Privacy Policy
Last updated: May 25, 2026
1. Introduction
This privacy policy outlines how CoachBuk ("we," "our," or "the app") collects, uses, discloses, and safeguards user data. CoachBuk is a fitness coaching marketplace connecting users with independent personal trainers through data-driven discovery, session logging, and coaching relationship management.
2. Information We Collect
2.1 Account & Registration
When you create an account, we collect:
- Identity: Name, email, phone number
- Authentication: Password (hashed), and OAuth tokens only if social sign-in is enabled later
- Account Role: User or Coach
- Profile Photo: Avatar image
2.2 Fitness Goals (Users)
Fitness goals, categories, sport focus, experience level, and goal status for personalisation and coach matching.
2.3 Session Logs (Users)
Session date, coach, goals impacted, ratings (5-dimension), reflection notes — all private by default.
2.4 Fitness Wrapped Private Notes (Users)
Fitness Wrapped can store private chapter or yearly reflection notes based on your logged session counts, completed goals, coach count, and recorded impact shown in Wrapped. Immediate milestone notes can be created from those totals without an AI provider. If AI-assisted quarterly or year-end summaries are enabled, CoachBuk sends only those limited totals to the configured model provider. Private written reflection notes, coach names, and chapter names are not sent for this generation. You can remove a generated note from your Wrapped history in the app.
2.5 Device & Technical Data
Device identifier, OS/app version, usage events, crash reports, and push notification tokens if push delivery is enabled later.
3. How We Use Your Data
We process your data based on:
- Contract performance: Account creation, session logging, goal tracking
- Legitimate interest: Coach discovery, matching algorithm, product improvement
- Consent: Goal visibility to coaches, push notifications
- Legal obligation: Coach verification, payment records (7 years)
4. Data Sharing
CoachBuk acts as an intermediary. Data sharing is always mediated by the platform:
- Coaches can only see your goals if you enable "Visible to Coaches" (default: off)
- Session ratings/reflections are never shared unless you toggle "Share with coach"
- Contact details only exchange after enquiry/relationship acceptance
- We never sell your data to third parties
5. Data Storage & Security
- Database: Supabase (PostgreSQL, EU-based)
- Encryption: TLS 1.2+ in transit, AES-256 at rest
- Authentication: JWT-based with bcrypt password hashing
- Access Control: Row-Level Security (RLS) on all tables
6. Third-Party Services
| Service | Purpose |
|---|---|
| Supabase | Backend, auth, database |
| Payment provider (when enabled) | Website payment processing and subscription records |
| Push delivery provider (if enabled) | Push notification delivery |
| OpenAI (when enabled) | AI-assisted quarterly or year-end Wrapped summaries from limited displayed aggregates only, when enabled |
7. Your Rights
Under GDPR and UK data protection law, you have the right to:
- Access: Request a copy of all data we hold
- Rectification: Correct inaccurate data
- Erasure: Request deletion ("right to be forgotten")
- Portability: Receive data in machine-readable format
- Objection: Object to processing based on legitimate interests
To exercise these rights: privacy@coachbuk.com
8. Retention
- Account data: Until deletion requested
- Session logs: 3 years from last activity
- Fitness Wrapped private notes: Until account deletion, unless you remove a note from your history earlier
- Payment records: 7 years (tax compliance)
- Analytics: 2 years
- Crash reports: 90 days
9. Children
CoachBuk is not intended for children under 16. Users must be 16+, coaches must be 18+. We do not knowingly collect data from anyone under 16.
10. Contact
Email: privacy@coachbuk.com
Support: help@coachbuk.com
UK Regulator: Information Commissioner's Office