Privacy Policy

Last updated: 18 December 2025

1. Who we are

Coach Chiron (based in the Netherlands) is the controller for the personal data described in this notice. You can reach us at support@coach-chiron.com.

2. Scope

This policy applies to our public website, product and related services (including the SaaS app, newsletter, support channels and AI features).

3. Personal data we process

  • Account and profile data: name, email address, password (hashed), language/currency preferences, organization membership and subscription details.
  • Payment data: billing name, email and payment method details handled by our payment processor (Stripe); we do not store full card numbers.
  • Product usage and technical data: app actions, device/browser information, IP address, log data and security signals.
  • Content you provide: text, files or other materials you upload or generate in the product, including AI prompts/responses.
  • Communications: messages sent via contact/support forms, email, or in-product feedback.
  • Newsletter data: email address and your consent status.

We do not knowingly collect information from children under 16.

4. How and why we use your data (legal bases)

  • Provide and secure the service (account creation, authentication, subscriptions, AI features, customer support): performance of a contract; legitimate interests in running and protecting our services.
  • Payments and invoicing: performance of a contract; compliance with Dutch/EU bookkeeping and tax obligations.
  • Product improvement, service analytics and fraud prevention: legitimate interests in improving stability and security; minimal, proportionate use.
  • Marketing communications (e.g., newsletter): consent, which you can withdraw at any time.
  • Legal compliance and defending our rights: compliance with legal obligations and legitimate interests.

5. Cookies and similar technologies

We use essential cookies for authentication/session security, locale preference and fraud prevention. Analytics is provided via Vercel Analytics (first-party, cookieless by default). Our payment provider (Stripe) may set cookies or use similar technologies for fraud detection and payment security. You can manage preferences in your browser settings; disabling essential cookies may prevent sign-in.

6. Analytics and third-party services

We rely on vetted processors to deliver the service:

  • Hosting and infrastructure providers for our web app, databases and storage.
  • Vercel Analytics to understand aggregated product usage.
  • Stripe for payments and billing.
  • Resend (email delivery) for account, support and newsletter emails.
  • Authentication providers you choose (e.g., Google, GitHub) to sign you in.
  • OpenAI (and related AI infrastructure) to process prompts/responses when you use AI features. Do not submit special-category data; prompts may be transiently stored for abuse prevention as described in OpenAI’s terms.

Service providers act under data processing agreements. We do not sell personal data.

7. International data transfers

Where partners process data outside the EEA/UK, we rely on EU adequacy decisions or Standard Contractual Clauses and take supplementary measures where required.

8. How long we keep data

  • Account and product data: for the life of your account and a reasonable period afterwards to handle queries or disputes.
  • Billing records: at least 7 years to meet Dutch/EU legal obligations.
  • Support communications: up to 24 months after resolution.
  • Logs and analytics: typically up to 12 months in identifiable form, then aggregated or deleted.
  • Newsletter data: until you unsubscribe or withdraw consent.

9. Security

We use encryption in transit, access controls, monitoring and regular reviews of suppliers. No method of transmission or storage is perfectly secure; if you suspect a security issue, contact us immediately.

10. Your rights

You have the right to request access, rectification, erasure, restriction, data portability and to object to processing based on legitimate interests, as well as to withdraw consent. You can manage many settings in your account; otherwise contact support@coach-chiron.com. You can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

11. Changes

If we make material changes to this policy, we will post an update in the app or on the website and note the effective date.