Privacy Policy

1. Introduction

Coach by ThinkCode, LLC ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at coach.thinkcode.ai and use our health and wellness coaching services.

By using our website and services, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name and email address
• Account Information: Profile information and authentication credentials (managed via Supabase)
• Health Data: Health metrics from Apple HealthKit, Oura, and Whoop — including steps, heart rate, sleep, workouts, recovery, and activity data (with your explicit consent)
• Communication Data: Messages, feedback, and support requests you send to us

2.2 Automatically Collected Information

When you visit our website, our hosting infrastructure (Vercel) may log standard server-side information such as IP address, browser type, and pages visited. We do not use third-party analytics services.

3. Health Data & AI Processing

Coach is built around processing your health data to generate personalized coaching insights. Here is exactly how that works:

3.1 Data Sources

With your permission, Coach syncs health data from:

• Apple HealthKit — steps, heart rate, sleep, workouts, and other health metrics you have stored in Apple Health
• Oura — sleep stages, readiness scores, and activity data
• Whoop — recovery scores, strain, and sleep data

3.2 Data Storage

Your health data is stored in Supabase, which provides encrypted-at-rest database storage hosted on AWS infrastructure. Only you and the Coach app can access your data.

3.3 AI Processing

To generate coaching insights, your health data is sent to Anthropic Claude AI. This means:

• Anthropic does not retain your health data for model training, per their API data usage policy
• Data is transmitted over encrypted connections (HTTPS/TLS)

3.4 What We Never Do With Your Health Data

• We never sell your health data
• We never share your health data with advertisers
• We never use your health data for marketing

4. How We Use Your Information

We use your information solely to:

• Provide personalized AI health coaching and insights
• Sync and display health data from your connected devices
• Respond to your support requests and questions
• Improve the Coach app during the beta program

5. Service Providers

We share data only with the following service providers, each necessary for Coach to function:

We do not use any analytics platforms, advertising networks, email marketing services, or payment processors.

6. Legal Disclosures

We may disclose your information if required by law or to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud or illegal activities

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

7. Data Security

We implement security measures to protect your personal information:

• Encryption in transit: All data is transmitted over HTTPS/TLS
• Encryption at rest: Health data stored in Supabase is encrypted at rest
• Access controls: Authentication is required to access your data
• Minimal data sharing: Health data is shared only with services required to operate Coach

No system is perfectly secure. If you have security concerns, please contact us at scott@thinkcode.ai.

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format

8.2 Correction and Deletion

• Request correction of inaccurate information
• Delete your account and all associated data via Settings > Delete Account in the app
• Revoke health data access at any time through your device settings (Apple Health, Oura, or Whoop)

To exercise these rights, contact us at scott@thinkcode.ai

9. Cookies

We use only essential cookies required for the website and app to function — Supabase authentication tokens and Next.js/Vercel session cookies. We do not use analytics, marketing, or tracking cookies. See our Cookie Policy for details.

10. International Data Transfers

Your data is processed in the United States. Supabase stores data on AWS US infrastructure. If you are located outside the US, your data will be transferred to and processed in the US when you use Coach.

11. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

12. Legal Compliance

12.1 GDPR (European Union)

For EU residents, we comply with the General Data Protection Regulation, including:

• Lawful basis for processing personal data
• Data subject rights and request procedures
• Data breach notification requirements

12.2 CCPA (California)

For California residents, we comply with the California Consumer Privacy Act, including:

• Right to know about personal information collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell personal information)
• Right to non-discrimination

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date above.

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us: