Privacy Policy

Coachbot (“we”, “us”) is operated by [Legal entity name], registered in [jurisdiction] at [registered address]. We're the data controller for the information our customers and their leads submit to the service.

Questions about this policy or your data: email [privacy@yourdomain].

When a workspace owner signs up, we collect:

• Account email and password hash (scrypt, salted)
• Optional display name
• Workspace configuration (gym name, branding, agent persona)
• Encrypted third-party integration credentials (Twilio, Cal.com, OpenAI)

When a lead submits the public form on a workspace, we collect:

• Name, phone number, and email address
• Their stated goal (free-text)
• Timestamp and version of the consent they gave
• Any subsequent WhatsApp conversation between the lead and the AI agent or a teammate

We process lead data on the basis of explicit consent — the required checkbox at the bottom of the public form. We process workspace owner data on the basis of contract (operating the service you signed up for).

• Run the AI conversation with the lead on WhatsApp (qualify, answer questions, book a call).
• Show the lead and the transcript to the workspace owner and their teammates.
• Aggregate metrics (counts of leads, bookings, conversions) displayed in the workspace's Analytics page.
• Send service-related notifications to workspace owners.

We do notsell or rent personal data. We do not use lead messages to train models — every workspace's OpenAI key (when provided) is used only to generate replies for their own conversations.

We share data with the following processors strictly as needed to run the service:

• Twilio (US) — to send and receive WhatsApp messages on your behalf.
• OpenAI(US) — to generate the agent's replies. Conversation content is sent for inference.
• Cal.com (EU/US) — to list available slots and create bookings.
• Neon (EU/US, region of your project) — primary database.
• Vercel (US) — application hosting and edge network.
• Inngest (US) — background job execution for the agent runs and retention sweep.

International transfers (from the UK/EU to the US) rely on Standard Contractual Clauses. A full sub-processor list with links to each provider's DPA is available on request: [privacy@yourdomain].

Each workspace can configure an auto-deletion window from its Settings page (30 / 90 / 365 days, custom, or keep forever). When set, a nightly job permanently deletes leads and their full transcripts older than that window.

Workspace owner records are retained for the lifetime of the account. After you delete your account (contact us — self-serve is on the roadmap) we delete your personal data within 30 days.

You can ask us at any time to:

• Access — receive a copy of the data we hold about you. Workspace owners can self-serve via Settings → Export. Leads should contact the workspace owner whose form they submitted.
• Rectify — correct any inaccurate data.
• Erase— delete your data. Workspace owners can self-serve from the lead's transcript page.
• Object / restrict — stop us from continuing to process your data.
• Withdraw consent — reply STOP on WhatsApp (we stop messaging immediately and mark the lead unsubscribed).

You can also complain to your local data-protection regulator (in the UK, the ICO).

The admin dashboard uses a single first-party HTTP-only cookie to keep you signed in (HMAC-signed session, 7-day expiry). We don't use analytics or advertising cookies. The public lead form sets no cookies.

Integration credentials are encrypted at rest with AES-256-GCM using a master key kept outside the database. Passwords use scrypt with per-user salt. All traffic is TLS-encrypted. Internal access is restricted to [your team] and audited.

We'll post material changes here and email workspace owners ahead of the effective date. The version each lead consented to is recorded against their record, so future changes don't retroactively apply to past consent.