Data Privacy Policy

1. General Data Protection

COACHIEZ is committed to protecting user data in accordance with GDPR and the EU Artificial Intelligence Act (EU AI Act).

2. Data Collected

COACHIEZ only stores minimal session metadata, including:

  • Session start and end times
  • Session duration
  • End type (timeout, manual end, logout)
  • Number of tokens used
  • Like/dislike status
  • User feedback
  • Email
  • User first name
  • User last name

3. Session Privacy

  • The content of AI coaching sessions is not stored.
  • Chat messages only exist during the active session and are deleted after it ends.
  • The data is not used for additional training of the AI model.

4. Data Storage and Security

Session metadata is stored in a PostgreSQL database, where:

  • Data is encrypted at rest.
  • Access is only possible through authenticated requests.
  • Row-Level Security (RLS) policies protect access.

5. User Rights Under GDPR

Users have the right to:

  • Access their personal data
  • Correct inaccurate information
  • Delete their account by sending a request to office@coachiez.com
  • Restrict or object to data processing
  • Request data portability
  • All these by sending a request to office@coachiez.com

6. Third-Party Sharing

  • COACHIEZ does not sell, rent, or share user data with third parties.
  • Data may only be disclosed when required by law.

7. Complaints and Contact Information

For any privacy-related inquiries, please contact office@coachiez.com.

8. Changes to This Policy

COACHIEZ reserves the right to update this Privacy Policy. Users will be informed of any significant changes.

9. Payment Processing (Stripe)

We use Stripe Payments Europe, Ltd. to process payments. When you subscribe, we share limited personal data with Stripe (e.g., name, email, billing address, transaction amount, and tokenized payment method). Coachiez does not store full payment card numbers or CVC codes.

10. Roles and Responsibility

For payment processing, Coachiez acts as the controller of your account data; Stripe processes payment data to complete transactions and for fraud prevention, compliance, and technical operations. For certain activities (e.g., anti-fraud and regulatory compliance), Stripe may act as an independent controller as described in its privacy notices.

11. Legal Basis

Processing related to payments is necessary for the performance of a contract (GDPR Art. 6(1)(b)). Fraud prevention and service security are based on our legitimate interests (Art. 6(1)(f)). We also process and retain limited transaction data to comply with legal obligations (Art. 6(1)(c)).

12. International Transfers

Stripe may transfer data outside the EEA (including to the US). Such transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses). You can contact us for more information.

13. Security

Stripe is PCI-DSS compliant. Coachiez never sees nor stores full card PAN/CVC. Payment data is transmitted directly to Stripe over encrypted connections.

14. Retention

We retain transaction records only as long as needed for accounting, tax, fraud-prevention, and legal compliance requirements, after which they are securely deleted or anonymized.

15. Your Rights and How to Exercise Them

You can access, rectify, or delete your Coachiez account data, or object to processing, by contacting us. For payment-specific data held by Stripe, you may also contact Stripe directly. We will cooperate to honor applicable rights requests.

16. Third-Party Recipients

In connection with payments, limited data may be shared with card networks, payment processors, banks, tax authorities, and anti-fraud providers where required to complete the transaction and comply with law.