PRIVACY POLICY

1. Introduction

We care about your privacy. This policy explains how Coachello SAS (“Coachello”, “we”, “us”) collects, uses, shares, and protects your personal data when you use our coaching platform, whether through our website, mobile app, or integrations such as Microsoft Teams, Slack, or our web app.

This policy is written in line with the General Data Protection Regulation (GDPR), the EU Digital Services Act (DSA), the EU Artificial Intelligence Act, and, where applicable, the EU-U.S. Data Privacy Framework (DPF) and the California Consumer Privacy Act (CCPA).

If anything is unclear, please reach out at support@coachello.io. We are here to help.

2. Who This Applies To

This Privacy Policy applies to:

• Visitors to our website
• Users of our coaching platform (“Authorised Users”)
• Coachello’s corporate customers (typically HR or L&D teams)

Where Coachello provides services under a corporate agreement, the Client (your employer) acts as the data controller for employee personal data, and Coachello acts as data processor on their behalf. For any data Coachello processes for its own purposes (e.g., platform security, service improvement),

Coachello acts as an independent data controller.

3. Privacy by Design

Privacy is not an afterthought at Coachello – it is built into the foundation of everything we do. We apply the principles of Privacy by Design and Privacy by Default across all our products, services, and internalprocesses. In practice, this means:

• We collect only the data that is strictly necessary for the purpose at hand.
• Privacy-protective settings are the default: you are not required to take action to protect your privacy.
• Personal identifiers are pseudonymised or anonymised wherever technically feasible, especially in AI processing and reporting.
• Access controls are implemented so that only authorised individuals can access personal data.
• We apply the same rigorous data protection standards to all coaches in our global coaching community, who are contractually bound to comply with GDPR requirements and Coachello’s data protection policies.

4. What Personal Data We Collect

a. When you visit our website

We collect standard usage data (IP address, browser type, country) and use cookies to improve your experience. You can manage cookie preferences at any time (see our Cookie Policy).

b. When you sign in or use our platform

• We collect:
  Your name, email address, and account ID
  Language and time zone
  Data shared via integrations (e.g., Microsoft Teams or Google Meet)
  Activity within the platform (e.g., booking sessions, completing assessments, using AI coaching or chat)

c. From coaching interactions

We may process:
• Pre-session assessments
• Coaching notes or insights, if shared by you or your coach
• Post-session reflections or follow-up notes

This data is used only to deliver and improve your coaching experience. What you share with your coach is strictly confidential, neither Coachello nor your employer will access the content of your coaching sessions without your explicit consent.

5. Why We Use Your Data

We never sell your data. We use your personal data only for the purposes listed below.

6. Who We Share Your Data With

We work only with trusted providers under strict data processing agreements. We do not share your identifiable personal data with third parties except as follows:

• Your assigned coach receives basic context (your name, company, and coaching goals) to prepare for sessions.
• Your employer may access anonymised and aggregated reports (e.g., coaching theme trends, satisfaction scores, and the number of sessions attended). No individually identifiable or session-specific content is shared.
• Trusted technology providers (e.g., cloud hosting, email delivery, video conferencing) process data on our behalf under data processing agreements that meet GDPR standards.
• AI service providers may process pseudonymised session data to power AI features where you have opted in (see Section 9).
• Public authorities, if required by applicable law or a binding legal order.

7. International Data Transfers

Our primary servers are hosted in Paris, France. We may work with service providers located outside the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries recognised as providing an adequate level of protection.

Where applicable and required, we rely on the EU-U.S. Data Privacy Framework (DPF) for transfers tothe United States.

8. How Long We Keep Your Data

We retain personal data only for as long as strictly necessary for the purpose for which it was collected:

• Account data: retained for as long as your account is active.
• Coaching-related data: deleted within 12 months after your program ends, unless otherwise agreed in writing.
• Data deletion on request: fulfilled within 14 days of a valid request submitted via in-app chat or
  email to legal@coachello.io.
• Anonymised analytics data: may be retained longer to support service improvement, but cannot be linked back to any individual.

Upon expiry or termination of a corporate agreement, Coachello will delete or return all personal data processed on behalf of the Client within 30 days of the termination date, unless applicable law requires otherwise.

9. AI-Powered Features

Some employers may activate AI-enhanced features within the Coachello platform. These features are entirely optional, they are only available if your employer enables them, and within that, only used if you choose to engage with them.

Available AI features include:

• AI Coaching: Interact with a virtual AI coach for ad-hoc challenges, role-plays, assessments,
  debriefs, and on-demand development support.
• Session Transcription: Transcribes your human coaching sessions to generate more accurate summaries, insights, and follow-up recommendations. This feature is only activated when you explicitly opt in.

How we protect your data in AI features:

• We encrypt or pseudonymise all personal identifiers before transmitting data to any AI model
  provider. The provider does not receive your name, email, or any direct identifier.
• Your data is not used to train any AI model.
• Data is processed solely for your benefit and under the same ISO 27001:2022 and Microsoft 365 compliance standards as the rest of our platform.

Hallucination disclaimer:

Coachello’s AI systems apply best efforts to generate accurate and relevant outputs. However, AI models may occasionally produce outputs that are incomplete, inaccurate, or inconsistent with factual information, a phenomenon known as “hallucinations”. AI coaching content does not constitute medical, psychological, legal, financial, or any other form of regulated professional advice. You should exercise your own judgment and consult qualified professionals where appropriate.

EU AI Pact:

Coachello is a signatory of the EU AI Pact and is committed to the responsible, transparent, and human-centric development and deployment of AI, in compliance with the EU Artificial Intelligence Act.

10. Security

We take the security of your data seriously. Coachello is certified to the following standards:

• ISO 27001:2022 (Information Security Management System): Our platform, data processing activities, and IT infrastructure meet internationally recognised security requirements.
• Microsoft 365 Certified: Our platform is built on and certified for the Microsoft 365 ecosystem, ensuring enterprise-grade security and compliance.
• GDPR Compliant: Our processes, architecture, and policies are designed to comply with the General Data Protection Regulation.
• EU AI Pact member: We adhere to voluntary commitments on AI transparency, human oversight, and responsible deployment.

We implement strong encryption, role-based access controls, and continuous security monitoring to protect your data. We also hold professional cyber insurance (Dattak, Policy No. 25121200007) covering up to €1,000,000 per incident for data breaches and cyber incidents.

11. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access: request a copy of the personal data we hold about you.

• Right to rectification: ask us to correct inaccurate or incomplete data.

• Right to erasure: ask us to delete your data (“right to be forgotten”).

• Right to data portability: receive your data in a structured, machine-readable format.

• Right to object: object to processing based on legitimate interests.

• Right to restriction: ask us to restrict processing in certain circumstances.

• Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at legal@coachello.io. If you are part of a company-sponsored program, we may need to redirect certain requests to your employer as the data controller. You also have the right to lodge a complaint with your local data protection authority — in France, this is the CNIL (www.cnil.fr).

12. Cookies

We use cookies and similar tracking technologies on our website and platform to ensure functionality, analyse usage, and improve your experience. Our Cookie Policy is available at www.coachello.io. You can manage or withdraw your cookie consent at any time through the cookie banner or your browser settings.

13. California Residents (CCPA)

If you are based in California, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights. To exercise your CCPA rights, contact us at legal@coachello.io.

14. Changes to This Policy

We update this policy from time to time to reflect changes in our services, legal requirements, or best practices. If there are material changes, we will notify you by email or in-app notification. The latest version is always available at www.coachello.io/privacy. The date at the top of this policy indicates when it was last updated.

15. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out to us. We are here to help.

You can also refer to our Data Processing Addendum (DPA), available upon request, which governs the processing of personal data under corporate agreements in detail.

16. Governing Law

This Privacy Policy is governed by French law and the GDPR. Any disputes arising from this policy will be subject to the jurisdiction of the competent courts of France.

Thank you for trusting Coachello. We are committed to keeping your data safe and your coaching journey private.

— The Coachello Team