Privacy Policy
This policy explains how CoachFlow (ABN 82 387 802 916) (“we”, “us”, “our”) handles personal information when you use the CoachFlow application and website (the “Service”).
Effective date: 7 July 2026 · Last updated: 7 July 2026
1. Who we are and how this policy applies
CoachFlow is a customer-relationship tool for fitness and lifestyle coaches. We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where the General Data Protection Regulation (GDPR) or other laws apply to you, additional rights may be available (see section 12).
Two roles. For information about a coach’s own account (their name, email, billing), CoachFlow is the data controller. For information a coach enters about their own leads and clients, the coach is the controller and CoachFlow acts as their processor, handling that data on the coach’s behalf and under our Terms of Service. Coaches are responsible for having a lawful basis and any necessary consent to enter their clients’ information into the Service.
2. Information we collect
- Account information — name, email address, password (hashed), business name, brand settings, and role.
- Contact and client information you enter — the details a coach records about their leads and clients: names, contact details, notes, goals, check-ins, service/plan details, and activity history. This may include health or wellbeing information (for example fitness goals or progress notes).
- Billing information — subscription tier and payment status. Card payments are processed by our payment provider (Newie); we do not store full card numbers.
- Usage and technical data — log data, device/browser information, and IP address, used to operate and secure the Service.
- Local storage — we store preferences (such as theme, layout order, and settings) in your browser. See section 11.
3. How we use information
- To provide, maintain, and improve the Service.
- To authenticate users and secure accounts.
- To process subscriptions and payments.
- To provide support and respond to enquiries.
- To send service-related communications (for example security or billing notices).
- To comply with legal obligations and enforce our Terms.
We do not sell personal information. We do not use client information a coach enters to train machine-learning models or for our own marketing.
4. Sensitive and health information
Coaching records may include health or sensitive information. Under the Privacy Act, organisations that handle health information are covered regardless of turnover. We only handle such information to provide the Service to the coach who entered it, and coaches are responsible for collecting it lawfully and with consent from their clients.
5. Disclosure and service providers (sub-processors)
We share information with trusted providers who help us run the Service, under contract and only as needed:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and content delivery.
- Newie — payment processing.
- GoHighLevel — CRM integration, for coaches who enable it (higher tiers only).
We may also disclose information where required by law, to protect our rights, or in connection with a business sale or restructure (in which case this policy continues to apply).
6. Overseas transfers
Our infrastructure providers (Supabase and Vercel) may store or process data in Australia and/or overseas, including in the United States. Where personal information is disclosed overseas, we take reasonable steps to ensure it is handled consistently with the APPs.
7. How we protect information
- Row-level security so each business can only access its own data.
- Encryption in transit (HTTPS) and at rest via our infrastructure providers.
- Access controls and authentication on all accounts.
No system is perfectly secure, but we work to protect information using reasonable technical and organisational measures.
8. Data retention and deletion
We keep personal information for as long as an account is active or as needed to provide the Service, then delete or de-identify it within a reasonable period, unless we must retain it to meet legal obligations. Coaches can delete client records within the app; deletion may be subject to a short grace period before permanent removal.
9. Data breaches
We maintain procedures to detect and respond to data breaches. Where a breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.
10. Children
The Service is intended for coaches operating a business and is not directed at children. Coaches must ensure they have appropriate authority and consent before entering information about anyone under 18.
11. Cookies and local storage
We use strictly necessary cookies for authentication and browser local storage for functional preferences. We do not use these for advertising. [If you add analytics or marketing cookies, disclose them here and provide a consent mechanism.]
12. Your rights
You may request to:
- access the personal information we hold about you;
- correct information that is inaccurate or out of date;
- ask questions or make a complaint about how we handle your information.
If you are covered by the GDPR or similar laws, you may also have rights to erasure, restriction, portability, and objection. To exercise any right, contact us at admin@coachflowx.com. If you are not satisfied with our response, you can complain to the OAIC at oaic.gov.au.
13. Changes to this policy
We may update this policy from time to time. We will post the updated version here and change the “Last updated” date. Material changes will be communicated where appropriate.
14. Contact us
CoachFlow
ABN 82 387 802 916
Mermaid Beach QLD, Australia
Email: admin@coachflowx.com