Privacy Policy

1. Introduction

Coachful, operated by Influencee Agency OÜ ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Personal Information

When you create an account, we collect:

• Name and email address
• Profile picture (optional)
• Phone number (optional, used for WhatsApp communications)
• Account authentication data via Firebase Authentication

Usage Information

We automatically collect:

• Goals, habits, and progress data you enter
• Check-in responses and reflections
• Device information and browser type
• Usage patterns and feature interactions

Payment Information

Payment processing is handled by Stripe. We do not store your complete credit card information. We only receive limited information such as the last four digits of your card for reference purposes.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Personalize your experience and recommendations
• Process transactions and send related information
• Send you notifications, updates, and support messages
• Analyze usage to improve our Service
• Facilitate community features like Squad interactions
• Send WhatsApp messages for scheduling, reminders, and coaching communications
• Comply with legal obligations

4. Information Sharing

We may share your information with:

• Service Providers: Third-party services that help us operate the platform (Firebase for authentication, Stripe for payments, Stream for chat, WhatsApp Business API for messaging, Google APIs for email/calendar/drive integration)
• Squad Members: Limited profile information visible to other members in your accountability squads
• Coaches: If you have a premium plan with coach access, your coach may view your progress data
• Legal Requirements: When required by law or to protect our rights

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You can request deletion of your account and data at any time by contacting us.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Request data portability
• Withdraw consent at any time

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze how you use our Service. You can control cookie settings through your browser preferences.

9. Phone Numbers & WhatsApp Communications

We may collect your phone number for the purpose of sending communications via WhatsApp or other messaging services. This includes:

• Platform notifications: Coachful may send coaches account-related updates, reminders, and support messages via WhatsApp
• Coach-to-client communications: Coaches using the Coachful platform may send scheduling reminders, program updates, and other coaching-related messages to clients via WhatsApp
• Transactional messages: Booking confirmations, session reminders, and other service-related notifications

Your phone number will not be sold to third parties or used for unsolicited marketing. You may opt out of WhatsApp communications at any time by contacting your coach or our support team. Note that opting out may affect your ability to receive important service notifications.

WhatsApp messages are processed through Meta's WhatsApp Business API. By providing your phone number, you acknowledge that your data may be processed in accordance with WhatsApp's Privacy Policy.

10. Google API Data

Coachful integrates with Google APIs to provide coaching and communication features. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Scopes We Request

Gmail (Email Integration)

• gmail.readonly — Read your email messages to sync coaching-related emails into your Coachful inbox. We only access emails relevant to your coaching communications.
• gmail.send — Send emails on your behalf when you compose and send messages through Coachful's email features (e.g., client outreach, email sequences, broadcast emails).
• userinfo.email — Identify your Google account email address to link your Gmail account to your Coachful profile.

Google Drive (Recording Access)

• drive.readonly — Read-only access to Google Drive to locate and retrieve video call recordings (e.g., Google Meet recordings) for use within Coachful's session review and video analysis features. We do not modify, delete, or create files in your Google Drive.

Google Calendar

• calendar.readonly — Read your calendar events to display your schedule within Coachful and check availability for coaching sessions.
• calendar.events — Create, update, and manage calendar events for coaching sessions booked through Coachful.

How We Use Google Data

• Google data is used only to provide the specific features described above within the Coachful platform.
• We do not use Google data for advertising, market research, or to build user profiles unrelated to Coachful's coaching features.
• We do not sell, rent, or share Google user data with third parties, except as required to provide the Service (e.g., securely storing OAuth tokens to maintain your connection).
• We do not allow humans to read your Google data unless you provide affirmative consent, it is necessary for security purposes, it is required by law, or the data is aggregated and anonymized for internal operations.

Data Storage & Security

• OAuth refresh tokens are stored securely in our database and are encrypted at rest. They are used solely to maintain your authorized connection.
• Email content synced from Gmail is stored in our database to provide inbox features and is accessible only to you and your authorized coaches within your organization.
• Google Drive files are accessed on-demand and are not permanently stored in our systems beyond caching for active session review.
• Calendar data is synced to display scheduling information and is stored only as needed to provide calendar integration features.

Revoking Access

You can disconnect your Google account from Coachful at any time through your account settings. You can also revoke Coachful's access directly from your Google Account permissions page. Upon disconnection, we will stop accessing your Google data and delete stored OAuth tokens.

11. Instagram & Meta Platform Data

Coachful integrates with Meta's Instagram Platform API so coaches can build automations (auto-replies to DMs, comment-to-DM funnels, story-reply flows). When a coach connects their Instagram Professional account, we request the following permissions and process the data described below.

Instagram Permissions We Request

• instagram_business_basic — Read the connected account's username, profile picture, and account type to identify the integration.
• instagram_business_manage_messages — Send direct messages on the coach's behalf in response to user-triggered events (incoming DMs, story replies, post comments). Required to deliver the value the coach configured in their automation.
• instagram_business_manage_comments — Read post comments to detect keyword triggers and post public replies (the "Sent you a DM" pattern). Required for comment-to-DM automations.
• instagram_business_content_publish — Used by Coachful's separate content scheduling feature to publish posts. Not used by automations.

Data We Receive From Meta

• Messages and comments addressed to the connected account: received via Meta's webhook system. Used solely to evaluate automation triggers and craft replies.
• Sender Instagram-scoped user ID: opaque identifier required to send a reply DM. Stored for the minimum time needed to enforce the 24-hour messaging window and prevent duplicate sends.
• Long-lived access tokens (60 days): stored encrypted at rest. Refreshed automatically before expiry. Tokens are never returned to client browsers and are deleted upon disconnection.

How We Use Instagram Data

• Instagram data is used only to operate the automations and content features the coach explicitly configures.
• We do not use Instagram data for advertising, training AI models, or building cross-platform user profiles.
• We do not sell, rent, or share Instagram data with third parties beyond what is required to deliver the configured automation (e.g., calling Meta's API to send a DM the coach asked us to send).
• Coaches and their authorized organization members can view automation execution logs, which include the inbound message text and the outbound reply, to debug their flows.

Data Retention & Deletion

• Conversation tracking records (the timestamp of the last inbound message per sender) are kept only as long as needed to enforce Meta's 24-hour messaging policy.
• Automation execution logs are retained for 90 days for debugging and audit, then deleted.
• You can disconnect your Instagram account from the Coachful Connected Accounts panel at any time. We will revoke the integration, stop all webhook subscriptions, and delete stored access tokens.
• To request deletion of all Instagram-related data tied to your IG-scoped user ID, you (or Meta on your behalf) can submit a deletion request to our Data Deletion endpoint at https://app.coachful.co/data-deletion/instagram or email privacy@coachful.co.

By connecting your Instagram account, you acknowledge that data is also processed in accordance with Meta's Privacy Policy.

12. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. Your continued use after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at privacy@coachful.co