Privacy Policy

1. Controller and Scope

This Privacy Notice describes how Coachway ApS ("Coachway"), located in Denmark, processes personal data in our capacity as data controller in connection with the operation, maintenance and administration of the Coachway platform (the "Platform").

This Notice applies to all individuals whose personal data Coachway process as data controller, including:

• Coaches who create accounts on the Coachway Platform
• Clients (end-users) of the Coachway mobile app, who use the app at the invitation of their coach to track training, nutrition, body composition, and other health and fitness metrics
• Individuals who contact us, visit our website or otherwise interact with us
• Job applicants and Coachway employees (HR-related data)

For data clients enter or sync into the Coachway mobile app as part of their coaching relationship, the client's coach acts as an independent data controller for the coaching content; Coachway acts as data processor on the coach's behalf for that content. Coachway acts as independent data controller for platform-level data such as account credentials, technical and security logs, and aggregated platform analytics.

Contact for all privacy matters: hello@coachway.io

2. Categories of Personal Data Processed

Coachway processes the following categories of personal data as independent data controller:

Coaches (Platform users)

• Name, email address, password hash, profile settings, billing address, subscription status, invoice history, and other payment metadata.
• Payment card information is processed exclusively by Stripe Payments Europe Ltd.; Coachway does not store payment card numbers.
• Technical and security data such as IP addresses, device and browser information, session logs, authentication timestamps, error logs and security-related events.
• Information provided in support requests or other communications with Coachway. Cookie data depending on the user's consent.

Clients (App users)

• Account and profile data: name, email address, password hash, age, sex, height, weight, training goals.
• Training data: workout logs (sets, reps, weights, durations, notes), manually-tracked activity sessions, exercise history.
• Health and fitness data accessed through Apple Health or Health Connect - see section 11 for the full list of data types and purposes.
• Body measurement and progress data: weight, body composition, circumference measurements, progress photos.
• Nutrition data: meals logged, dietary preferences, allergies.
• Communication data: chat messages exchanged with the user's coach.
• Technical and security data such as IP addresses, device information, push-notification tokens, session logs and error logs.

Website visitors and other external contacts

• IP address, browser data, device information, usage logs and interactions with cookies or tracking technologies.
• Information voluntarily submitted via contact forms, email or other communication channels.

Job applicants

• Name, contact details, CV, cover letter, references, interview notes and assessment results.
• Where relevant and lawful, background checks.

Employees (HR data)

• Identification and contact information, employment agreement, salary and payroll information, tax data, absence and leave records, performance documentation, IT and login activity for security purposes, and any information required by employment, tax or bookkeeping law.

3. How Personal Data Is Collected

Coachway processes personal data when:

• Account creation and use of the Platform
• Use of the Coachway mobile app, including data entered by the client and data accessed through Apple Health or Health Connect with the client's explicit consent
• Technical logs generated by devices accessing the Platform or website
• Subscription payments processed via Stripe
• Support enquiries and business correspondence
• Job applications submitted to Coachway
• HR administration for employees
• Cookies and tracking tools activated only after consent (where required)

4. Purposes of Processing

Coachway processes personal data for the following purposes:

• Operating, maintaining and securing the Platform and the Coachway mobile app
• Enabling clients to track training, nutrition, body composition, and other health and fitness metrics in collaboration with their coach
• Enabling secure communication between clients and their coaches
• Managing user accounts, subscriptions and billing
• Providing support and handling enquiries
• Administering customer relationships with coaches
• Operating the website and consent-based analytics
• Managing recruitment processes
• Fulfilling employer obligations and HR administration
• Complying with legal obligations, including bookkeeping and employment law

5. Legal Bases (GDPR)

Processing is based on the following lawful bases:

• Explicit Consent (Art. 6(1)(a)) for analytics, marketing cookies and similar technologies
• Contract (Art. 6(1)(b)) - for account creation, Platform access and subscription management
• Legal Obligation (Art. 6(1)(c)) - Bookkeeping and compliance with applicable law.
• Legitimate Interest (Art. 6(1)(f)) - for security, fraud prevention and platform improvement
• Explicit Consent for special category data (Art. 9(2)(a)) - for processing health and fitness data accessed through Apple Health, Health Connect, or entered directly into the Coachway mobile app. This consent is given by the client when they enable an integration or enter data into the app, and may be withdrawn at any time by disconnecting the integration in their device settings, deleting the data via the in-app controls, or contacting Coachway.
• Personal Data (Art. 9(2)(b)/Art. 9(2)(h)) - where relevant for HR obligations

Consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

6. Sharing of Personal Data

Coachway does not sell personal data.

Data may be shared only with:

• The client's coach within the Coachway Platform, for client data entered or synced through the Coachway mobile app.
• Third-party subprocessors used by Coachway for hosting, analytics, file storage, and payment processing (e.g. Railway, Northflank, PostHog, Sentry, Stripe).
• Authorities when required by law.
• Successors in a potential business transfer under equivalent protections.

All processors are bound by GDPR-compliant agreements.

7. International Transfers

Some subprocessors may be located or have infrastructure outside the EEA. Where this results in a transfer of personal data, it is based on valid transfer mechanisms under GDPR, including the European Commission's Standard Contractual Clauses or an adequacy decision. Transfers are made only in accordance with Chapter V GDPR.

8. Retention

Personal data is retained only as long as necessary for the purposes described in section 4:

• Account and subscription data is retained for the duration of the User relationship
• Client training, nutrition, body composition, and health and fitness data is retained for the duration of the client's relationship with their coach on the Platform. Specific entries can be deleted at any time via the in-app controls. See section 11 for the full retention and deletion policy applicable to health and fitness data.
• Billing data is retained as required by accounting rules.
• Technical logs and security data are stored for limited periods
• Backup copies are retained only temporarily and are automatically purged.
• Data no longer needed is deleted or irreversibly anonymised.

9. Data Subject Rights

Individuals whose data are processed by Coachway have a number of rights under the GDPR:

• Access their personal data
• Request rectification
• Request erasure
• Request restriction of processing
• Object to processing
• Request data portability
• Withdraw consent
• Lodge a complaint with a supervisory authority (e.g. the Danish Data Protection Agency)

Requests may be submitted to hello@coachway.io

10. Security Measures

Coachway applies appropriate technical and organisational measures, including encryption in transit (TLS 1.2+) and at rest, access control, secure credential storage, logging, monitoring and regular security assessments. Security standards are applied consistently across all systems used to operate the Platform, including all systems that store or process health and fitness data.

11. Health and Fitness Data

The Coachway mobile app helps clients track their training, nutrition, body composition, and other health and fitness metrics in collaboration with their coach. This section describes how Coachway processes health and fitness data accessed or generated through the Coachway mobile app, including data accessed through Apple Health on iOS and Health Connect on Android.

Data accessed through Apple Health and Health Connect

With the user's explicit consent, the Coachway mobile app may access the following data types from Apple Health (iOS) and/or Health Connect (Android):

• Steps - to display the user's daily step count on the Home screen.
• Distance - to display total distance for synced runs, walks, and rides on the Activity Details screen.
• Heart rate - to display average and maximum heart rate per workout on the Activity Details screen.
• Active calories burned and total calories burned - to display calories burned per workout.
• Elevation gained - to display elevation gain for hikes, trail runs, and rides on the Activity Details screen.
• Exercise sessions - to import the user's workouts (runs, walks, hikes, rides, and other activities) into the Coachway activity history so the coach can review the client's training in context.

Each data type is requested individually, only when the user enables activity sync, and can be revoked at any time from Apple Health or Health Connect settings on the user's device. Disconnecting an integration stops new data from flowing into Coachway.

Data entered directly into the Coachway app

In addition to integration data, clients may enter or upload:

• Body measurements (weight, body composition, circumference)
• Progress photos
• Workout logs (sets, reps, weights, durations, notes)
• Manually-tracked activity sessions
• Nutrition logs
• Chat messages with their coach

How health and fitness data is used

Health and fitness data is used solely to:

• Display the user's training, nutrition, and progress within the Coachway mobile app.
• Allow the user's coach to view the user's progress and adjust their program accordingly.
• Generate aggregated views (e.g. weekly progress charts) within the app.

Health and fitness data is not sold to third parties, not transferred to data brokers, not used for personalized or interest-based advertising, and not used to determine credit-worthiness, insurance eligibility, employment suitability, or for lending purposes.

Sharing of health and fitness data

Health and fitness data is shared only with:

• The user's coach within the Coachway Platform.
• Infrastructure subprocessors used to host and operate the Platform (Railway, Northflank, PostHog, Sentry, Stripe), each bound by GDPR-compliant data processing agreements.

Coachway does not transfer health and fitness data to any third party for any other purpose.

Retention of health and fitness data

Health and fitness data is retained for the duration of the client's relationship with their coach on the Platform. When a client deletes their account, their health and fitness data is removed from active systems within 30 days and from backups within the standard backup rotation period (typically up to 90 days). Individual entries (e.g. a single activity, body measurement, or progress photo) can be deleted at any time via the in-app controls.

Security of health and fitness data

Health and fitness data is encrypted in transit (TLS 1.2+) and at rest. Access within Coachway's systems is restricted via role-based access controls and is logged for audit purposes. The general security measures described in section 10 apply equally to all health and fitness data.

User control

The user can, at any time:

• Disconnect the Apple Health or Health Connect integration via their device's privacy settings, which stops new data from flowing into Coachway.
• Delete individual activities, measurements, photos, or workout logs via the in-app controls.
• Request deletion of their entire account and all associated data via the in-app account-deletion flow or by emailing hello@coachway.io.

12. Cookies and Analytics

Essential cookies required for platform functionality are always active. Analytics or marketing cookies are used only after explicit consent, which may be withdrawn at any time. A separate cookie policy may apply.

13. Changes to This Policy

Coachway may update this Policy due to legal, technical or operational changes. Material changes will be communicated appropriately. Continued use of the Platform constitutes acceptance of the updated Policy.

14. Contact

Contact: hello@coachway.io