Privacy Policy — Coachly

Last updated: 21 April 2026 Effective date: 21 April 2026

This policy explains what data Coachly collects, how it's used, who it's shared with, and the rights you have over it. It covers the iPhone app ("the App") and the backend service at coachly-backend-mu.vercel.app ("the Service").

Coachly is operated by Kevin McEnaney ("we", "us"). You can reach us at privacy@getcoachly.fit.

If you prefer the short version: we keep your data on your device, you control what syncs, we don't sell anything, and we don't use your data to train AI models.

1. What we collect and why

Every field below is only collected when the corresponding feature is turned on. Coachly ships with everything defaulting to off except the local workout / nutrition log (which is what the app is for).

1.1 On-device only — never leaves your phone unless you turn sync on

Your profile — name, age, weight, height, training goal, experience level, days you want to train.
Your workouts — plans, exercises, sets, reps, weights, RPE, completion timestamps.
Your nutrition log — foods, portion sizes, calorie and macro totals, water intake, weight entries.
Your check-ins — weekly energy / sleep / stress ratings, free-text reflections.
App preferences — which toggles you've flipped, exercises you've banned or deprioritised, disclaimer acceptance timestamps.
Device ID — a random UUID generated once on first launch, stored in localStorage as coachly_device_id. Used to meter your per-user coach budget.

This data is stored in your device's local storage. Uninstalling the app erases all of it.

1.2 Apple Health (HealthKit) — only if you toggle "Apple Health" on in Profile

Read: steps, active calories, heart rate, body-mass samples, workouts other apps have logged (Apple Fitness, Strava, Runna, Peloton, etc.). Write: nutrition entries and weight entries you log in Coachly.

HealthKit data is processed entirely on your device. It is never transmitted to our servers.

You can revoke any HealthKit permission at any time in iOS Settings → Privacy & Security → Health → Coachly.

1.3 AI coach — only when you send a message

When you send a message to the coach, we transmit to Anthropic's API (the "Claude" model):

Your message text
A context snapshot: name, age, recent workouts summary, today's nutrition totals, current training goal, streak, latest check-in scores, curated coaching memory
The app's system prompt (static instructions we use to shape the coach's responses)

We do not transmit:

Your email, password, device ID, or any identifiers that Anthropic could link to an account
Any data you haven't logged into the app yourself
Full food logs, full workout history, or free-text reflections beyond the current message context

Anthropic processes the request, returns a reply, and under our agreement does not retain it for training. We do not keep the message content server-side beyond the per-request lifetime.

1.4 Account (optional)

If you create an account, we collect via Supabase (our auth + database provider):

Your email address
A hashed password, OR, if you use Sign in with Apple, Apple's private relay address
A display name (optional; used in coaching copy)
A timestamp of last sign-in

With an account, we also sync — at your choice — the data in section 1.1 to your Supabase-hosted account so you can access it on another device.

You can delete your account and all synced data at any time from Profile → Account → Delete account.

1.5 Anonymous analytics (optional, off by default)

If you opt in to "Help improve Coachly" in Profile, we collect via PostHog (product analytics) and Sentry (crash reports):

Coarse event names: workout_completed, coach_message_sent, onboarding_completed, etc.
Event properties: duration in minutes, plan type, generic goal label — never message content, exercise names, or individual weights.
Anonymous session identifier that is not linked to your account or device ID.
Crash stack traces (no user content included).

We do not opt anyone in by default. You can turn this off again at any time.

1.6 Coach budget metering

We track the cost of your AI coach usage, keyed by your device ID or (when signed in) your Supabase user ID. This is solely to enforce the $0.50/month cap — we don't use these counters for anything else.

2. What we never collect

Contacts, photos, location, calendar, or microphone audio
Your exact food log, exact workout numbers, or free-text notes in analytics
Your HealthKit data on our servers
Tracking data for advertising or cross-app linking

We do not use App Tracking Transparency because we don't track you across other apps.

3. Why we process this data (legal bases)

Under UK GDPR / EU GDPR, our legal bases are:

Processing	Legal basis
Running the app on your device	Performance of a contract — you asked us to provide a fitness app
Your account + sync	Performance of a contract — you asked us to sync
HealthKit read/write	Explicit consent — your in-app toggle
Sending coach messages to Anthropic	Performance of a contract + consent (the coach consent gate)
Analytics + crash reports	Consent — opt-in only
Enforcing the coach budget	Legitimate interests — keeping the service sustainable

You can withdraw consent at any time by flipping the relevant toggle in Profile. Withdrawal doesn't affect processing that happened before.

4. Who we share data with

We use these service providers ("data processors") and share only what section 1 lists:

Provider	What	Where
Anthropic, PBC (US)	Coach messages → Claude API	US
Supabase, Inc. (US)	Account + optional data sync	EU region available
Upstash, Inc. (US)	Rate-limit + quota counters (Redis)	EU region available
Vercel, Inc. (US)	Backend function hosting	EU region available
RevenueCat, Inc. (US)	Subscription management (if you subscribe)	US
PostHog, Inc. (US)	Analytics (opt-in)	EU instance available
Sentry, Inc. (US)	Crash reports (opt-in)	EU instance available

Transfers to the US rely on Standard Contractual Clauses (SCCs) and, where applicable, the UK Addendum.

We do not sell your data. We do not share it with advertisers. We do not share it with data brokers.

5. How long we keep it

Data	Retention
On-device data	Until you uninstall the app or reset it from Profile
Supabase account data	Until you delete your account (at which point it's hard-deleted within 30 days)
Coach message content	Not retained beyond the per-request processing window (Anthropic applies a 30-day safety-moderation retention window per their terms; we don't receive it back)
Coach budget counters	40 days (daily) / 30 months (monthly backstop), then auto-expired
Analytics events	12 months, then aggregated and stripped of session IDs
Crash reports	90 days
Rate-limit counters	24 hours maximum

6. Your rights

Under UK / EU GDPR and similar laws, you can:

Access — see what we hold. Profile → Account → Export my data downloads a JSON of your synced blob.
Rectify — correct inaccurate data. Just edit it in the app, or email us for data we hold server-side.
Erase — have your data deleted. Profile → Account → Delete account does this for you; email us to confirm server-side removal.
Restrict — pause processing. Turn off the relevant toggle (Apple Health, analytics, sync).
Portability — take your data elsewhere. The Export feature gives you the full JSON.
Object — contest our legitimate-interests basis for any processing. Email us.
Not be subject to automated decision-making — the AI coach makes suggestions, it doesn't make binding decisions about you.

To exercise any of these rights, email privacy@getcoachly.fit. We respond within 30 days.

You can also complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

7. Security

All network traffic is TLS 1.2+.
Passwords are hashed by Supabase (bcrypt / Argon2id).
HealthKit data never leaves your device.
Our backend API is rate-limited (8 requests/minute + 80/hour per device) to prevent abuse.
Coach messages go through a safety classifier and a prompt-injection sanitiser before reaching Anthropic.

No system is 100% secure. If a breach affects your data, we'll notify you within 72 hours per GDPR Article 34.

8. Children

Coachly is intended for users aged 18 and over. Our onboarding asks for your age and refuses to proceed if you're under 18. If you believe a child under 18 has created an account, email us and we'll delete it.

9. International users

The Service is operated from the UK. If you use Coachly outside the UK, your data is transferred to the UK and to the US-based processors listed in section 4, with appropriate safeguards.

10. Changes to this policy

If we change this policy materially, we'll:

Update the "Last updated" date at the top
Post the new version at coachly-backend-mu.vercel.app/privacy
Show you a banner inside the app on your next launch so you have a chance to review before continuing

Non-material changes (spelling fixes, clarifications) we'll make silently.

11. Contact

Kevin McEnaney — privacy@getcoachly.fit

Postal address (for GDPR-required correspondence only): available on request via the email above.