How we handle your and your clients’ data
We take GDPR seriously. As a platform that helps coaches run AI chats with their clients, we’re trusted with sensitive information. This page gives a clear, short overview of how we handle that data and what you can expect from us. It’s written for busy coaches; plain English first, legal detail in the linked policies.
GDPR (and UK GDPR) applies when you’re based in the EU/EEA or UK, or when you target or monitor people there, even if your business is elsewhere.
It also applies to us when we offer our service to coaches in the EU/EEA or UK, or when we otherwise handle personal data of people in those regions.
In practice, if you or your clients are in a GDPR region, or you actively market to/track people there, GDPR is in scope for you – and for us when we provide the service to you. Further detail on roles appears in the next section and in our policies.
Your role
You (the coach or coaching business) run your programme and manage your client relationships.
Our role
We provide the platform that powers your AI chats and keep it secure and compliant.
Conversation data (what clients and the AI say)
We and you are joint controllers for this data for a few limited, disclosed purposes—like generating aggregate insights about common client challenges and carrying out product quality/safety checks. We don’t use conversation content for unrelated marketing.
Account/registration data (sign-ups, workspace setup)
For this data we act as your processor and handle it under your instructions.
Where this is documented
See our Terms & Conditions, Privacy Policy, and End-user Terms for the full definitions and safeguards.
Why this matters
AI rules in Europe have tightened expectations around transparency and safety. Two items are most relevant:
EU AI Act (2024)
A risk-based law for AI systems. We align our product and documentation with its transparency, oversight, and resilience expectations where applicable.
GPAI Code of Practice (2025)
Guidance for providers of general-purpose AI. We follow its spirit; clear user notices, safety testing, and summaries of training-data sources where required.
What this means for you
We keep the in-product notices and policies up to date, and we’re rolling out simple UI touches (like dual links to your policy and ours) so compliance stays clear without adding friction.
Your role
You (the coach or coaching business) run your programme and manage your client relationships.
Our role
We provide the platform that powers your AI chats and keep it secure and compliant.
Conversation data (what clients and the AI say)
We and you are joint controllers for this data for a few limited, disclosed purposes—like generating aggregate insights about common client challenges and carrying out product quality/safety checks. We don’t use conversation content for unrelated marketing.
Account/registration data (sign-ups, workspace setup)
For this data we act as your processor and handle it under your instructions.
Where this is documented
See our Terms & Conditions, Privacy Policy, and End-user Terms for the full definitions and safeguards.
How we protect data
Encryption in transit and at rest, least-privilege access, logging/monitoring, and regular testing. We design features with privacy and safety in mind.
Where data is stored
We use AWS in the US and the EEA. When data moves across regions, we rely on standard contractual safeguards and equivalent protections, consistent with our policies.
How long we keep it
We keep data only as long as needed to run the service, ensure safety/reliability, and meet legal requirements. You can request deletion according to our terms.
Got a question we haven’t covered? We’re happy to help.
Email us at hello@coachvox.com or via the support page in Coachvox and we’ll get back to you.
Quick links
