboards

4.2 Service Providers (Subprocessors)

We use trusted third-party service providers who process data on our behalf:

  • Cloud Infrastructure: Server hosting and data storage (AWS, Google Cloud)
  • Payment Processing: Secure payment handling (Stripe, PayPal)
  • Email Services: Transactional and marketing emails (SendGrid, Mailchimp)
  • Analytics: Usage analytics and crash reporting (anonymized where possible)
  • Customer Support: Support ticket management and live chat

All service providers are contractually bound to protect your data and use it only as instructed. A complete list of subprocessors is available upon request.

4.3 Business Transfers

If Coachalyst is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to different privacy practices.

4.4 Legal Requirements

We may disclose information when required by law, such as:

  • Complying with court orders, subpoenas, or legal processes
  • Responding to lawful requests from public authorities
  • Protecting our rights, property, or safety
  • Preventing fraud or investigating security incidents

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Data is retained while your account remains active
  • Closed Accounts: Data is typically deleted within 30 days after account closure, unless longer retention is required
  • Legal Requirements: Some data may be retained longer for legal, tax, or accounting purposes (typically 7 years)
  • Aggregated Data: Anonymized and aggregated data may be retained indefinitely for analytics

You can request deletion of your account and data at any time from your account settings or by contacting support.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

  • Access your personal information stored in our systems
  • Request a copy of your data in machine-readable format (data portability)
  • Export your training logs, plans, and other content

Data export is available directly from your account settings.

6.2 Correction and Updates

You can update your account information, profile data, and preferences at any time through your account settings. For assistance, contact support@coachalyst.com.

6.3 Deletion (Right to be Forgotten)

You can request deletion of your account and personal data. Note that:

  • Deletion is permanent and cannot be undone
  • We may retain some data for legal or legitimate business purposes
  • Deletion requests are typically processed within 30 days
  • Anonymized data may be retained for analytics

6.4 Restriction and Objection

You can:

  • Request restriction of processing in certain circumstances
  • Object to processing based on legitimate interests
  • Opt out of marketing communications at any time

6.5 Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

6.6 Lodge a Complaint

If you're in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we've violated data protection laws.

7. Cookies and Tracking Technologies

7.1 What We Use

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication, security, and core functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how you use our service (anonymized)
  • Marketing Cookies: Deliver relevant advertising (with consent)

7.2 Your Cookie Choices

You can control cookies through:

  • Our cookie consent banner (first visit)
  • Browser settings (block or delete cookies)
  • Account preferences for optional tracking

Blocking essential cookies may affect functionality. Analytics and marketing cookies can be disabled without impacting core features.

8. Data Security

We implement comprehensive security measures to protect your information:

8.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict authentication and role-based access permissions
  • Infrastructure Security: Secure cloud infrastructure with regular security audits
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backup Systems: Regular encrypted backups with disaster recovery procedures

8.2 Organizational Safeguards

  • Employee training on data protection and security
  • Confidentiality agreements with staff and contractors
  • Regular security assessments and penetration testing
  • Incident response procedures for data breaches

8.3 Your Responsibility

You play a key role in security by:

  • Using strong, unique passwords
  • Enabling two-factor authentication
  • Keeping your device and software updated
  • Not sharing account credentials
  • Reporting suspicious activity immediately

Despite our security measures, no system is 100% secure. We cannot guarantee absolute security but will notify you of any material breach as required by law.

9. International Data Transfers

Coachalyst operates globally and may transfer data to countries outside your residence, including countries that may not have the same data protection laws.

For EEA users, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers with adequate data protection certifications
  • Your explicit consent for specific transfers

Our primary data storage is within the EU region where possible for European users.

10. Children's Privacy

Coachalyst is not intended for children under 16. We do not knowingly collect personal information from children under 16 without parental consent.

If we become aware that we've collected data from a child under 16 without verification of parental consent, we will delete that information. If you believe we have data from a child, please contact us immediately.

Users aged 16-18 should have parental or guardian consent before using our services.

11. Third-Party Links and Services

Our service may contain links to third-party websites, integrations, or services not operated by us. We are not responsible for the privacy practices of these third parties.

When you connect third-party services (e.g., fitness trackers, nutrition apps), their own privacy policies apply to data they collect. We encourage you to review third-party privacy policies before connecting services.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our platform
  • Updated "Last updated" date at the top of this policy

Your continued use of the service after changes become effective constitutes acceptance of the updated policy. If you disagree with changes, you may close your account.

13. Data Processing Agreement (DPA)

For business customers using Coachalyst to process client data (e.g., coaches, gyms), we act as a data processor. A separate Data Processing Agreement (DPA) is available upon request to define our obligations under GDPR and other data protection laws.

14. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about data collection, use, and sharing
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To exercise these rights, contact support@coachalyst.com with "California Privacy Request" in the subject line.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Coachalyst LLC
Limassol, Cyprus
Email: support@coachalyst.com
Privacy Inquiries: privacy@coachalyst.com

We will respond to privacy inquiries within 30 days. For urgent data protection concerns, please indicate "Urgent" in your message subject line.

16. EU Representative

For users in the European Union, you can contact our EU representative for data protection matters at:

Email: eu-privacy@coachalyst.com