Privacy Policy

1. Introduction

Coaching With Clive ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

2. Data Controller and DPO

Acacia Psychological Services Ltd. is the data controller. Our Data Protection Officer can be contacted at: gdpr@coachingwithclive.com

3. Information We Collect

We collect and process the following types of personal data:

  • Identity data: name, username
  • Contact data: email address
  • Technical data: IP address, browser type, device information
  • Usage data: app interactions, feature usage
  • Coaching-related data: usage (e.g., session length), goals, progress, feedback

4. Data Minimization and Privacy by Design

We apply data minimization principles, collecting only data that is adequate, relevant, and limited to what is necessary for the purposes of processing. Our app is designed with privacy in mind, incorporating data protection measures from the ground up.

5. Lawful Basis and Purposes for Processing

We process your data based on the following lawful grounds:

  • Consent: For marketing communications and AI-powered features
  • Contract: To provide our coaching services
  • Legitimate Interests: To improve our services and prevent fraud
  • Legal Obligation: To comply with legal requirements

6. Explicit Consent for AI Processing

Our app uses AI-powered features to enhance your coaching experience. We will obtain your explicit consent before processing any personal data through these AI systems, especially for any special categories of personal data. You can withdraw this consent at any time.

7. Data Retention

We retain your personal data only as long as necessary. Specific retention periods are:

  • Account information: 2 years after last activity
  • Coaching data: 2 years after last activity
  • Usage data: 2 years after last activity
  • Marketing preferences: Until you unsubscribe

8. Data Storage and Security

We use Supabase, a secure cloud database provider, for user authentication. Supabase stores your authentication information within the European Economic Area (EEA). We implement appropriate technical and organizational measures to ensure data security.

Supabase's Data Processing Agreement (DPA) is available at: https://supabase.com/downloads/docs/Supabase+DPA+231211.pdf. We encourage you to review this document to understand Supabase's commitments to data protection and compliance with privacy regulations.

9. Third-Party Services and International Transfers

We use OpenAI's services, based in the United States, for specific AI features in our app:

  • Whisper API: For automatic speech recognition and transcription.
  • GPT-4o-mini API: For generating human-like text based on input prompts.

When you interact with these features, your inputs may be processed by OpenAI's systems in the United States or other countries outside the European Economic Area (EEA). This constitutes an international transfer of data under GDPR.

We are committed to ensuring that your data receives an adequate level of protection. We continually review and update our data transfer mechanisms in line with evolving regulatory guidance. These may include:

  • Relying on adequacy decisions where available
  • Implementing Standard Contractual Clauses (SCCs) where appropriate
  • Implementing additional safeguards as required by applicable data protection laws

For more information about our specific data transfer mechanisms or to request a copy of any applicable safeguards, please contact our Data Protection Officer.

OpenAI's privacy information can be found at: https://trust.openai.com/. We recommend reviewing this information to understand how OpenAI handles user data and their privacy policies.

10. Your Rights Under GDPR

You have the following rights:

  • Access, rectification, erasure, restriction, data portability, objection
  • Withdraw consent at any time
  • Not be subject to automated decision-making, including profiling

To exercise these rights, contact our DPO. We'll respond within one month, extended to two months for complex requests.

11. Data Breach Procedures

In the event of a data breach, we will notify affected users and relevant authorities within 72 hours of becoming aware of the breach, where feasible. We will provide information on the nature of the breach, likely consequences, and measures taken to address it.

12. Children's Data

Our services are not intended for children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

13. Cookies and Similar Technologies

We use cookies and similar tracking technologies. You can manage your cookie preferences through your browser settings. For more information, see our Cookie Policy.

14. Changes to This Policy

We may update this policy periodically. Significant changes will be notified to you directly.

15. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. You can contact the Information Commissioner's Office in the UK at ico.org.uk/concerns.

Last updated: 2024-07-20

We only use essential cookies.

Read our cookie policy here.