Privacy Policy

Coaching+ (“Coaching+”, “we”, “us”, or “our”) is a professional coaching practice operated by Stephen Blewett. For the purposes of the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés), Coaching+ is the data controller responsible for the personal data described in this policy.

You can reach us about any privacy matter at stephenblewett@coachingplus.com.

This policy applies to everyone who uses our website, books a session, becomes a coaching client, or otherwise interacts with Coaching+ — wherever you are based. Although Coaching+ operates primarily from France, our clients come from around the world, and we apply the GDPR standard of protection to everyone we work with.

We collect only the data we need to provide coaching and run our practice:

• Account details — your name, email address, phone number, and password (stored only in hashed form by our authentication provider).
• Professional context — company, job title, and bio, if you choose to share them.
• Booking and session data — the sessions you book, their dates and times, your goals, intake-form responses, and the notes you add to your coaching journal.
• Payment data — payments are processed by Stripe. We receive confirmation of payment, amounts, and invoice records, but we never see or store your full card number.
• Calendar data — if you connect or share scheduling availability, we process the times needed to book and confirm sessions.
• Communications — messages, emails, and enquiry-form submissions you send us.
• Technical and usage data — limited information such as your device, browser, and how you use the site, collected to keep the service secure and working well.

The coaching journal and session notes may contain reflections that are personal to you. We treat this content as confidential and never use it for any purpose other than supporting your coaching.

Under the GDPR we must have a lawful basis for each use of your data:

• To deliver coaching and manage your account — on the basis of performing our contract with you.
• To take payment and keep accounting records — to perform our contract and to meet our legal obligations.
• To send service emails (booking confirmations, reminders, password resets) — to perform our contract.
• To improve and secure the service — on the basis of our legitimate interests in running a safe, reliable practice.
• To send newsletters or marketing — only with your consent, which you can withdraw at any time.

We do not sell your data. We share it only with the trusted service providers (“processors”) that make Coaching+ work, and only as far as needed:

• Supabase — secure database, authentication, and file storage.
• Stripe — payment processing.
• Resend — transactional and notification email delivery.
• Google Calendar — scheduling and availability, where used.
• Vercel — website and application hosting.

Each provider is bound by its own data-protection commitments and may only process your data on our instructions. We may also disclose data where required by law or to protect our legal rights.

Because our clients and some of our providers are located in different countries, your data may be processed outside the European Economic Area (EEA), including in the United States. Where it is, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses or an adequacy decision — so that your data continues to receive GDPR-level protection wherever it is handled.

We keep your data only as long as necessary. Account and coaching records are retained for the life of your relationship with us and for a reasonable period afterwards in case you return. Invoicing and accounting records are kept for as long as French tax and commercial law requires (generally up to 10 years). When data is no longer needed, we delete or anonymise it.

Under the GDPR and French law you have the right to: access your data; correct inaccurate data; have your data erased; restrict or object to certain processing; receive your data in a portable format; and withdraw consent at any time where processing is based on consent. You also have the right to set guidelines for what happens to your data after your death.

To exercise any of these rights, email stephenblewett@coachingplus.com. We will respond within one month. If you believe we have not handled your data properly, you may lodge a complaint with the French supervisory authority, the CNIL, or with the data-protection authority in your own country.

We use only the cookies necessary to keep you signed in and to keep the service secure, plus, where applicable, limited analytics to understand how the site is used. We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings.

We protect your data with encryption in transit, access controls, hashed passwords, and row-level security so that you can only ever see your own information. No system is perfectly secure, but we take the safeguarding of your coaching data seriously and review our measures regularly.

Coaching+ is intended for adults. Our services are not directed at anyone under 18, and we do not knowingly collect their data.

We may update this policy as our practice evolves. When we make material changes, we will update the date above and, where appropriate, let you know directly. Your continued use of Coaching+ after a change means you accept the updated policy.