Privacy notice

This notice describes what happens to personal data on this site (an email address you choose to give us if you submit the signup form) and on the coaching platform behind it (content that lives in a Solid Pod the coachee owns, some of which is sent to a third-party AI provider for transcription and analysis). It names the legal basis, the processors that touch the data, how long we keep what we keep, the privacy mitigations we aspire to but have not yet committed to, and how to ask us to stop. It is intentionally short. There is not much to say.

What we collect

If you submit the signup form on the home page, we collect the email address you typed and nothing else. There are no analytics scripts on this site, no cookies, no tracking pixels, no third-party widgets. Loading the page sends a normal HTTPS request to our hosting provider; that request includes the standard headers your browser sends to every site (an IP address, a user-agent string). We do not log those headers anywhere we control. The signup function strips them before any other code runs. To prevent automated abuse of the signup endpoint, we briefly hold a SHA-256 hash of the originating IP — retained for at most one hour as a per-IP rate limit, then discarded. The raw IP is never stored, and the email address is never written to a log line on either successful or failed submissions.

Lawful basis

UK GDPR Article 6(1)(a) — informed consent. You consent by submitting the form. The consent text adjacent to the submit button names the processors and links to this notice. You can withdraw consent at any time, as easily as you gave it: any email we send carries an unsubscribe link in its headers (a one-click button in modern mail clients) and a visible link in the body. Unsubscribing removes you from our list and stops all further contact.

Processors

Two third parties touch the email address you submit:

Resend (resend.com) is the transactional email provider. Your address is transmitted to Resend over HTTPS, stored in their European-region audience, and used to send the welcome email and the eventual public-beta announcement. Resend’s own privacy policy and data-processing terms apply to that storage.

Netlify (netlify.com) hosts this site. Netlify’s standard access logs may record the IP address from which a request originated. Those logs are managed by Netlify and retained per Netlify’s default policy. We do not access those logs in normal operation.

What we do with it

When you submit the form, two emails go out: a welcome email to you (acknowledging the signup and giving you the means to unsubscribe), and an internal notification to us so we know someone has signed up. We send you one further email when the public beta opens. We do not pass your address to any third party beyond the two processors named above. We do not use it for any other purpose. There is no newsletter behind this address, no drip campaign, no segment we sell.

Retention

We keep your address until the earliest of: (1) the public beta opens and we send the announcement; (2) you unsubscribe; (3) twenty-four months pass with no contact from us. When any of those happens, the address is removed from Resend’s audience and is no longer held by anyone we control.

Where coaching data lives

The platform is built so that the coachee’s content — recordings, transcripts, journals, reflections — lives in a Solid Pod the coachee owns and authenticates with. The platform reads from and writes to that Pod; it does not host its own copy.

The Solid Protocol mandates HTTPS for all access, so data is encrypted in transit between the coachee’s device, the platform, and the Pod. The protocol does not mandate at-rest encryption — that is a property of whichever Solid server hosts the Pod, and most reference implementations do not encrypt at rest. In practice this means whoever runs your Pod can technically read what it stores.

This is a trust decision the coachee makes, not one the platform makes for them. You can:

• Choose a Solid Pod provider whose terms and operational posture you trust (e.g. solidcommunity.net, Inrupt PodSpaces, or another compatible service), or
• Self-host your Pod on infrastructure you control.

The platform does not run a Pod for you and does not retain a copy of Pod contents. When the coaching relationship ends, the Pod stays where it was; the platform’s access ends.

Third-party AI processing

Two kinds of platform features involve a third-party AI provider:

• Transcription — session recordings are sent to an AI transcription service. The returned transcript is written back to the coachee’s Pod.
• Analysis features — when invoked (for example, summarising a session, surfacing themes across journals), the relevant content is sent to an AI analysis service. The result is returned and stored back in the Pod.

By default the platform uses a single named AI provider. That provider’s own terms govern what they do with the content the platform sends them. We will name the current provider on this page when the platform reaches public beta.

Two alternatives are available for coachees who require a stricter privacy posture:

• Bring your own AI subscription — configure the platform to call an AI provider under your own account. The content travels via your account, under your terms with that provider; the platform does not retain anything beyond what is written back to your Pod.
• Locally hosted models — configure the platform to use a model you run yourself, on your machine or on infrastructure you control. No third-party AI provider is involved at all. Locally hosted models may produce lower-quality output than the latest commercial alternatives; that trade-off is yours to make.

These are not default configurations. They are switches the coachee or coach can flip if their threat model requires it.

Aspirations

There are privacy mitigations we want to layer on top of the architecture above but have not yet committed to:

• Stripping personal data from AI requests — removing names, locations, organisation references, and similar identifiers from content before it is sent to a third-party AI provider. The transcript or journal entry stored in your Pod would remain intact; only the outbound AI request would be sanitised.
• Anonymising requests — routing AI calls in a way that the AI provider cannot trivially link a request back to a specific coachee or coach.

These are aspirations, not commitments. They may land in the public beta, they may land later, or they may not land at all if the trade-offs prove unworkable. When the platform reaches public beta we will say plainly which of these are implemented and which remain aspirational.

Your rights

Under UK GDPR you can ask us, at any time, to:

• Confirm whether we hold your email address (right of access)
• Correct it if it is wrong (right to rectification)
• Delete it (right to erasure)
• Send you a copy of it (right to data portability)
• Stop processing it (right to withdraw consent)

To exercise any of these, write to privacy@synar.ch. We aim to respond within seven working days.

If we have not handled your data well, you have the right to complain to the Information Commissioner’s Office: ico.org.uk/make-a-complaint.

Last updated: 2026-04-27. The publisher is Synar.ch, a group of likeminded practitioners based out of the United Kingdom; the operational contact is privacy@synar.ch.