Privacy Policy

Information we collect

Trainer account information

When you create a trainer account, we collect your name, email address, business name, and any additional contact details you provide. Profile information you voluntarily add to your directory listing — including biography, certifications, specialties, session pricing, languages spoken, and geographic availability — is published publicly on your profile page.

Client inquiry messages

When you submit an inquiry through a trainer's profile, we collect your name, email address, and the message content you send. This information is delivered to the trainer you contacted and is stored in their portal dashboard for up to 90 days. We do not use inquiry message content for any purpose other than delivery and trainer dashboard access.

Support and contact form data

If you contact us through the contact form, we collect your name, email address, and message content. This data is used solely to respond to your inquiry and is not shared with trainers or third parties for marketing purposes.

Search and usage data

We collect anonymized, aggregated data about search queries, page views, and filter usage on the directory. This data is used to understand which trainer profiles, goals, and techniques are most searched and to improve the platform. It does not identify individual users.

Images and media

Trainer profile photos and case study images are uploaded to Cloudinary for storage and delivery via CloudFront CDN. Images are associated with your trainer account and displayed on your public profile. You can request removal of uploaded images at any time.

How we use your information

We use the information we collect for the following purposes:

• Operating and displaying your public trainer profile directory listing
• Delivering client inquiry messages to trainers
• Managing trainer account authentication via Supabase Auth
• Processing subscription payments via Stripe
• Sending transactional emails (inquiry notifications, account emails) via Resend
• Storing and delivering uploaded images via Cloudinary and CloudFront
• Improving platform performance and search relevance using anonymized usage data
• Responding to support requests submitted via the contact form
• Complying with legal obligations, dispute resolution, and fraud prevention

Information sharing

We do not sell your personal information. We share information only in the following circumstances:

• Inquiry messages: Your message and email address are shared with the trainer you contact. Trainers are required to use inquiry data only for responding to your specific request.
• Service providers: We use third-party processors (listed in full in the Third-party processors section below) to operate the platform. Each processes your data only to the extent necessary to deliver their service.
• Legal requirements: We may disclose information where required by law, court order, or governmental authority, or where we believe disclosure is necessary to prevent harm or fraud.
• Business transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction.

Data retention

We retain different types of information for different periods:

• Trainer account data: Retained until account deletion. After deletion, account data is deleted within 30 days.
• Inquiry messages: Retained in trainer dashboards for 90 days, after which they are automatically deleted.
• Public profile data: When a trainer deletes their account, their public profile is removed from the directory. Archived copies may remain in database backups for up to 90 days.
• Support contact form data: Retained for 2 years for reference in case of follow-up inquiries.
• Anonymized usage data: Retained indefinitely in aggregated form for platform improvement.

Your rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data, subject to retention requirements.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for specific purposes.

For EU residents (GDPR): We process personal data under the legal basis of contract performance (to deliver our service), legitimate interest (for security and fraud prevention), and consent (for marketing emails, where applicable). You have the right to lodge a complaint with your local data protection authority.

For California residents (CCPA): You have the right to know what personal information we collect, the purpose of collection, and with whom it is shared. You may request deletion of your personal information. We do not sell personal information.

To exercise any of these rights, contact us at support@nlpcoachings.com.

Cookies

We use cookies and similar tracking technologies for the following purposes:

• Authentication (Supabase): Supabase Auth sets authentication session cookies to keep you logged in to the trainer portal. These are essential for account access and cannot be disabled without losing portal functionality.
• Analytics: We use anonymized analytics to understand platform usage. These cookies do not identify individual users.
• Session management: Basic session cookies maintain your interaction state across page loads.

You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent login and portal functionality.

Third-party processors

We use the following service providers, each of which processes your data under a data processing agreement:

• Supabase: Trainer account authentication, session management, and database hosting. Supabase Privacy Policy
• Stripe: Payment processing for subscription plans. Stripe Privacy Policy
• Resend: Transactional email delivery (inquiry notifications, account emails). Resend Privacy Policy
• Cloudinary: Image upload storage and transformation. Cloudinary Privacy Policy
• AWS CloudFront: Content delivery network for images and static assets.

Security

We take security seriously. We use SSL/TLS encryption for all data in transit, encrypted storage for sensitive data at rest, role-based access controls for internal systems, and regular dependency updates to address known vulnerabilities. No security measure is absolute, and we cannot guarantee complete protection, but we follow current industry practices and monitor for vulnerabilities.

If you become aware of a security vulnerability in our platform, please contact us immediately at security@nlpcoachings.com.

Contact

For privacy-related questions, data deletion requests, or to exercise your rights, contact us at:

support@nlpcoachings.com

We aim to respond to all privacy-related requests within 14 business days.