Who we are
COACHHAVEN LTD is registered in England and Wales under company number 17097412. Our registered office and service address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
CoachHaven is currently operated by its founder and director. We have not appointed a separate data protection officer. For privacy requests, email support@coachhaven.app.
Where this policy applies
This policy covers the CoachHaven marketing site, web app, API, client portal, mobile app, billing flows, contact forms, support flows, and related service communications.
Controller and processor roles
CoachHaven is the controller for coach account administration, website operation, billing, support, security, legal compliance, and our own service analytics.
For coach-managed client records and workspace content, the coach normally decides why and how client data is used. In that context, CoachHaven generally acts as a processor or service provider where applicable law recognises that role.
Personal data we process
| Category | Examples |
|---|---|
| Account and profile data | Name, email address, authentication identifiers, business profile, locale, timezone, avatar or logo, country, default currency, and preferences. |
| Authentication and security data | Session data, login state, Auth0 identifiers, audit records, access events, request metadata, and security logs. |
| Billing and subscription data | Stripe customer and subscription state, invoices, active client counts, referral or promotion codes, and Stripe Connect data when used. |
| Coach workspace content | Client records, notes, meal plans, workout plans, recipes, ingredients, adherence logs, messages, invitations, tasks, and uploaded media. |
| Camera, photo-library, and uploaded media | When you choose to attach or upload media, the mobile app may request camera or photo-library access to capture or select images or videos for the selected product workflow. CoachHaven does not use camera or photo-library access for advertising or unrelated third-party purposes. |
| Client and health-related content | Client display names, contact details, age, height, gender, goals, diet types, allergens, FODMAP settings, training data, nutrition data, tracking data, and coach notes when entered. |
| Support, contact, and feedback | Name, email, subject, message, support tickets, feature requests, contact form metadata, partner-interest registration details, channel URLs, audience size ranges, and related correspondence. |
| Usage, diagnostics, and telemetry | Page labels, API paths, browser performance, errors, request IDs, status codes, device or browser metadata, and product UI state. |
| AI, transcription, and import inputs | Assistant prompts, conversation history, generated plan context, imported recipe content, and audio or text submitted to supported AI features. |
Purposes and lawful bases
| Purpose | Lawful basis or condition |
|---|---|
| Provide accounts and the service | Contract, plus legitimate interests for service administration. |
| Billing, subscriptions, tax, referrals, and fraud checks | Contract, legal obligations, and legitimate interests in operating a paid service and preventing abuse. |
| Support and contact requests | Contract where support relates to the service, and legitimate interests for other support or contact requests. |
| Security, logging, and abuse prevention | Legitimate interests and legal obligations where applicable. |
| Product diagnostics and reliability telemetry | Legitimate interests in maintaining the service, and consent where cookie or similar-technology law requires it. |
| Coach-managed workspace and client content | The coach is responsible for the lawful basis where the coach controls the client relationship. CoachHaven processes that content under coach instructions where we act as processor or service provider. |
| Health, diet, allergy, training, and nutrition-related data | The coach must identify a valid GDPR Article 9 or UK GDPR special-category condition where required. Explicit client consent is the expected default unless the coach can lawfully rely on another valid condition. |
| Legal compliance and dispute handling | Legal obligations and legitimate interests. |
Health and special-category data
CoachHaven can contain diet, allergy, training, nutrition, and other health-related information. Coaches must only add this data when they have a lawful basis and any special-category condition required by UK GDPR, EU GDPR, or other applicable privacy law. Explicit client consent is the expected default unless the coach can lawfully rely on another valid Article 9 or UK GDPR condition.
CoachHaven processes this information to provide the software, not to provide medical care. Coaches must review plans, AI suggestions, and solver output before using them with clients.
How we share data
| Recipient or category | Reason |
|---|---|
| Auth0/Okta | Authentication, account login, session management, and identity security. |
| Stripe | Payments, subscriptions, invoices, fraud checks, referral or promotion handling, and Stripe Connect where used. |
| Resend | Transactional email, contact notifications, support messages, and service communications. |
| Google Gemini | AI assistance, recipe import, generated plan context, and generated workflow features when you use those features. |
| Deepgram | Audio transcription for supported assistant and import workflows. |
| Railway, managed Postgres, Upstash Redis, and Tigris/S3-compatible object storage | Running the app, API, database, cache, queue, file storage, backups, and infrastructure. |
| Monitoring, logging, and telemetry providers | Security, reliability, debugging, metrics, and incident investigation. |
| Professional advisers, authorities, or counterparties | Legal compliance, accounting, dispute handling, enforcement, and protection of rights. |
International transfers
CoachHaven targets users in the UK, EU/EEA, and US. Our confirmed production providers are Auth0/Okta, Stripe, Resend, Google Gemini, Deepgram, Railway, managed Postgres, Upstash Redis, Tigris/S3-compatible object storage, and monitoring, logging, and telemetry providers. These providers may process data in the UK, EU/EEA, US, and other countries. Where UK or EEA personal data is transferred internationally, we use or require safeguards available under data protection law, such as adequacy regulations, the UK/EU-US Data Privacy Framework where applicable, standard contractual clauses, the UK international data transfer addendum, or equivalent processor terms. You can ask for more information at support@coachhaven.app.
Retention
| Data | Retention criteria |
|---|---|
| Coach account, profile, and workspace data | Kept while the account is active. Account deletion removes local account and associated workspace data after active client constraints are resolved, subject to legal, billing, security, dispute, and backup exceptions. |
| Client records | Kept while the coach keeps the client record. Archived clients remain until the coach permanently deletes them or account deletion removes the workspace data. |
| GDPR export files | Export files are available for 24 hours. Expired or failed export job records may remain for up to 30 days before cleanup. |
| Billing and tax records | Kept as long as payment, accounting, tax, chargeback, or legal rules require. |
| Support, contact, and feedback records | Kept as long as needed to handle the request, maintain a service record, prevent abuse, or handle legal claims. |
| Logs and telemetry | Kept for operational security, reliability, debugging, and audit periods, then deleted or aggregated when no longer needed. |
| AI assistant conversations, imports, and media | Uploaded media is kept as product content until deletion, account deletion, or normal product pruning applies. Media you view or select locally but do not upload is not stored by CoachHaven. Assistant conversation history is capped by product limits. |
| Backups | Residual copies may remain until the relevant backup cycle expires or is overwritten. |
AI and automated decisions
CoachHaven uses AI, transcription, and optimisation features to assist coaches. These features do not make solely automated decisions with legal or similarly significant effects for coaches or clients. Coaches must review generated output before using it.
Your rights
- Access a copy of your personal data.
- Ask us to correct inaccurate personal data.
- Ask us to delete personal data where the law allows deletion.
- Ask us to restrict or object to some processing.
- Ask for portability of data you provided where that right applies.
- Withdraw consent where processing relies on consent.
- Complain to the UK Information Commissioner’s Office or your local EU/EEA supervisory authority.
Coaches can request exports and deletion in account settings or by emailing support@coachhaven.app. Clients in coach-managed workspaces should normally contact their coach first; we will help the coach respond where we act as processor or service provider.
Security
We use TLS in transit, managed infrastructure, access controls, authentication, rate limits, audit records, and operational monitoring to protect the service. No online service can guarantee perfect security.
Contact
For privacy questions or rights requests, email support@coachhaven.app or write to COACHHAVEN LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.