Privacy Policy

Coachero (the “Service”) is a SaaS application for personal trainers, operated by Individual Entrepreneur (ФОП) Zhura Serhii Serhiiovych, Ukrainian taxpayer number (РНОКПП) 3636304790, registered address: 52 Ihor Sikorsky St., Novovolynsk, Ukraine (the “we”, “us”, “Coachero”, or “controller”).

For any privacy matter, contact [email protected].

We collect only the data we need to deliver the Service.

Account data:

• phone number (used for authentication via SMS one-time code);
• email address (optional, for receipts and account notices);
• display name, locale (uk / ru / en), time zone;
• profile photo (if you upload one).

Student data you upload about your students:

• display name and optional phone;
• training history, programs, workout logs, measurements, photos, and notes you record;
• booking history.

Usage and technical data:

• booking and program activity, Coach AI interactions;
• device type, browser, IP address, log timestamps;
• error reports (with personal identifiers redacted).

We collect data directly from you when you sign up, complete your profile, add students, schedule bookings, generate programs, or message Coach AI. Some data is collected automatically as you interact with the Service (logs, device, IP). Some data may come from your students if they connect via the per-student portal link or the Telegram bot.

We process personal data on the following lawful bases under Ukrainian law:

• Performance of contract — to deliver the Service you have subscribed to (these Terms);
• Legal obligation — tax, accounting, and other Ukrainian regulatory requirements;
• Legitimate interest — operating, securing, and improving the Service, preventing fraud and abuse;
• Consent — where required (e.g. marketing emails, optional analytics).

For data of your students that you upload, you act as the controller in relation to your students; we act as a processor on your behalf and process that data only as needed to provide the Service to you.

• Providing the Coachero Service (bookings, programs, progress tracking, messaging).
• Authenticating you via phone OTP.
• Processing payments and renewing subscriptions.
• Generating Coach AI responses based on the context you provide.
• Sending booking reminders, support replies, and account-related notices.
• Detecting fraud, abuse, and security incidents.
• Improving the product through aggregated, non-identifying usage analytics.
• Complying with Ukrainian law.

We use the following service providers (sub-processors). We have signed appropriate agreements with each and share only the data needed for their specific role:

• Monobank — payment acquiring for Pro subscriptions (UAH).
• Apple App Store / Google Play — in-app subscriptions on mobile, governed by their own privacy policies.
• Anthropic (Claude) — AI model provider for Coach AI. We send only the relevant context for each request. Anthropic does not retain prompts or use them to train models, per its commercial API agreement.
• Twilio (or equivalent SMS provider) — phone OTP delivery and SMS reminders.
• Telegram — optional bot integration for student communication, governed by Telegram’s own privacy policy.
• Amazon Web Services (AWS) — hosting (servers, S3 storage, CloudFront CDN).
• Sentry — error monitoring with PII scrubbing applied before any event leaves our servers.
• Resend (or equivalent SMTP provider) — transactional email.

We do not sell, rent, or share your personal data with advertisers or data brokers.

Coachero servers are hosted in the European Union (AWS eu-central, Frankfurt region). Personal data of users in Ukraine may therefore be processed in the EU. Such transfers are made under safeguards equivalent to Ukrainian and EU data protection standards. We will move data to a Ukrainian-region provider when an equivalent option becomes commercially available.

When you use Coach AI, the relevant context (your notes, sessions, and the basics of the student in question) is sent to Anthropic Claude as a single API request. Anthropic does not retain the request or use it to train its models, per its commercial API agreement.

We sanitize inputs against prompt injection and never pass user-controlled text directly into tool arguments. AI output is a suggestion: you remain responsible for reviewing and approving anything it produces before applying it to a student. We do not send your data to other AI providers.

Retention. Personal data is retained for the lifetime of your account. Closed accounts are deleted within 30 days of closure, except where retention is required by Ukrainian law (e.g. tax records for up to three years). Encrypted backups are retained for up to 30 days, then overwritten.

Security. Personal data is encrypted in transit (TLS 1.2+) and at rest. Photos and uploaded files sit in private S3 storage and are served via short-lived signed URLs. We do not use passwords (phone OTP only). We follow industry-standard access control, logging, and incident response. We will notify affected users without undue delay if a personal data breach is detected.

Under the Personal Data Protection Law of Ukraine you have the right to:

• know what data we hold about you;
• access and obtain a copy (Settings → Privacy → Export, or by emailing [email protected]);
• correct inaccurate data (Settings → Profile);
• request deletion (Settings → Privacy → Delete account, or by email — deletion cascades and no shadow copies remain);
• restrict or object to processing in specific circumstances;
• withdraw consent where processing is based on consent;
• lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (Ombudsman) at ombudsman.gov.ua.

We aim to respond to verified requests within 30 days.

Coachero is not directed at children under 14. Trainers using the Service to coach minors must obtain a parent’s or guardian’s informed consent before adding the child’s data to the platform.

Cookies. We use essential cookies for authentication and session management. You may clear cookies any time via your browser; doing so will sign you out.

Analytics. We use a privacy-friendly first-party analytics tool (Plausible) to understand product usage in aggregate. We do not embed third-party tracking pixels or advertising cookies.

Marketing. We email you about service-related matters (account, billing, security) regardless of consent. Marketing emails are opt-in and you can unsubscribe at any time via the link at the foot of each marketing email.

We may update this Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect.

Privacy questions, data requests, or complaints: [email protected]. If you are not satisfied with our response, you may file a complaint with the Ukrainian Parliament Commissioner for Human Rights at ombudsman.gov.ua.