CoachOS
FeaturesAppsIntegrationsPricingAffiliatesSign In

Privacy Policy

Last updated: February 18, 2026

CoachOS Ltd ("CoachOS," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, mobile applications, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect several types of information to provide and improve our Service:

1.1 Information You Provide

  • Account Information: Name, email address, password, profile photo, and contact details when you create an account.
  • Profile Information: Professional credentials, certifications, business name, and biography (for coaches).
  • Health and Fitness Data: Body measurements, weight, fitness goals, workout logs, nutrition data, progress photos, and health metrics you voluntarily provide.
  • Communication Data: Messages, feedback, and communications between coaches and clients within the platform.
  • Payment Information: Billing address and payment method details (processed securely by our payment processor, Stripe).

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns.
  • Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information.
  • Log Data: IP address, access times, referring URLs, and pages viewed.
  • Location Data: General location based on IP address (we do not collect precise GPS location unless you explicitly enable it).
  • Mobile App Diagnostics: For mobile app users, we collect crash reports and diagnostic logs to improve app stability. This may include device model, app version, and anonymized usage patterns.

1.3 Information from Third Parties

  • Wearable Integrations: If you connect fitness devices (e.g., WHOOP, Apple Health, Fitbit, Garmin, Oura), we receive health and activity data according to your permissions.
  • OAuth Providers: When you sign in with Google, we receive your name, email, and profile picture.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Facilitate communication between coaches and clients
  • Process transactions and send related information
  • Send administrative notifications, updates, and security alerts
  • Personalize your experience and provide AI-powered insights
  • Analyze usage patterns to improve our features and user experience
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Comply with legal obligations
  • Respond to your requests and support inquiries

3. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: Processing necessary for our legitimate business interests (improving the Service, security, fraud prevention) where these are not overridden by your rights
  • Consent: Where you have given explicit consent for specific processing (e.g., marketing communications, wearable integrations)
  • Legal Obligation: Processing necessary to comply with legal requirements

For special category data (health and fitness information), we rely on your explicit consent. You may withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.

4. Health Data (Special Category Data)

CoachOS processes health and fitness data to enable coaching services. This data is considered sensitive personal information and we apply additional safeguards:

  • Health data is only shared with your designated coach(es) and is never sold to third parties
  • Health data is NOT used for advertising, marketing, or any purpose other than providing coaching services
  • You control what health data you share and can delete it at any time
  • We use encryption in transit and at rest to protect health data
  • AI features that analyze health data process information to provide insights but do not share data externally

4.1 Apple HealthKit (iOS)

When you grant permission, CoachOS accesses the following data types from Apple Health:

  • Read: Step count, sleep analysis, workout sessions, active energy burned, and heart rate data.
  • Write: Workout sessions completed within the CoachOS app are written back to Apple Health to keep your fitness records synchronised.

CoachOS uses HealthKit data solely to display your fitness and recovery metrics within the app and to share relevant progress with your assigned coach. HealthKit data is never used for advertising, marketing, data mining, or any purpose unrelated to providing coaching services. HealthKit data is not sold to or shared with third parties, data brokers, or information resellers. You can revoke HealthKit access at any time via your device's Settings > Health > Data Access & Devices.

4.2 Google Health Connect (Android)

When you grant permission, CoachOS accesses the following data types from Health Connect:

  • Read: Steps, sleep sessions, exercise sessions, active calories burned, and heart rate records.
  • Write: Exercise sessions completed within the CoachOS app are written back to Health Connect.

Health Connect data is used exclusively to display your fitness and recovery metrics within the app and to share relevant progress with your assigned coach. Health Connect data is never used for advertising, marketing, or any purpose unrelated to providing coaching services. Health Connect data is not sold to or shared with third parties. You can revoke Health Connect access at any time via your device's Settings > Health Connect > App permissions.

Important: CoachOS is not a medical service. The health insights and recommendations provided are for informational purposes only and should not replace professional medical advice.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 With Your Consent

We share information between coaches and clients as necessary to provide coaching services. Clients' health data, progress, and communications are accessible to their assigned coaches.

5.2 Service Providers

We use trusted third-party services to operate our platform:

  • Stripe: Payment processing
  • PlanetScale: Database infrastructure
  • Vercel: Hosting and content delivery
  • Resend: Email delivery
  • Pusher: Real-time messaging
  • OpenRouter: AI model providers for insights and recommendations
  • Expo: Mobile app infrastructure and push notifications

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of CoachOS, our users, or others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and the choices you may have.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will also retain and use your information to comply with legal obligations, resolve disputes, and enforce agreements.

  • Active account data: Retained while your account is active
  • Deleted account data: Removed within 30 days of account deletion
  • Payment records: Retained for 7 years for tax and legal compliance
  • Communication logs: Retained for 2 years after account deletion

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Secure authentication with hashed passwords and optional two-factor authentication
  • Regular security audits and vulnerability assessments
  • Access controls limiting employee access to personal data
  • Infrastructure hosted on SOC 2 compliant providers

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@coachosapp.com. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you signed in and remember your preferences
  • Understand how you use our Service
  • Improve performance and user experience

You can control cookies through your browser settings. Disabling cookies may affect some features of the Service.

10. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe we have information from a child under 13, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR:

  • Transfers to countries with UK adequacy decisions (recognised as providing adequate protection)
  • International Data Transfer Agreements (IDTAs) or UK Addendum to EU Standard Contractual Clauses
  • Binding Corporate Rules where applicable

Some of our service providers are based in the United States. We ensure these transfers comply with UK data protection requirements through appropriate transfer mechanisms.

12. UK GDPR Rights

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, you have the following rights:

  • Right to be informed: Know how your data is being used (this Privacy Policy)
  • Right of access: Request a copy of your personal data (Subject Access Request)
  • Right to rectification: Have inaccurate data corrected
  • Right to erasure: Request deletion of your data in certain circumstances
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Rights related to automated decision-making: Not be subject to solely automated decisions with legal effects

You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or in-app notification. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: