Privacy Policy

Last Updated: June 12, 2025

Introduction

This Privacy Policy explains how EnCoCoEU S.L. (“we,” “us,” or “our”) collects, uses, and safeguards your personal data when you access or use The Coach AI (the “Service”).

This policy is designed in strict compliance with the following legal frameworks:

  1. Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR)

  2. Spanish Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD)

  3. Directive 2002/58/EC (ePrivacy Directive)

This document forms a legally binding part of our Terms of Service.

1. Who We Are and How to Contact Us

We are the Data Controller responsible for your personal data. You can contact us or our Data Protection Officer (DPO) for any data protection matters.

  1. Company Name: EnCoCoEU S.L.

  2. Registered Address: Plaza del Actor Enrique Rambal 17 / 17J, 46022 Valencia, Spain

  3. NIF (VAT ID): ESB22581854

  4. Commercial Registry: Registered in the Commercial Registry of Valencia, Volume [X], Folio [Y], Sheet [Z], Inscription [A]

  5. General Inquiries Email: feedback@the-coach.ai

  6. Data Protection Officer (DPO) Email: dpo@the-coach.ai

2. The Personal Data We Collect

We collect only the minimum data required to provide, maintain, and improve the Service:

  1. Account Data: Your email address, a hashed (unreadable) version of your password, chosen language settings, and any optional username.

  2. Coaching Data: The text inputs you provide to the AI and the responses it generates. This data is subject to our highest security standards.

  3. Technical Data: Your IP address, browser and device type, operating system, and session activity logs for security and functionality.

  4. Communication Data: The content of any messages or inquiries you send to our support or feedback channels.

  5. Consent and Cookie Data: A record of your consent decisions regarding our use of cookies and other technologies.

3. Special Categories of Data

We do not intentionally request sensitive personal data (such as health, religious, or political information). Should you voluntarily provide such data within your coaching inputs, you grant your explicit consent for us to process it for the sole purpose of delivering an AI-generated response. We will never use this sensitive data for any other purpose, such as advertising, analytics, or general AI model training.

4. Why and How We Use Your Data

We process your personal data for the following specific purposes, each supported by a lawful basis under GDPR:

  1. To Provide the Service: We process your Account, Coaching, and Technical Data to fulfill our contractual obligation to provide you with a functioning account and AI coaching responses (GDPR Art. 6(1)(b)).

  2. To Process Sensitive Data You Provide: We process any sensitive data within your Coaching Data based on your explicit consent, which you provide by voluntarily submitting it (GDPR Art. 9(2)(a)).

  3. To Secure Our Platform: We process Technical Data based on our legitimate interest in protecting the Service from fraud, abuse, and security threats (GDPR Art. 6(1)(f)).

  4. To Improve Our Service: We process pseudonymized Coaching Data based on our legitimate interest in enhancing our AI model and developing new features. You have the right to object to this processing at any time (GDPR Art. 6(1)(f)).

  5. For Analytics & Advertising: We process Technical and Cookie Data to analyze service performance and deliver personalized advertising, based on your explicit consent (GDPR Art. 6(1)(a)).

  6. To Provide Customer Support: We process Communication and Account Data based on our legitimate interest in resolving your inquiries effectively (GDPR Art. 6(1)(f)).

  7. To Comply with Legal Obligations: We process Account Data to comply with our legal duties, such as those related to tax and corporate law (GDPR Art. 6(1)(c)).

5. Integrated Cookie Policy

Our Service uses a bundled package of cookies and similar technologies that are essential for its operation.

Your consent is required to use the Service. By clicking "Accept" on our cookie banner, you agree to our use of all cookies as described here. If you do not provide consent, you will not be able to access or use the Service.

Our cookies serve three primary functions:

  1. Functional Cookies to maintain your login session, store preferences, and protect against fraud.

  2. Analytics Cookies to help us measure performance and identify issues using tools such as Google Analytics.

  3. Advertising Cookies to personalize content and track ad effectiveness via platforms such as Google Ads, which helps fund the Service.

You may withdraw your consent at any time. As cookies are required for the Service to function, this requires you to discontinue using the Service and clear the cookies from your browser.

6. Data Sharing and Third Parties

We do not sell your personal data. We only share data with trusted third-party service providers who act as Data Processors and are contractually bound by GDPR. These include:

  1. Cloud hosting and infrastructure providers (e.g., Google Cloud, AWS).

  2. Analytics and advertising partners (e.g., Google), based on your consent.

  3. Legal and regulatory authorities, when compelled by law.

7. International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure it receives a level of protection equivalent to that under GDPR through approved legal mechanisms like Standard Contractual Clauses (SCCs).

8. Data Anonymization and Retention

We prioritize your privacy by using pseudonymization for Coaching Data. We retain your personal data only for as long as necessary:

  1. Account Data is retained for the life of your account and deleted within 60 days of its closure, unless a legal obligation requires longer retention.

  2. Pseudonymized Coaching Data is retained for service improvement purposes. You may object to this processing at any time, in which case the data associated with your account will be deleted.

  3. Backup Archives containing your data may persist in a secure, encrypted state for up to 90 days after deletion from our live systems for disaster recovery purposes.

9. Your GDPR Rights

As a user, you have the following rights over your personal data:

  1. The right to Access a copy of your data.

  2. The right to Rectify inaccurate or outdated data.

  3. The right to Erase your data (“right to be forgotten”).

  4. The right to Restrict how your data is processed.

  5. The right to Object to data processing based on our legitimate interest.

  6. The right to Withdraw Consent for cookies or sensitive data at any time.

  7. The right to Data Portability to receive your data in a standard format.

  8. The right to Lodge a Complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

To exercise any of these rights, please contact our DPO at dpo@the-coach.ai. We may require identity verification to protect your data and will respond within 30 days.

10. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  1. End-to-end encryption for data both in transit and at rest.

  2. Pseudonymization and anonymization techniques to de-identify data.

  3. Strict role-based access controls to limit data access to authorized personnel.

  4. Continuous security monitoring and regular vulnerability assessments.

In the event of a data breach that poses a high risk to your rights, we will notify you and the AEPD without undue delay.

11. Age Restriction

The Service is strictly intended for users aged 18 years or older. We do not knowingly collect or process data from minors. If we discover that a user is underage, we will take immediate steps to delete all associated data.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in law or our services. For significant changes, we will provide prior notice via email or an in-app notification. Your continued use of the Service after the effective date of the update constitutes your acceptance of the revised policy.