Version 1.0 — 13 June 2026
This Privacy Policy describes how personal data are processed in connection with the use of the CoachPartner Platform, accessible at coachpartner.app.
The controller is:
SOVELL, a French simplified joint-stock company with a sole shareholder (société par actions simplifiée unipersonnelle, SASU), whose registered office is located at 58 rue de Monceau, CS 48756, 75380 Paris Cedex 08, France, registered with the Paris Trade and Companies Register (RCS) under number 104 653 639, represented by its president Sophie Vellutini.
Contact for any question relating to personal data: contact@coachpartner.app
No data protection officer (DPO) has been appointed, such appointment not being mandatory given the activity. The point of contact for any request is the address above.
This Policy distinguishes two situations:
Data for which CoachPartner is the controller. These are the data concerning the User themselves, in their capacity as a coach using the Platform: account data, payment data, usage data. This Policy describes these processing activities.
Data for which CoachPartner is a processor. These are the personal data contained in the uploaded session files, concerning the User’s coached clients. For these data, the User is the controller and CoachPartner acts as processor. These processing activities are governed by the Data Processing Agreement (the “DPA”). Article 9 of this Policy is dedicated to them.
CoachPartner collects and processes the following categories of data concerning the User:
Account and identification data: surname, first name, email address and, where applicable, company name and professional information provided. Authentication is passwordless, by sending a single-use login link (Magic Link) to the User’s email address.
Payment data: the data necessary for payment of paid Analyses. Full bank card data are collected and processed directly by the payment provider Stripe. CoachPartner does not have access to them and retains only limited information such as a transaction identifier and the payment status.
Usage data and technical data: connection data, activity logs, data relating to use of the Service, IP address, browser and device type.
Communication data: content of exchanges with customer service.
Uploaded Content: the session files and their transcription. This content falls under the regime described in Article 9 and the DPA.
| Purpose | Legal basis |
|---|---|
| Account creation and management, provision of the Service | Performance of the contract (Terms of Use and Terms of Sale) |
| Processing of Orders and payments | Performance of the contract |
| Invoicing and compliance with accounting obligations | Legal obligation |
| Security of the Platform, prevention and detection of fraud and abuse | Legitimate interest of the controller |
| Improvement and maintenance of the Service | Legitimate interest of the controller |
| Response to requests sent to customer service | Performance of the contract or legitimate interest |
| Sending of marketing communications, where applicable | User’s consent |
| Handling of requests to exercise rights | Legal obligation |
The data are accessible to authorised CoachPartner staff and to its processors, strictly to the extent necessary for the provision of the Service.
CoachPartner uses the following processors:
| Processor | Role | Country of establishment | Data location | Transfer mechanism |
|---|---|---|---|---|
| Supabase, Inc. | Authentication, database, file storage | United States | European Union region | DPA and Standard Contractual Clauses for any access from the United States |
| Vercel, Inc. | Application hosting and execution of serverless functions | United States | European Union region | DPA and Standard Contractual Clauses for any access from the United States |
| Stripe Payments Europe, Ltd. | Payment processing | Ireland, with possible transfers to Stripe, Inc. (United States) | European Union and United States | DPA and Standard Contractual Clauses |
| Deepgram, Inc. | Transcription of audio files into text | United States | United States | DPA and Standard Contractual Clauses |
| Anthropic, PBC | Automated analysis of the transcript (Claude API) | United States | United States | DPA and Standard Contractual Clauses |
CoachPartner does not sell personal data and does not disclose them to third parties for third-party marketing purposes.
The data may be disclosed to an administrative or judicial authority where required by law.
Hosting and storage at rest of the data are configured in a European Union region.
Some processors are established in the United States, in particular for transcription and analysis. The use of these processors entails a transfer of data outside the European Economic Area.
These transfers are governed by the Standard Contractual Clauses (SCCs) adopted by the European Commission by Implementing Decision (EU) 2021/914 of 4 June 2021, supplemented where necessary by additional technical and organisational measures. A data processing agreement is entered into with each of these processors.
| Data | Retention period |
|---|---|
| Account and identification data | For the lifetime of the account, then deletion within thirty (30) days after its closure, subject to legal obligations |
| Billing and accounting data | Ten (10) years, in accordance with legal accounting retention obligations |
| Usage data and technical logs | Six (6) months maximum |
| Uploaded audio files | Deleted immediately after successful transcription; in the event of failure, automatic purge no later than 48 hours after upload |
| Transcriptions and Analysis results | Twelve (12) months from creation of the Analysis, then automatic deletion; manual deletion possible at any time by the User |
| Data for handling rights requests | For the time necessary to process the request, then archiving in accordance with legal time limits |
| Marketing data (if marketing communications are sent) | Three (3) years from the User’s last contact, or until consent is withdrawn |
CoachPartner implements appropriate technical and organisational measures to protect the data against loss, unauthorised access, disclosure or alteration.
These measures include in particular encryption of data in transit and at rest, access control on a need-to-know basis, data partitioning between accounts, hosting in a European Union region and access logging.
The data are not used to train or improve artificial intelligence models.
The content of uploaded sessions, namely the audio files and their transcriptions, is not accessed, listened to or read by any CoachPartner staff member, except strictly to the extent technically necessary to provide, maintain or secure the Service. This content is not read for the purpose of evaluating coaching practice or for any other purpose of CoachPartner’s own.
The session files uploaded by the User contain personal data concerning their coached clients. These files may contain sensitive data within the meaning of Article 9 of the GDPR.
For these data, the User is the controller and CoachPartner acts as processor, under the DPA accepted upon registration.
It is the User’s responsibility to inform their coached clients and obtain their consent. A coached client who wishes to exercise their rights or obtain information on the processing of their data must first contact the relevant coach, who is the controller. CoachPartner forwards to the relevant coach any request addressed directly to it.
The Analysis is produced by automated processing. It is a tool to support reflection provided at the User’s request and does not give rise to any decision producing legal effects or significantly affecting the User or their coached clients, within the meaning of Article 22 of the GDPR.
The Platform uses cookies and trackers strictly necessary for its operation, in particular for session and authentication management. These cookies do not require the User’s consent.
The Platform uses a privacy-friendly audience measurement tool that places no cookie or tracker on the User’s device and carries out no individual tracking. As no non-essential cookie is placed, no consent banner is required. Should CoachPartner use non-essential cookies or trackers, they would be placed only after obtaining the User’s consent via a dedicated banner.
In accordance with the GDPR, the User has the following rights over their data: right of access, right of rectification, right to erasure, right to restriction of processing, right to object, right to data portability, right to withdraw consent at any time where processing is based on consent, and the right to give directives concerning the fate of their data after their death.
These rights may be exercised by sending a request to contact@coachpartner.app. CoachPartner may request proof of identity in the event of reasonable doubt about the identity of the requester. A response is provided within the time limits set by the GDPR.
The User also has the right to lodge a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés, CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France, or via the website cnil.fr.
CoachPartner may amend this Policy, in particular to reflect legal, regulatory, technical or Service-related developments.
The User is informed of any substantial change by appropriate means, in particular by email or via the Platform. The applicable version is the one in force at the time of the relevant processing.