Privacy Policy

Coached ("we", "our", or "us") is operated by Yates Total Health. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Coached web application and mobile app (collectively, the "Service"). By using the Service, you agree to this policy.

1. Who We Are

Coached is a coaching platform connecting personal trainers and health coaches with their clients. The Service is operated by Yates Total Health, based in Australia. You can contact us at the details below.

2. Information We Collect

We collect information you provide directly when you register and use the Service:

• Account information — name, email address, and password (stored securely via Supabase Auth)
• Body metrics — weight, body fat percentage, and progress photos you choose to upload
• Training data — exercise sessions, loads, reps, personal bests, and program history
• Nutrition data — food logs, macro targets, and dietary preferences including intolerances
• Wellbeing check-ins — self-reported sleep quality, energy, stress, and soreness scores
• Health context — any health background information you or your coach enters into your profile
• Messages — communications between coaches and clients within the platform
• Device information — push notification tokens for delivering reminders (if you grant permission)
• Apple Health data (iOS only) — if you grant permission via Apple Health, we read and store your heart rate variability (HRV), resting heart rate, sleep duration, and step count. You can revoke this at any time in iOS Settings → Health → Data Access & Devices.

We do not collect this information passively or without your direct input. We do not use advertising trackers, third-party analytics SDKs, or sell your data to any third party. We do not use Apple Health (HealthKit) data for advertising or marketing, and we never sell it or share it with third parties for advertising purposes.

3. How We Use Your Information

We use the information we collect solely to operate and improve the Service:

• To provide your coach with visibility of your training, nutrition, and wellbeing progress
• To provide your coach with your Apple Health data, where you grant permission, so they can personalise your coaching
• To display your own data back to you in the app
• To send push notifications you have opted into (check-in reminders, new programs, coach messages)
• To power AI-assisted features such as food macro estimation (processed via Anthropic's API — no data is stored or used to train AI models)
• To send transactional emails such as account confirmation and password reset (via Resend)
• To diagnose technical issues and improve the Service

4. Data Storage and Security

Your data is stored in Supabase, a secure cloud database platform with row-level security controls ensuring each user can only access their own data. Progress photos are stored in Supabase Storage with access restricted to you and your assigned coach.

Apple Health data you grant access to (HRV, resting heart rate, sleep, and steps) is stored alongside your other data in Supabase, under the same row-level security controls.

We use industry-standard encryption in transit (HTTPS/TLS) and at rest. Passwords are never stored in plain text.

Supabase infrastructure is hosted on AWS. Data may be stored in servers located outside Australia; however, Supabase maintains compliance with applicable data protection standards.

5. Who We Share Your Data With

We do not sell or rent your personal information. We share data only with the following sub-processors, strictly to operate the Service:

• Supabase — database and authentication (privacy policy)
• Vercel — web hosting (privacy policy)
• Resend — transactional email delivery (privacy policy)
• Anthropic — AI features (food macro estimation only; no data is retained by Anthropic for training) (privacy policy)
• OneSignal — push notification delivery (privacy policy)

Your coach has access to your training, nutrition, body metrics, and wellbeing data as part of the coaching relationship. No other users can access your data.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Withdraw consent for push notifications at any time via your device settings
• Request a copy of your data in a portable format

You can delete your account and all associated data directly within the app via Profile (avatar, top right) → Delete account. To exercise any other rights, contact us at the address below. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will permanently delete your data within 30 days, except where retention is required by law.

8. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

9. Push Notifications

If you grant permission, we will send push notifications for: daily check-in reminders, new program assignments from your coach, and messages from your coach or clients. You can withdraw consent at any time in your device's notification settings or by contacting us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy at this URL and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Governing Law

This policy is governed by the laws of Queensland, Australia. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.