CoachNest
+1 416 555 0581 hello@coachnest.com

Privacy Policy

  1. Introduction CoachNest (“CoachNest Inc.,” “we,” “our,” “us”) is a Canadian subscription platform that connects business-owners with certified coaches and provides goal-tracking dashboards, session scheduling, and AI-powered performance analytics. This Privacy Policy explains how personal information is collected, used, stored, and disclosed when coachees, coaches, corporate sponsors, or visitors interact with our website, mobile apps, or support channels.

  2. Privacy Policy We follow the Personal Information Protection and Electronic Documents Act (PIPEDA) and all substantially similar provincial statutes.

• Information we collect
(a) Profile data — full name, email, province, industry sector, language preference, multi-factor-authentication seed, sign-in IP logs.
(b) Coaching records — match history, session notes (added only with explicit participant consent), action-plan milestones, uploaded worksheets, progress feedback.
(c) Community content — forum posts, event RSVPs, poll responses, peer endorsements.
(d) Payment data — tokenised card reference, billing postal code, GST/HST allocation, transaction history.
(e) Organisation data (for team plans) — company name, CRA business number, licence pool, participant roster, aggregate engagement metrics.
(f) Device & telemetry — browser build, mobile OS, feature clicks, session duration, crash traces. (g) Support artefacts — chat transcripts, screen-share recordings, voicemail files.

• Purposes
– create and manage accounts, coach matches, and session calendars;
– send reminders, generate progress dashboards, and issue accreditation certificates;
– process subscription fees and deliver tax-compliant invoices;
– analyse de-identified aggregates to improve matching algorithms and curriculum design; – detect fraud, enforce the Code of Conduct, and comply with regulatory obligations.

• Retention Coaching transcripts and progress logs persist for the life of the account plus seven years for audit purposes. Financial records follow CRA retention rules (minimum seven years). Encrypted backups purge on a rolling 35-day schedule.

• Access & Correction
Authenticated users may review or update profile and coaching data at any time via Settings → Profile or by emailing privacy@coachnest.com.

• Consent Express consent is obtained at registration and whenever you purchase a plan, connect a calendar, or upload session notes. Implied consent applies to operational logs essential for security. Withdrawal requests are honoured unless legal or contractual duties require continued processing; we outline any impact before completion.

• Accountability A designated Privacy Officer conducts annual compliance reviews, trains staff, and answers privacy inquiries within 30 days.

  1. GDPR
    CoachNest primarily targets Canada, but some coaches or coachees may reside in the European Economic Area (EEA). Where the EU General Data Protection Regulation (GDPR) applies, we act as controller for profile and billing data and processor for coaching materials you upload. Legal bases include performance of a contract (Art. 6 (1)(b)), legitimate interest in platform security and service optimisation (Art. 6 (1)(f)), and legal obligation (Art. 6 (1)(c)). EEA residents may request access, rectification, erasure, restriction, portability, or objection via dpo@coachnest.com and may lodge complaints with their supervisory authority.

  2. Cookie Policy

4.1. Types of Cookies
• Essential — session tokens, CSRF guards, load-balancer cookies required for secure login.
• Preference — stores language, notification settings, theme, and calendar view.
• Analytics — first-party Matomo cookies with IP truncation that measure feature adoption and page latency. • Marketing — optional cookies announcing new coaching tracks or partner discounts; never used for third-party ad networks.

4.2. How to Disable Cookies Most browsers allow you to block or delete cookies. Essential cookies are mandatory for console access; disabling them prevents login. Preference and analytics cookies can be declined via the banner on first visit or by enabling “Do Not Track.” Marketing cookies load only after explicit opt-in and can be revoked under Account → Privacy.

  1. Transfer to Third Parties
    We do not sell personal information. Disclosures occur only to:
    • Canadian cloud providers hosting encrypted data in Toronto and Montréal;
    • PCI-DSS Level 1 payment processors;
    • Accreditation partners that verify certificates (only when you request validation);
    • Legal counsel, regulators, or courts when compelled by law or to defend claims;
    • Law-enforcement agencies where disclosure is necessary to investigate fraud or protect public safety. All vendors sign Data Processing Agreements mandating safeguards equivalent to PIPEDA and, where relevant, EU Standard Contractual Clauses.

  2. Data-Security Measures
    • AES-256-GCM encryption at rest with tenant-specific keys stored in FIPS 140-2 Level 3 Hardware Security Modules.
    • TLS 1.3 with Perfect Forward Secrecy for data in transit.
    • Zero-trust segmentation isolating each corporate workspace.
    • Role-based access control enforced by hardware-backed multi-factor authentication.
    • Hourly incremental and nightly full backups replicated across two Canadian regions (RPO 15 minutes, RTO 4 hours).
    • Continuous vulnerability scanning, quarterly penetration tests, and annual SOC 2 Type II audit. • Incident-response plan that notifies affected users within 72 hours of a confirmed breach, with remediation updates.

  3. Effective Date This Privacy Policy is effective as of 18 June 2025 and supersedes all previous versions. Material updates will be announced by email and in-app notice at least 30 days before they take effect.