Privacy Policy

1. Introduction

ClearInsite LLC (doing business as CoachingPortal) ("we," "us," or "our") operates a coaching platform that connects fitness and nutrition coaches with their clients. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our coaching platform services, including our web application and our iOS and Android mobile apps ("Apps"). If you do not agree with the terms of this privacy policy, please do not access the platform.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when creating an account or using our services:

• Account Information: Name, email address, phone number, password
• Profile Information: Date of birth, gender, profile photo
• Health & Fitness Data: Height, weight, body measurements, activity level, fitness goals, dietary restrictions, health conditions
• Progress Data: Daily weight logs, macro intake, exercise performance, progress photos, check-in notes
• Communication Data: Messages exchanged with your coach, feedback, and support inquiries

2.2 Information Collected Automatically

• Usage Data: We use Vercel Analytics to collect privacy-friendly, aggregated metrics such as page views, referring site, approximate region, and device/browser type. It is cookieless, is not tied to your identity, and is never used for advertising or cross-site tracking.
• Device Information: Browser type, operating system, device type and model. On mobile we may collect a device identifier for push notification delivery. We do not collect advertising identifiers (IDFA/GAID).
• Authentication Data: Login times, IP addresses, authentication tokens (managed by Firebase)
• Crash and Error Reports: Diagnostic data, crash logs, and performance information collected via Sentry to help us identify and fix bugs

2.3 Mobile App Permissions

Our iOS and Android apps may request the following device permissions:

• Camera / Photo Library: Used to capture or upload progress photos. Photos are stored securely in your account and are only accessible by you and your assigned coach.
• Push Notifications: Used to deliver check-in reminders, messages from your coach, and important account alerts. You can disable notifications at any time in your device settings or within the app.

Permissions are requested only when the relevant feature is first used. Denying a permission disables the associated feature but does not affect other app functionality.

2.4 Third-Party Authentication

We support third-party sign-in options:

• Google Sign-In: We receive your name, email address, and profile photo from Google. We do not have access to your Google account password.
• Apple Sign-In: We receive a unique identifier and optionally your name and email address from Apple. Apple may provide a private relay email address. We do not have access to your Apple ID password.

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Facilitate coaching relationships, track progress, deliver personalized fitness and nutrition guidance
• Communication: Send service notifications, respond to inquiries, deliver invitation emails
• Platform Improvement: Analyze usage patterns, improve features, ensure platform security
• AI-Assisted Insights: Generate structured coaching recommendations and drafts from check-in data when a coach requests them (direct identifiers such as name and email are excluded before sending)
• Legal Compliance: Comply with legal obligations, enforce terms of service, protect rights and safety

4. How We Share Your Information

4.1 With Your Coach

Clients: Your assigned coach has access to all information you provide, including health data, progress logs, and messages. This access is essential for providing coaching services.

4.2 Service Providers

We share data with trusted third-party service providers:

• Firebase (Google): Authentication, database hosting, file storage
• Resend: Email delivery. This covers transactional email (invitations, notifications) and, for coaches and clients, inclusion in our email contact lists used to send platform updates and announcements. You can unsubscribe at any time and we honor opt-outs.
• Vercel: Application hosting and content delivery
• OpenAI: AI processing for CoachGPT recommendations using structured, de-identified check-in data
• RevenueCat: In-app subscription management for our iOS and Android apps. RevenueCat processes purchase receipts from Apple App Store and Google Play on our behalf. RevenueCat does not receive your health or fitness data.
• Sentry: Crash reporting and application performance monitoring. Sentry receives diagnostic data and error logs to help us identify and fix bugs. Sentry does not receive your health or fitness data.

4.3 AI Features (CoachGPT)

CoachGPT generates coaching drafts on demand - check-in recommendations, client progress summaries, exercise programs, and meal plans. AI processing only occurs when a coach clicks Generate; no client data is sent to the AI provider in the background.

For each generation we send only the structured client data needed for that feature - for example sanitized check-in metrics, recent trends, the client's goal, macro targets, and dietary or health flags. We exclude direct identifiers (such as name and email) before sending. Requests and responses are logged solely for usage tracking and abuse prevention, and the AI provider does not use the content to train its models. AI outputs are stored in the Platform so coaches can review and edit them.

AI output is a drafting aid, not professional, medical, or nutritional advice. Coaches review and approve all generated content before it is assigned to a client. A coach can avoid sending any client data to the AI provider simply by not using the CoachGPT generators.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect rights, property, or safety.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption in transit (HTTPS/TLS) and at rest (Firebase encryption)
• Secure authentication using Firebase Auth with token-based access
• Role-based access controls and multi-tenant data isolation
• Regular security audits and monitoring

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services:

• Active Accounts: Data retained while account is active
• Deactivated Accounts: Data may be retained for up to 90 days for recovery purposes
• Deleted Accounts: Most data permanently deleted within 30 days of deletion request
• AI Processing: We do not store separate AI prompt transcripts; we retain the underlying check-in data and any generated recommendations with the check-in
• Legal Requirements: Some data may be retained longer to comply with legal obligations

7. Your Rights (GDPR & Data Protection)

If you are located in the European Economic Area (EEA) or UK, you have the following data protection rights:

To exercise these rights, contact us at: support@coachingportal.io

We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.

We ensure appropriate safeguards are in place, including using service providers that comply with GDPR and implementing Standard Contractual Clauses where necessary.

9. Health Data and HIPAA

HIPAA Does Not Apply: We are not a HIPAA-covered entity or business associate. The fitness and nutrition coaching services provided through our platform do not constitute medical treatment or healthcare services covered by HIPAA.

Health Data Protection: While HIPAA does not apply, we take the security of your health and fitness data seriously. We implement industry-standard security measures and comply with applicable state and federal privacy laws, including the FTC Health Breach Notification Rule.

Not Medical Advice: Information provided through the platform is for fitness and nutrition coaching purposes only and should not be considered medical advice. Consult with appropriate healthcare professionals for medical concerns.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach (as required by GDPR)
• Notify appropriate regulatory authorities as required by law
• Provide details about what information was compromised and steps we are taking
• Offer guidance on protective measures you can take

Notifications will be sent via email to the address associated with your account.

11. Children's Privacy

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete the information within 30 days.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for authentication and platform functionality
• Authentication Tokens: Maintain your logged-in session
• Local Storage: Store user preferences and cached data

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt-out of sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at support@coachingportal.io. We will respond within 45 days.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy with an updated "Last Updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: