Privacy

Last updated: 3 June 2026

Who we are

HybridHQ ("we") operates a coaching-business platform at hybridhq.fit. We are based in the United Kingdom. If you have questions about this policy or your data, contact us at hello@hybridhq.fit.

For data submitted by a coach's athletes (programmes, check-ins, logs, messages), the coach who invited that athlete is the data controller and HybridHQ is the data processor. For data we hold about coaches and business owners directly (account details, billing), HybridHQ is the data controller.

What data we collect

For coaches and business owners:

  • Account details: name, email, password (hashed), phone (optional)
  • Business details: business name, branding assets, timezone, billing info
  • Usage: pages visited, actions taken (audit log)

For athletes invited by coaches:

  • Account details: name, email, password (hashed)
  • Coaching data: onboarding answers, programmes, workout logs, cardio sessions, readiness logs, check-ins, messages
  • Optional: progress photos (only visible to the assigned coach with the athlete's consent)

How we use it

  • To provide the coaching platform features you signed up for
  • To enable your coach to plan, monitor, and respond to your training
  • To send transactional emails (invites, password resets, reminders)
  • To improve the product (aggregated, anonymous usage analytics)

Where it lives

  • Database: Supabase (Postgres, EU region)
  • Hosting: Vercel (edge + serverless)
  • Email: Resend (transactional)
  • Payments: Stripe (PCI-DSS Level 1)
  • AI processing: Anthropic (Claude) — only when a coach triggers an AI action
  • Error monitoring: Sentry (PII scrubbed before transmission)
  • Product analytics: PostHog (no third-party tracking cookies)

Data is isolated per business via row-level security in the database. A coach in one business cannot access data from another business under any circumstance.

AI processing

When a coach uses an AI action (Athlete Summary, Draft Check-in Reply, Coaching Copilot), the relevant athlete data is sent to Anthropic's API for processing. Anthropic does not train on this data per their API terms. Athletes are never identified by email or contact details in the prompt — only first name and anonymised training data.

Your rights

If you're in the UK or EU, you have rights under UK GDPR / EU GDPR including:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data ("right to be forgotten")
  • Data portability
  • Withdrawal of consent
  • Lodging a complaint with the Information Commissioner's Office (ICO)

To exercise any of these, email hello@hybridhq.fit. We'll respond within 30 days.

Cookies

We use strictly-necessary cookies for authentication. No tracking cookies, no third-party analytics cookies.

Retention

We retain your account data for as long as your account is active. If your business is cancelled, data is exported on request and soft-deleted after 30 days unless legally required to retain it longer (e.g. for tax records, where we retain invoices for the statutory period).

Changes

We'll email business owners when we make material changes to this policy. The "Last updated" date above shows when the current version was published.