Privacy Policy

1. Introduction

CoachLink LLC ("CoachLink," "we," "our," or "us") operates the CoachLink mobile application and web platform (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use the Service.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. CoachLink is not a covered entity or business associate under HIPAA. Health and fitness data described in Section 3 is voluntarily provided and is not protected health information (PHI).

2. Information We Collect

2.1 Information You Provide Directly

• Account registration data: name, email address, mobile phone number (used for SMS verification), password (hashed), and role
• Profile information: date of birth, gender, weight class, physical measurements, fight record, fight style and stance, per-sport professional or amateur status, gym affiliation, biography, photos, and video
• Health and biometric data (see Section 3)
• License and credential documents: athletic commission license uploads, license numbers, issuing body, and expiry dates (see Section 8.1 for how uploaded documents are processed)
• Medical clearance documents: pre-fight physicals, blood work, eye exams, brain scans, EKG, drug-test results, and concussion-protocol records (see Section 8.1)
• Fight and event data: bout applications, agreements, event participation, results, and fight history entries
• Billing information (for paying users): billing name, billing address, tax identifier (e.g., EIN or VAT), and a Stripe customer reference. Card brand, last-four digits, and expiration are retrieved from Stripe for display and are not stored in our own database
• Communications: messages sent through the platform's chat and inquiry threads
• Promoter-imported contacts: where a promoter or organization uploads their own contact roster of fighters, coaches, or staff
• Support requests

2.2 Information Collected Automatically

• Device and login data: IP address, approximate location, browser/app user agent, device type, OS, app version
• Authentication events: login timestamps, session tokens (stored securely)
• Usage data: features accessed, pages viewed, timestamps
• Push notification tokens (FCM/APNs)

2.3 Information from Third Parties

• Tapology fight record imports (if initiated by you)
• Stripe: payment status and a customer reference (we do not store raw card data)
• Ticketmaster and Etix: when a promoter connects their ticketing account, we import attendee records — typically buyer name and email — so that promoter can manage the event roster on CoachLink
• State athletic commission and compliance bylaw documents that you or your organization upload for verification purposes

3. Health and Biometric Data

CoachLink collects health-related information that you voluntarily provide, which may include:

• Body metrics: weight, height, reach, body fat percentage, lean mass, goal weight, waist and hip measurements
• Cardiovascular data: resting heart rate, VO2 max, blood pressure
• Injury records: injury name, body part, type, severity, recovery timeline, treatment notes, and any restrictions or readiness impact
• Wellness self-check data: sleep quality and hours slept, stress level, hydration, energy, muscle soreness, motivation, nutrition score, and overall wellness rating
• Training session participation: session types and completion status used to power readiness scoring and training-streak features (we do not capture granular per-set heart-rate or movement telemetry)
• Weight and weight-cut tracking: current weight and an active weight-cut plan (start weight, target weight, latest measurement, phase, and checkpoint notes)
• Career goals and training priorities you choose to share with your coach or organization

This data is used to compute readiness scores, support coaching decisions, track training progress, enable bout-booking workflows, and verify fighter eligibility with promoters and athletic commissions. Uploaded license and medical clearance documents may be processed by automated document-extraction services as described in Section 8.1. We treat health data with heightened protections and do not sell, license, or share it with advertising networks. CoachLink does not perform medical diagnosis or any activity regulated under HIPAA.

4. Camera and Media Access

The mobile app may request camera and photo library access at runtime. These permissions are entirely optional. Media files are transmitted over encrypted HTTPS and stored in Microsoft Azure Blob Storage. You may delete uploaded media at any time. We do not perform facial recognition, biometric scanning, or automated image analysis.

5. How We Use Your Information

• Providing and operating the Service
• Processing subscription payments (fighters and gyms) and per-event purchases (promoters) through Stripe
• Sending transactional and security emails via SendGrid and SMS verification codes via Twilio
• Delivering push notifications via Expo (FCM/APNs)
• Computing readiness scores and performance analytics
• Validating uploaded license, medical clearance, and contract documents through automated document-extraction services (see Section 8.1)
• Enforcing Terms of Service and platform policies
• Detecting and preventing fraud, abuse, and security incidents
• Complying with applicable laws and regulations
• Improving the Service based on aggregated usage patterns

We do not use your personal information for behavioral advertising, third-party ad targeting, or sale to data brokers.

6. Legal Bases for Processing (GDPR)

If you are in the EEA or UK, we process data based on: contract performance, legitimate interests (security, fraud prevention), consent (health data, media access, push notifications), and legal obligation.

7. Data Sharing Within the Platform

When you join a coach, team, or organization, your training profile, readiness score, wellness check-ins, weight and weight-cut data, training session logs, injury status, and performance metrics become accessible to your assigned coach(es) and organization administrators.

Coaches may include your profile data in matchmaker submissions or inquiry threads only in connection with a bout-booking workflow you have initiated. Where you choose to share license or medical clearance documents with a promoter as part of a bout inquiry, those documents become visible to the receiving promoter for the purpose of that bout only.

Fighter directory: a non-sensitive subset of your profile (name, primary city/state, sport, weight class, division, professional or amateur status, fight record, public avatar, availability, gym, coach, recent fights, and any media you publish) is visible to other authenticated promoters and matchmakers, and a reduced subset may be visible to unauthenticated visitors of public fighter pages. Sensitive fields — injury records, wellness data, medical and license documents, billing data, and contact details — are never included in any public directory listing. You can adjust per-field visibility from your profile privacy settings.

Promoter-imported contacts: if a promoter or organization imports their own contact roster into CoachLink, those contacts are visible only within that promoter's organization.

Ticketing: when a promoter connects an external ticketing platform (such as Ticketmaster or Etix), attendee records imported for that promoter's events are visible only within that promoter's organization.

State athletic commission integration: where a commission integration is available in your jurisdiction, you may opt in to share specific license and medical clearance records with that commission to satisfy local sanctioning requirements.

8. Third-Party Service Providers

Hosting and storage

• Microsoft Azure (US East): application hosting, SQL database, file storage (Azure Blob), and real-time messaging transport (Azure SignalR)

Payments and billing

• Stripe: subscription billing for fighters and gyms, per-event purchases for promoters; we receive payment status and a customer reference and never store raw card numbers

Communications

• SendGrid: transactional and security notification email delivery
• Twilio: SMS verification codes
• Expo / Apple Push Notification service / Firebase Cloud Messaging: mobile push notification delivery

Automated document processing

• Google Gemini: optical character recognition and field extraction for license documents and contract templates you upload
• Microsoft Azure AI Document Intelligence: optical character recognition and field extraction for medical clearance documents you upload

Anti-abuse

• Google reCAPTCHA: bot protection on contact, waitlist, and sign-up forms

External imports (only when you connect them)

• Tapology: fight record imports you initiate
• Ticketmaster, Etix: ticket-sale imports for connected promoter accounts

We do not sell your personal information. We do not share data with advertising networks, data brokers, or product analytics platforms, and we use no third-party analytics SDK in the mobile or web app.

8.1 Automated Document Processing

When you upload an athletic commission license, a medical clearance document, or a contract template, the file is transmitted over an encrypted connection to one of our document-extraction providers — Google Gemini for license and contract documents, and Microsoft Azure AI Document Intelligence for medical clearance documents — for optical character recognition and structured field extraction (for example, license number, expiry date, examination date, and issuing provider). The extracted fields and a confidence score are stored alongside the corresponding license or medical record so that the platform, your coach, and (where applicable) the receiving promoter or athletic commission can confirm that credentials are current. Source files remain in Microsoft Azure Blob Storage under role-based access control. These providers are not used to generate medical diagnoses or scoring, and our agreements with them prohibit using documents we send to train their general-purpose models.

9. California Privacy Rights (CCPA / CPRA)

California residents have the right to know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and non-discrimination. CoachLink does not sell or share personal information for cross-context behavioral advertising. To exercise your rights, email privacy@coachlinkbooking.com. We will respond within 45 days.

10. Data Retention

• Account and profile data: retained for the life of your account plus 30 days after deletion
• Health and biometric data: retained until you delete it or request account deletion
• License and medical clearance documents: retained until you delete the record, request account deletion, or the document is replaced by a newer version
• Ticket-sale records imported from connected ticketing platforms: retained while the promoter's ticketing connection remains active, plus 30 days after disconnection
• Security logs: 12 months
• Payment records: 7 years (tax law)
• Bout agreements and e-signatures: 5 years

Upon account deletion request, data is removed or de-identified within 30 days, except where retention is required by law. Backups may retain data up to 90 additional days.

11. Data Security

We implement TLS/SSL encryption in transit, Azure SQL encryption at rest, role-based access controls, JWT-based authentication with refresh-token rotation, secure token storage on mobile (iOS Keychain / Android Keystore), logging of authentication events and security-relevant activity, and reCAPTCHA challenges on public forms to deter abuse. In the event of a data breach, affected users will be notified within 72 hours.

12. Your Rights and Choices

You have the right to access, correct, delete, and request portability of your personal information, withdraw consent, and object to certain types of processing. You can delete your account from within the app (Account → Delete Account) or by emailing privacy@coachlinkbooking.com. We will respond within 30 days.

13. Children's Privacy

The Service is not directed to children under 13. Users between 13 and 17 may only use the Service under the supervision of a parent or legal guardian. Organizations and coaches who train minors are responsible for obtaining parental consent.

14. Privacy Dispute Resolution

Contact privacy@coachlinkbooking.com with complaints. Unresolved disputes shall be resolved by binding arbitration under AAA rules, seated in Michigan, consistent with CoachLink's Terms of Service.

15. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via in-app notification and email. Where required by law, we will obtain your consent before applying material changes.

16. Contact Us

CoachLink LLC — Privacy Inquiries
Email: privacy@coachlinkbooking.com
CoachLink LLC, Michigan, United States
For time-sensitive requests, include "URGENT PRIVACY REQUEST" in the subject line.