Privacy Policy

koach.ca

Version 1.0 — pending publication — Draft pending lawyer review

1. Who we are and how to reach us

koach.ca is an online personal training platform operated by Alec Baltadjian as a sole proprietorship based in the Province of Quebec, Canada.

For any question about this Privacy Policy or about your personal information, contact our Privacy Officer:

  • Privacy Officer: Alec Baltadjian
  • Email: hello@koach.ca
  • Service area: Quebec, Canada (services delivered online across Canada)

We respond to privacy-related requests within 10 business days of receipt.

In this policy, "we," "us," "our," and "koach" refer to koach.ca. "You" and "your" refer to any person visiting our website or using our services.

2. The personal information we collect

We collect only the personal information we need to deliver our services, keep your account secure, and meet our legal obligations. The categories below describe what we collect.

2.1 Account information

  • Full name
  • Email address
  • Phone number (if you provide one)
  • Mailing or billing address (for payment processing and tax records)
  • Password (stored as a one-way hash; we never see your plain password)
  • Profile photo (optional)

2.2 Health and fitness information

Before you can begin any training program, you complete a Physical Activity Readiness Questionnaire (PAR-Q+) and a Health and Lifestyle Questionnaire (HLQ). These collect:

  • Medical history relevant to exercise participation
  • Current medications
  • Physical limitations, injuries, and surgical history
  • Pregnancy status, where relevant
  • Current activity level and training history
  • Fitness goals

You also provide, during the client lifecycle:

  • Body measurements (height, weight, circumferences) — metric and imperial
  • Assessment results (strength, cardiovascular, mobility)
  • Weekly check-in responses (subjective wellness, adherence, progress)

This information is health-sensitive and is handled with the highest level of care.

2.3 Payment information

When you purchase a subscription or a session, our payment processor (Stripe) collects your card details directly. Your card number never touches our servers. We store only:

  • A secure token returned by Stripe
  • Billing name and address
  • Subscription status and history
  • Transaction amounts and dates

2.4 Session and program data

  • Session bookings (date, time, service type, notes you or your coach add)
  • Program cards, exercise assignments, coach cues
  • Your coach's notes about your sessions
  • Milestones you achieve on the platform
  • Media you upload (progress photos, form-check videos, if applicable)

2.5 Communications

  • Email correspondence with us
  • Support requests and their resolution history
  • Any message sent through site contact forms

2.6 Technical information

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent
  • Referring website
  • Actions taken on the site (clicks, form submissions)

2.7 Cookies and tracking technologies

See Section 11 below, and refer to our separate Cookie Notice at /cookie-policy/ for full detail on each cookie, its purpose, and its retention period.

3. Why we collect this information (purposes)

Quebec Law 25 requires us to state a specific purpose for each category of personal information. We do not collect information "just in case."

CategoryPurpose
Account informationCreate and manage your account; authenticate you at login; deliver our services to you personally
Health and fitness informationScreen for safe participation in exercise (PAR-Q+); design a training program appropriate for your goals, medical history, and current capacity; track your progress safely; decide when to refer you to a medical professional
Body measurements and assessment resultsDesign and adjust your training program; track progress against your goals
Payment informationProcess your purchase; manage recurring subscriptions; comply with Canadian and Quebec tax record-keeping obligations
Session and program dataDeliver coaching; keep a record of your training history; support program continuity across coaches if your coach changes
Weekly check-insAdjust your program in response to how you are feeling and progressing
CommunicationsAnswer your questions; provide support; keep a record of commitments made in either direction
Technical informationKeep the site secure, prevent fraud, diagnose technical issues, measure aggregate site performance
Cookies and trackingRemember your preferences, keep you logged in, measure marketing performance (non-essential cookies only with your explicit opt-in consent)

We do not sell your personal information. We do not use your personal information to train artificial intelligence models. We do not share your information with advertising networks except on the limited, consent-based basis described in Section 5.

4. Legal basis and consent

Under Quebec Law 25 and PIPEDA, we rely on these legal bases:

  • Your consent for most collection. You give this consent when you create an account, when you submit a form, or when you tick the cookie banner's opt-in boxes. Consent is manifest, free, and informed — we do not use pre-ticked boxes and we do not bundle unrelated consents.
  • Contractual necessity for information we need to deliver services you purchased (for example, we need your email to send you your program card).
  • Legal obligation for information we are required to retain (for example, tax records for seven years under Canadian and Quebec tax law).
  • Legitimate interest in preventing fraud and securing the platform (for example, IP logging to detect brute-force login attempts).

You may withdraw consent at any time for any category that is not legally required (see Section 8). Withdrawing consent may make it impossible for us to continue providing services.

5. Third parties who process your information on our behalf

We work with a small number of specialized service providers. Each one is contractually bound to use your information only for the purpose we specify and to protect it at a standard equivalent to our own. We do not sell your information to any of these providers.

ProviderRoleData they receiveJurisdiction
Hostinger International Ltd.Hosts our website, databases, and emailAll information stored on the platformLithuania, with Canadian data-centre delivery
Stripe, Inc. (and Stripe Payments Canada, Ltd.)Processes payments and subscriptionsName, email, billing address, card details (collected directly by Stripe), transaction recordsUnited States and Canada
Anthropic PBCGenerates draft exercise coaching briefs for our exercise library (administrative tool)No client personal information is sent to Anthropic. Only exercise names, muscle groups, and training framework text.United States
Bunny CDN (BunnyWay d.o.o.)Delivers exercise demonstration videos to your browserYour IP address and browser user-agent when a video playsGlobal edge network, primarily European Union
Google Ireland Ltd. / Google LLCWebsite analytics (Google Analytics 4 via MonsterInsights), Google Ads conversion tracking, Google reCAPTCHA bot-prevention on formsPseudonymous identifiers, IP address, page views, form interactions. Analytics and advertising cookies only fire after you give explicit consent via the cookie banner. reCAPTCHA runs on form-submission pages to prevent automated abuse.Ireland and United States
Complianz B.V. (via the Complianz plugin on our site)Records your cookie consent choicesConsent log entry, timestamp, IP address (truncated)Self-hosted on Hostinger (see above)

We may add new service providers in the future. When we do, we will update this list, update our cookie notice if relevant, and, for any new category of processing that materially affects you, request renewed consent through the cookie banner or by email.

6. Transfers of your information outside Quebec

Some of the providers above operate servers outside Quebec, and your information may be transferred to Canada outside Quebec, the United States, the European Union, or the United Kingdom as part of normal service delivery.

Before any transfer outside Quebec, we conduct the privacy impact assessment Law 25 requires. We confirm that the destination jurisdiction offers adequate protection, or we put contractual safeguards in place (standard contractual clauses or equivalent). The providers listed in Section 5 are contractually required to protect your information to a standard equivalent to Law 25.

You have the right to know specifically where your information is transferred. Contact our Privacy Officer and we will tell you.

7. How long we keep your information

We keep your information only as long as we need it. The table below is our standard retention schedule.

InformationHow long we keep it
Account profile (name, email, contact info)While your account is active, plus 2 years after your last session or subscription ends — unless you opt in to indefinite retention via your dashboard settings, in which case we keep it until you ask us to delete it. We re-confirm your choice every 3 years.
Health and fitness information (PAR-Q+, HLQ, assessments, body measurements, check-ins)Same as your account profile above — 2 years after last activity, or indefinitely if you opt in. This information is useful for program continuity if you return to training.
Session and program data, coach notes, milestonesSame as account profile.
Billing and transaction records7 years (required by Canadian Revenue Agency and Revenu Québec tax law).
Signed waiver of liability and informed consent records7 years (Quebec Civil Code prescription periods for bodily-injury-related claims, with discoverability margin).
Email marketing listUntil you unsubscribe, or after 3 years of zero engagement (no open, no click). At the 3-year mark, we send a single re-consent email; if you confirm, the clock resets. If you do not respond, we remove you from the list.
Email delivery logs (technical)90 days (diagnostic purposes only).
Website server logs30 days (security and diagnostic purposes).
Cookie consent records3 years (so we can prove consent was given if asked by the Commission d'accès à l'information).

Our retention of account and health information is automated. Our system checks for inactivity each week and deletes information past the retention window unless you have opted to keep it indefinitely. You can change this preference at any time from your member dashboard.

8. Your rights under Quebec Law 25

You have the following rights over your personal information. To exercise any of them, email our Privacy Officer at hello@koach.ca. We respond within 10 business days and complete the request within 30 days, which is the Law 25 deadline.

  • Right of access. Ask us what information we hold about you. We will send you a copy in a structured, commonly used format (PDF or JSON, as you prefer).
  • Right of rectification. Ask us to correct any information that is inaccurate, incomplete, or out-of-date.
  • Right to withdraw consent. Withdraw consent for any purpose that is not legally required. This may mean we can no longer provide some or all of our services to you.
  • Right of deletion (right to be forgotten). Ask us to delete your information. We comply unless we have a legal obligation to retain specific records (tax, waiver) — in which case we delete everything else and tell you exactly what is retained and why.
  • Right to data portability. Ask us to transmit your information directly to another service provider in a structured format.
  • Right to object to automated decision-making. If we ever make a decision about you based solely on automated processing (we do not currently — all programming and coaching decisions involve human judgement from a certified coach), you have the right to request human review.
  • Right to lodge a complaint. If you believe we are mishandling your information, you can complain to the Commission d'accès à l'information du Québec at cai.gouv.qc.ca or, for federally regulated aspects, to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

We do not charge a fee for any of these requests, except where a request is manifestly unfounded or excessive, in which case we will notify you in advance.

9. How to exercise your rights

Email hello@koach.ca with:

  1. Your full name and the email address on your koach.ca account
  2. A clear description of which right you want to exercise
  3. Any supporting information (for example, which specific record you want corrected)

We may ask you to confirm your identity before acting on the request (for example, by signing in to your account and sending the request from inside the dashboard). This is to protect you from someone else trying to impersonate you.

We will acknowledge your request within 10 business days and complete it within 30 days. If the request is complex and we need more time, we will tell you and explain why — Law 25 allows up to a further 30 days for complex requests.

10. Security and data breach notification

We protect your information with industry-standard safeguards:

  • Encrypted connections (HTTPS/TLS) for every page on the site and every form submission
  • One-way password hashing (we cannot see your password and cannot recover it; we can only reset it)
  • Role-based access control inside the platform
  • Tokenized payments (your card number never touches our servers)
  • Regular software updates and security patches
  • Daily encrypted backups
  • Limited administrative access — only the Privacy Officer and essential technical staff can access personal information

No system is perfectly secure. If a data breach ever occurs and creates a risk of serious harm to you, we will:

  1. Notify the Commission d'accès à l'information du Québec within 72 hours of becoming aware of it, as Law 25 requires
  2. Notify you directly, by email, as soon as reasonably practicable
  3. Tell you what happened, what information was affected, what we are doing, and what you can do to protect yourself

11. Cookies and tracking technologies

We use a small number of cookies and similar technologies:

  • Strictly necessary cookies — required for login, checkout, and security. These do not require consent.
  • Analytics cookies — Google Analytics 4 and MonsterInsights, used to understand how visitors use the site in aggregate. These require your explicit opt-in consent.
  • Marketing cookies — Google Ads conversion tracking. These require your explicit opt-in consent.

Your consent choices are recorded by our cookie consent tool (Complianz) and you can change them at any time from the cookie settings link in our website footer.

For a complete, current list of cookies — name, purpose, provider, and retention period — see our Cookie Notice at koach.ca/cookie-policy/.

We may introduce additional analytics or advertising tools (for example, social media pixels such as Meta Pixel or LinkedIn Insight Tag) in the future. Before any such tool begins operating on the site, we will update this Privacy Policy and our Cookie Notice, and we will request renewed consent from you via the cookie banner.

12. Children's data (under 18)

koach.ca is an adult fitness platform. You must be at least 18 years of age to create an account or use our services.

When you register, you warrant that you are 18 or older. We do not knowingly collect personal information from anyone under 18.

If we become aware that someone under 18 has created an account — including where this comes to light through a PAR-Q+ age entry or any other channel — we will:

  1. Lock the account immediately
  2. Delete the personal information collected, unless we are legally required to retain specific records
  3. Notify the parent or legal guardian if we have contact information for them

If you are a parent or guardian and believe your child has registered on koach.ca, contact us at hello@koach.ca and we will act on the account the same business day.

13. Changes to this policy

We may update this Privacy Policy as our services, our technology, or the law evolves.

  • For minor changes (clarifications, corrections, formatting), we update the effective date at the top of the policy.
  • For material changes (new categories of information, new purposes, new service providers that materially affect processing), we notify you by email at least 30 days before the change takes effect, and we post a prominent notice on the site.
  • You can always see the previous version — we keep versioned copies of this policy.

Continued use of the service after the effective date of a material change means you accept the new terms. If you do not agree, you may close your account as described in Section 8.

14. Contact

Privacy Officer: Alec Baltadjian Email: hello@koach.ca Service area: Quebec, Canada

If we are unable to resolve a concern, you may contact:

  • Commission d'accès à l'information du Québec — cai.gouv.qc.ca
  • Office of the Privacy Commissioner of Canada — priv.gc.ca

Effective date: pending publication Version: 1.0 — Draft pending lawyer review Last updated: pending publication