Jet — your CoachFlow team mascot
CoachFlow AI · Legal

Privacy Policy

How CoachFlow AI collects, uses, and protects your data.

Last updated: May 10, 2026

1. About this policy

This Privacy Policy explains how CoachFlow AI ("CoachFlow", "we", "us", "our") collects, uses, shares, and protects information when you visit getcoachflow.co or any subdomain, purchase one of our products, or use our done-for-you services. It applies to all visitors, customers, and prospective customers worldwide.

If you have questions, email hello@getcoachflow.co.

2. Information we collect

2.1 Information you give us directly

  • Name and email address — at checkout, lead-magnet forms, and the DFY onboarding form.
  • Payment information — collected and processed by Stripe. We do not store full card numbers; we receive only a customer ID, last four digits, expiry, and brand.
  • Instagram handle (and TikTok / YouTube handles) — submitted on the DFY onboarding form so the build team can wire your funnel.
  • Business information — coaching niche, monthly revenue range, offer description, brand colors, logo — when you complete the DFY onboarding form.
  • Communications — when you reply to our emails, message us on social, or contact support@getcoachflow.co.

2.2 Information we collect automatically

  • IP address — used for rate-limiting and security; not used to identify individual people.
  • Browser type and version, operating system, referring URL.
  • Usage analytics — pages visited, time on page, click events, form completion rate. Used to improve the site, not to track you across the web.
  • Email engagement — whether you opened our emails or clicked links inside (via Resend webhooks). You can opt out at any time using the unsubscribe link.

2.3 Information from integrations

If you use the done-for-you service and authorize CoachFlow to connect to your Instagram, ManyChat, Calendly, TikTok, or YouTube accounts, we receive only the data those platforms permit (e.g. account name, public message metadata, booking events). We store encrypted access tokens and never request scopes beyond what the integration needs.

3. How we use your information

  • To deliver the products and services you bought (PDFs, scripts, build setup, monthly support).
  • To communicate with you about your account, purchase, delivery, support requests, and product updates.
  • To improve our service through analytics and aggregate trends.
  • To process payments via Stripe.
  • To comply with legal obligations (tax, anti-fraud, lawful requests).
  • To send marketing emails with your consent — you can unsubscribe from any marketing email with one click; transactional emails (purchase confirmations, magic-link logins, build progress) cannot be unsubscribed from while you remain a customer.

4. How we share information (third parties)

We share data only with the service providers we need to run the business. Each provider receives only the data necessary for their function.

  • Stripe — payment processing. Privacy policy.
  • Resend — transactional email delivery and analytics. Privacy policy.
  • Supabase — encrypted database storage and file storage. Privacy policy.
  • ManyChat — Instagram DM automation, only if you authorize the integration. Privacy policy.
  • Vercel — website and application hosting. Privacy policy.
  • Calendly — call scheduling, only if you authorize the integration. Privacy policy.

We may also share information when legally required (subpoena, court order, fraud investigation) or to protect the rights, property, or safety of CoachFlow, our customers, or others.

In the event CoachFlow is acquired or merges with another business, your information may transfer to the new owner. We will give you notice before any transfer occurs and explain your options at that time.

5. No sale of personal data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes — full stop. This includes (under CCPA) any "sale" or "sharing" for cross-context behavioral advertising.

6. Your rights under GDPR (EU / UK / EEA users)

If you live in the European Union, the United Kingdom, or the European Economic Area, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data, subject to legal record-keeping obligations.
  • Restriction — ask us to pause processing your data.
  • Portability — receive your data in a structured, machine-readable format and transmit it to another service.
  • Objection — object to processing based on legitimate interests, or to processing for direct marketing at any time.
  • Withdraw consent — where processing is based on your consent, you can withdraw it at any time (this does not affect processing already carried out).
  • Lodge a complaint with your national data-protection authority.

To exercise any of these rights, email hello@getcoachflow.co. We respond within 30 days.

Our legal bases for processing are: (a) performance of a contract when you purchase a product or service; (b) legitimate interests for security, fraud prevention, and improving our service; (c) consent for marketing emails; (d) legal obligation for tax and compliance records.

7. Your rights under CCPA (California residents)

If you are a California resident, the California Consumer Privacy Act gives you additional rights:

  • Right to know what personal information we have collected, used, disclosed, and (if applicable) sold or shared about you.
  • Right to delete personal information, subject to legal record-keeping exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share personal data, so there is nothing to opt out of, but if that ever changes we will give you a clear opt-out link.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination — exercising any right above will not result in worse service, higher prices, or any negative treatment.

To exercise any of these rights, email hello@getcoachflow.co. We may need to verify your identity before responding.

8. Cookies and analytics

We use a small number of cookies and similar technologies:

  • Strictly necessary cookies — keep you logged in to your portal and remember your preferences. These are always on; the site doesn't work without them.
  • Analytics — privacy-friendly first-party analytics that don't track you across other websites.
  • Email tracking pixels — Resend uses a 1×1 pixel and link redirects to tell us if you opened or clicked our emails. You can disable image loading in your email client to opt out of open tracking.

We do not use third-party advertising cookies, retargeting pixels, or social-network tracking pixels.

9. Children's privacy

CoachFlow AI is for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided information to us, email hello@getcoachflow.co and we will delete it.

10. Security

We use industry-standard security measures including HTTPS / TLS for all data in transit, AES-256-GCM encryption for sensitive integration tokens, isolated production databases with row-level security, encrypted backups, and least-privilege access controls for our team. No system is perfectly secure — if you believe your account has been compromised, contact support@getcoachflow.co immediately.

11. Data retention

We keep your data only as long as needed for the purposes described in this policy and for any legal record-keeping obligations:

  • Account + profile data: while your account is active, plus 30 days after deletion.
  • Purchase records: 7 years (US tax record-keeping).
  • Email engagement events: 24 months.
  • Anonymized analytics: indefinitely.

You can request earlier deletion at any time using your rights above.

12. International data transfers

CoachFlow is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US and other countries where our providers (Stripe, Resend, Supabase, Vercel, ManyChat, Calendly) operate. We rely on Standard Contractual Clauses (or equivalent transfer mechanisms) where required to keep your data protected.

13. Updates to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will email you and post a notice on the site at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

14. Contact us

For privacy questions, requests under GDPR / CCPA, or to report a security issue:

← Back to CoachFlow AI
support@getcoachflow.co· Last updated May 10, 2026