Skip to main content

Privacy Policy

Last updated: 14 May 2026

1. Introduction

The Coaching Blueprint ("we", "us", "our") operates the platform at thecoachingblueprint.co. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information we collect

Account information: When you register, we collect your name, email address, and optionally your coaching role and age group preference. Authentication is handled by Clerk, our identity provider.

Payment information: Payment processing is handled by Stripe. We do not store your card details. We retain your Stripe customer ID and subscription status to manage your access tier.

Usage data: We collect information about how you use the Service, including pages visited, features used, session plans generated, and assessments submitted. This helps us improve the platform and your experience.

Uploaded content: If you submit session plans for assessment, we store the uploaded files and associated metadata (coach name, age group, date) to provide feedback.

3. How we use your information

We use your information to: provide and maintain the Service; process payments and manage subscriptions; deliver personalised coaching content based on your tier and preferences; provide session plan assessments and automated feedback; communicate with you about your account, updates, and new features; improve the platform based on usage patterns; and comply with legal obligations.

4. Data storage and security

Your data is stored in Supabase (hosted in Australia) and protected with industry-standard encryption in transit (TLS) and at rest. Authentication tokens are managed securely by Clerk. We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration.

5. Third-party services

We use the following third-party services to operate the platform: Clerk (authentication), Stripe (payment processing), Supabase (database and storage), Vercel (hosting), Resend (transactional email), and — optionally, when you connect it — Google Calendar (see section 6 below). Each service has its own privacy policy governing how they handle your data.

6. Google Calendar integration (optional)

If you choose to connect your Google Calendar, we access your account using Google's OAuth 2.0 authorisation flow. We request only the minimum scopes necessary for the feature to work:

Scopes requested:

  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete the specific events The Coaching Blueprint itself produces (trial RSVPs you submit, squad events your coach posts).
  • https://www.googleapis.com/auth/calendar.calendarlist.readonly — to list which calendars your Google account contains so we can pick your primary calendar as the default sync target.

What we do with calendar data:

  • We push events. When you RSVP to a trial or your coach posts a squad event, we create the matching event on your connected calendar. When the underlying event changes or is cancelled, we update or delete our copy.
  • We listen for changes to events we created. If you edit or delete an event we created from within your calendar app, we receive a notification from Google. We use this only to keep our own bookkeeping accurate (for example, marking that you removed an event we pushed). We do not propagate edits back to the source — your coach's training schedule remains the authoritative version.
  • We do not read or use events we did not create. Your other calendar entries — personal appointments, work meetings, family events — are never read, stored, transmitted, or used in any way. The technical mechanism is Google's incremental sync API; we receive a notification and inspect the event ID, but we ignore any event whose ID is not in our own bookkeeping table.
  • We never use Google user data for advertising, sell it, or share it with third parties. Calendar data stays on our infrastructure and is used only for the purposes described above.
  • We never use Google user data to train AI or machine-learning models.

Limited Use compliance: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Where we store calendar data:

  • OAuth tokens (access + refresh tokens issued by Google) are encrypted at rest using AES-256-GCM before being written to our database. The encryption key is held in a secret environment variable separate from the database. Loss of the key effectively invalidates the tokens.
  • Event linkage records — pairs of (Google event ID, our internal event ID) so we can update the right calendar entry when the source changes. Retained for the lifetime of the connection.
  • Sync audit logs — a 60-day rolling log of pushes, removals, and incoming change notifications. Used for debugging and shown to you on the Calendar Sync settings page so you can see exactly what was synced and when. Pruned automatically after 60 days.

How to revoke access: You can disconnect Google Calendar at any time from Settings → Calendar sync. Disconnecting deletes your OAuth tokens from our infrastructure. Events we previously pushed will remain on your Google Calendar as ordinary events. You can also revoke access directly via your Google account permissions page.

7. Automated processing and session plan data

Session plans you generate or submit for assessment may be processed by automated systems (including large language models) to provide feedback. We do not use your session plans to train models for other users. Your coaching content remains your own.

8. Cookies and analytics

We use essential cookies to maintain your session and authentication state. We may use analytics tools to understand how the Service is used. You can control cookie preferences through your browser settings.

9. Your rights

You have the right to: access your personal data; correct inaccurate data; request deletion of your data; export your data in a portable format; withdraw consent for optional data processing; and lodge a complaint with a data protection authority. To exercise these rights, contact us at the email below.

10. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as transaction records for accounting).

11. Children's privacy

The Coaching Blueprint is designed for adult coaches, not for children. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will promptly delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when this policy was most recently revised.

13. Contact

For privacy-related questions or to exercise your data rights, contact us at: hello@thecoachingblueprint.co

The Coaching Blueprint
TermsPrivacy
© 2026 The Coaching Blueprint