Data Processing Agreement

About this agreement

This agreement covers how CoachFile handles personal data on your behalf when you use the service. It works alongside our Terms of Service and Privacy Policy. Where this summary and a signed DPA differ, the signed DPA governs.

Roles: who is who

For the client information you record in CoachFile (your clients' names, demographics, session notes, custom fields, and uploads), you are the data controller and CoachFile is your data processor. In plain terms: that data belongs to you. We process it only to provide the service to you, and only on your instructions, which are expressed through your use of the product and these documents.

For your own account data (your name, email, and billing details), CoachFile is the controller, and that handling is described in our Privacy Policy.

What we process and why

• Subject matter: storing and organizing the client records you enter into CoachFile.
• Purpose: providing the client memory system, including timelines, session histories, search, note migration, and reminders.
• Duration: for as long as your account is active, plus the deletion timelines below.

Data and people involved

The categories of data we process on your behalf are whatever you choose to enter: client names and contact details, demographics and custom fields, session notes, and any documents or photos you upload or import. The people whose data is involved are your clients. You decide what goes in; we store and organize it. Please do not enter special-category or prohibited data, including Protected Health Information, as described in our Terms.

Our obligations as processor

• Process your client data only to provide the service and only on your instructions, not for our own purposes.
• Never sell your data, never use it for advertising, and never use your client records to train AI models.
• Keep the people who operate the service under confidentiality obligations.
• Apply the security measures described below.
• Help you respond to your clients' data-subject requests and to meet your own legal obligations.
• Use subprocessors only under the terms below, and notify you of changes.
• Return or delete your data on termination, as described below.

Security measures

We apply appropriate technical and organizational measures, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Database-level isolation (row-level security) so one coach's data cannot be reached by another.
• No standing staff access to customer data; access only when you authorize it or the law compels it, with audit logging retained for 7 years.
• Rate limiting, a strict Content Security Policy, step-up reverification on sensitive actions, and edge protections through Cloudflare.
• Error monitoring with personal data scrubbed before sending.

Our full security model is described on our security page.

Subprocessors

We use the following subprocessors to operate CoachFile. Each maintains its own security and privacy commitments:

• Cloudflare: hosting, content delivery, file storage, edge security.
• Supabase: database and authentication backing.
• Clerk: authentication.
• Stripe: payment processing.
• Anthropic: AI extraction during note migration.
• Resend: transactional and account email.
• Sentry: error monitoring, with personal data scrubbed.
• PostHog: privacy-safe product analytics, with client content masked and never sent.

We give 30 days advance notice by email before adding or changing a subprocessor. If you object, you may end your subscription without penalty.

AI processing

When you use the migration tool, document text is sent to Anthropic's API to be organized into structured records. We use Anthropic's standard API tier: Anthropic does not use that content to train its models, retains API logs for about 30 days for abuse monitoring only, never for content review, and does not share the content with any other third party. The migration tool organizes what you provide and presents it for your review; it does not invent client information.

International transfers

CoachFile data is processed and stored in the United States. If you use CoachFile from outside the United States, your data is transferred to and processed in the United States by us and our subprocessors. EU data residency is available on the Mastermind plan on request. Where required, transfers rely on appropriate safeguards, which we will set out in a signed DPA on request.

Helping you meet data-subject requests

If one of your clients asks to access, correct, or delete their data, that request goes to you as the controller. You can fulfill most requests directly in the app, since you can edit and remove client records yourself. Where you need more, we will assist you within a reasonable time. You can also export all of your data at any time from your data settings.

Breach notification

If we confirm a personal-data breach affecting your data, our policy is to notify you without undue delay, and within 24 hours of confirming a material data-exposure event, with the information you need to meet your own notification obligations.

Return and deletion of data

You can export all of your data at any time. You can delete your account from your account settings. Deletion includes a 30-day grace period during which it can be reversed, after which your data is permanently deleted across our systems. Operational audit logs that record the deletion event are kept without personal data.

Audit and information rights

On reasonable request, we will provide the information you need to confirm we are meeting these commitments, including our security documentation and our subprocessors' compliance reports as they become available. Our infrastructure providers maintain SOC 2 Type 2 compliance today; CoachFile is pursuing its own attestation as part of our roadmap.

Requesting a signed DPA

To request a formal, signable Data Processing Agreement, email support@coachfile.app. We are happy to put one in place.