Privacy Policy

Last updated: May 2026

1. Information We Collect

We collect the following types of information:

  • Account information: name, email address, role (student or coach), and password hash.
  • Profile information: bio, location, disciplines, experience level, and profile photo (coaches).
  • Booking information: session details, dates, payment amounts, and cancellation history.
  • Payment information: processed securely by Stripe. We do not store credit card numbers.
  • Usage data: pages visited, features used, and device/browser information.

2. How We Use Your Information

  • To provide and operate the Platform
  • To process bookings and payments
  • To send booking confirmations, reminders, and cancellation notices
  • To display coach profiles publicly to potential students
  • To improve the Platform and develop new features

3. Information Sharing

We do not sell your personal information. We share data only with:

  • Stripe: for payment processing
  • Supabase: for data storage and authentication
  • Resend: for transactional email delivery
  • Google APIs (Calendar & YouTube): only when you explicitly connect those services from your profile — see Section 9 for details
  • Law enforcement: when required by law

4. Text Messages (SMS)

When a coach voluntarily provides a phone number in account settings and explicitly consents to receive SMS, we use it to send transactional messages such as team and event coaching invites, scheduling reminders, and account notifications. We do not send marketing SMS. Message frequency varies based on your activity — typical users receive 1–5 messages per month, with occasional spikes during active coaching engagement (e.g., camp announcements or multiple session invites).

  • No sale or sharing for marketing: Mobile phone numbers and opt-in data are never shared with third parties or affiliates for marketing purposes, and are excluded from any sale or transfer of personal information.
  • Service providers: We use Twilio to deliver SMS on our behalf. Twilio processes phone numbers and message content under its own privacy policy.
  • Opt out: Reply STOP to any message at any time to stop further SMS. Reply HELP for help, or contact support@mycoachslot.com.
  • Carrier charges: Standard message and data rates may apply depending on your wireless plan. MyCoachSlot is not responsible for any charges from your carrier. Carriers (AT&T, Verizon, T-Mobile, and others) are not liable for delayed or undelivered messages.

5. Public Coach Profiles

Coach profiles (name, bio, location, disciplines, ratings, and reviews) are publicly visible to all visitors. Coaches consent to this visibility by creating a profile.

6. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), secure authentication (Supabase Auth), and Row-Level Security on all database tables. Passwords are hashed and never stored in plain text.

7. Data Retention

We retain your data for as long as your account is active. You may request account deletion at any time by contacting us. Upon deletion, we remove your personal information within 30 days, except where retention is required by law.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

9. Google Services & APIs (Calendar & YouTube)

MyCoachSlot offers two opt-in integrations with Google services. Each is enabled independently from the integrations card on your profile, and either can be disconnected at any time.

9.1 Google Calendar (two-way sync)

When you connect Google Calendar, MyCoachSlot requests thehttps://www.googleapis.com/auth/calendar.eventsscope. This is used to:

  • Create calendar events in your primary calendar for sessions you book or coach on MyCoachSlot.
  • Update those events when bookings change (reschedule, cancellation).
  • Import events you create on Google so MyCoachSlot can show them as busy on your availability.

9.2 YouTube Data API (uploads to your own channel)

When you connect YouTube, MyCoachSlot requests these scopes:

  • https://www.googleapis.com/auth/youtube.upload — used to upload videos that you choose (jump-track playback, profile highlight reels) to your own YouTube channel as Unlisted videos. We never upload to your channel without an explicit action from you.
  • https://www.googleapis.com/auth/youtube.readonly — used only to fetch your channel name and avatar so we can display “Connected as your-channel” on the integrations card and confirm the upload completed.

Videos remain on your YouTube channel. MyCoachSlot does not host the video bytes. You retain full ownership; deleting your MyCoachSlot account does not delete your YouTube videos.

9.3 Limited Use of Google User Data

MyCoachSlot’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • We use Google user data only to provide or improve user-facing features that are prominent in our app.
  • We do not transfer Google user data to third parties for advertising, marketing, or any other purpose unrelated to providing the integration.
  • We do not use or transfer Google user data for serving advertisements, including retargeting or personalized advertising.
  • Humans do not read Google user data, except (a) with the user’s explicit consent for specific data, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations limited to aggregated, de-identified data.

9.4 YouTube API Services

When you use the YouTube integration, you are also agreeing to the YouTube Terms of Service and the Google Privacy Policy. MyCoachSlot complies with the YouTube API Services Terms of Service.

9.5 Token storage & revocation

OAuth access and refresh tokens are stored server-side in our database (encrypted at rest by our database provider, Supabase) and are scoped to your user account. They are never exposed to other users, embedded in client-side code, or shared with third parties.

You can disconnect either integration at any time from the integrations card on your MyCoachSlot profile, which deletes the stored tokens. You can additionally revoke MyCoachSlot’s access from the Google account permissions page at myaccount.google.com/permissions.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Request deletion of your account and data
  • Export your data in a portable format

11. Children

The Platform is not intended for users under 18 years of age. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email.

13. Contact

Privacy questions? Contact us at privacy@mycoachslot.com.

Privacy Policy | My Coach Slot