Privacy & Security

How AI Coach protects your data

Our Commitment

Privacy and security are foundational to AI Coach. The platform is designed to give participants meaningful control over what is stored, what is shared, and which parts of their experience stay private by default.

This page describes the product-level contract: what the system stores, which parts of the experience are private, which parts are visible to coaches or stream operators, and where you can exercise those controls in the product.

Encryption

All personal coaching content is encrypted at rest using AES-256-GCM, the same standard used by financial institutions and government systems. This includes:

  • Your coaching conversation messages
  • Your memory and coaching context
  • Assessment data and session analyses
  • Personalised content generated for you

Each piece of data is encrypted with a unique initialisation vector (IV), meaning identical content produces different encrypted outputs. Encryption keys are rotated regularly for additional security.

Visibility and data isolation

AI Coach separates data by tenant and by role. Different parts of the product have different visibility rules:

  • Tenant isolation keeps one organisation's data separate from another's
  • Coach and sponsor visibility is product- and mode-dependent, not universal; for example, sponsor reporting is constrained by privacy settings and participant consent rules
  • Private-by-default participant content applies to surfaces such as reflections unless a participant explicitly chooses to share
  • Your data is never sold or repurposed outside the product experience
  • AI providers do not train on your content through the platform's configured provider path

You Are in Control

You decide what is remembered and what is forgotten:

  • Memory is opt-in — the platform remembers nothing about you until you explicitly choose to enable it
  • Ephemeral sessions — you can have coaching conversations that are permanently deleted when you close them
  • Delete anything, anytime — you can delete individual memories, entire sessions, or all your data with a single action
  • Export your data — download everything we hold about you in JSON, CSV, or PDF format at any time

In the product, these controls live primarily in Profile → Legal & your data and the related data settings surfaces.

GDPR Compliance

AI Coach is designed for full compliance with the EU General Data Protection Regulation (GDPR):

  • Right to erasure (Art. 17) — complete deletion of all your data, including database records and stored files
  • Right to data portability (Art. 20) — export all your data in machine-readable formats
  • Data minimisation (Art. 5) — we collect only what is necessary for your coaching experience
  • Consent management (Art. 7) — explicit consent required for memory storage, with instant opt-out
  • Data retention limits (Art. 5) — automatic deletion of inactive data after defined periods
  • Data protection by design (Art. 25) — privacy controls are built into the architecture, not bolted on

EU AI Act Compliance

AI Coach operates as a limited-risk AI system under the EU AI Act and meets all applicable transparency and safety requirements:

  • AI transparency — you are always clearly informed that you are interacting with an AI coaching assistant, not a human
  • Safety boundaries — a dual-layer detection system identifies when conversations move beyond coaching scope, with immediate referral to appropriate human support
  • Human oversight — coaches maintain full control over the AI's knowledge base, coaching methodology, and safety rules
  • No consequential decisions — AI coaching is advisory only and never makes employment, medical, or legal decisions

What the AI Can and Cannot See

When you interact with the AI coach:

  • It sees your current conversation and (if you opted in) your stored memories from previous sessions
  • It sees the coaching methodology and knowledge base configured by your coach
  • It cannot see other users' conversations
  • It does not retain your data after the conversation — AI providers process in real time only
  • It does not use your data to improve or train its models

Audit & Logging

System logs track operational events (such as "memory created" or "session started") but never log the content of your conversations, memories, or coaching interactions. All logging is designed to be PII-safe — personal identifiers are automatically stripped before any data is recorded.

Cookies and account actions

Cookie consent, data export, and account deletion are handled as product actions, not buried in a footer.

  • Cookies — control banner preferences through the Cookies page and related Profile entry points
  • Export — use the export controls to request a copy of your data
  • Deletion — account deletion is destructive and may include a grace-period flow depending on the surface

Questions?

If you have any questions about how your data is handled, please contact your coach or organisation administrator. They can provide additional detail about your organisation's specific data processing arrangements.

Last updated: April 2026