Security & Privacy

    Bringing AI into your practice is a big step.

    You are right to be careful. We built CoachNova to be transparent, easy to explain to clients, and always in your control.

    Laura Foltina
    Laura Foltina
    AI Governance (AIGP) & Privacy Lawyer (CIPP/E)
    Master/LLM from Utrecht University
    AI Governance Advisor to CoachNova
    LinkedIn
    How your sessions stay protected, step by stepDownload as PDF
    What you can tell your clients and sponsorsDownload as PDF
    Technical details for those who want to go deeperJump to section

    How your sessions stay protected.

    Four steps. You control every one.

    1
    You record

    With your client's consent. You choose when to start, pause, and stop. Templates included.

    2
    AI generates insights

    Transcription, themes, and reflections. We work with transcriptions only — no audio is stored.

    3
    You review

    Every insight, every nudge, every message. Edit, approve, or skip. Nothing moves without you.

    4
    Your client receives

    Only what you have approved. Personalised reflections that carry your coaching signature.

    What you can tell your clients.

    When a client or sponsor asks how their data is handled, you have clear answers.

    You approve everything

    The AI drafts. You decide. Every message, every nudge, every reflection goes through you before it reaches your client.

    Never used to train AI

    Your sessions are never used to train models. No audio is stored. Your data stays private to your practice — full stop.

    Your data, your ownership

    Transcripts, insights, notes. All yours. Export anytime. If you leave, your data leaves with you.

    EU-hosted. Lawyer-reviewed.

    Session data on servers in Frankfurt, Germany. GDPR-approved safeguards throughout. Every policy co-created with Laura Foltina, AI governance and privacy lawyer (AIGP, IAPP).

    “The benefits of AI in coaching are clear. But my clients need to bring their honesty, their openness, their vulnerability into every session. They need to know that is protected. That it cannot be compromised. When I understood how CoachNova handles that, I could explain it to them with confidence.”

    Isobel Donaldson
    Isobel Donaldson MA
    Organizational Psychologist, Executive & Team Coach, Manchester, UK
    Ready to use

    What to say when they ask.

    Copy these. Adapt them to your voice. They cover the four questions clients and sponsors actually raise.

    When explaining the tool for the first time

    “I use a tool called CoachNova that helps me support you between our sessions. It sends you personalised reflections and resources based on what we discuss. I review and approve everything before you see it — nothing is automated.”

    When a client asks about their data

    “Your session data is stored on servers in Europe. I control what gets recorded and what you receive. You can access, export, or delete your data at any time. No audio recordings are stored.”

    When a sponsor asks about compliance

    “CoachNova is GDPR-compliant. Session data is stored in the EU with approved transfer safeguards. I can share their sub-processor list and Data Processing Agreement if you need them for your compliance review.”

    When a client asks about AI

    “The AI helps me surface themes and create reflections from our sessions, but I review everything before it reaches you. Think of it as my preparation tool — it helps me be more present and consistent between our conversations.”

    Technical details

    For those who want to go deeper.

    Security specifics, compliance standards, and what happens in edge cases.

    Sub-processor list · Data Processing Agreement

    Your session data is stored on servers in Frankfurt, Germany. Where processing involves partners outside the EU, GDPR-approved transfer safeguards are in place, including Standard Contractual Clauses and the EU-US Data Privacy Framework. You can see exactly who handles what on our sub-processor page.

    No. Your session data is fully isolated — no other coach, client, or CoachNova team member can see it. Everything is encrypted in storage and in transit, with strict access controls in place. We run regular security audits and continuous monitoring to keep it that way.

    Nothing reaches your client that you haven't approved. Your sessions are transcribed and analysed to surface themes, commitments, and reflection prompts — all reviewed by you first. No audio recordings are stored. Your data stays private to your practice and is never used to train AI models.

    Yes. CoachNova is GDPR-compliant by design, with data protection built in from the start. Our infrastructure meets SOC 2 Type II standards. We publish a current Data Processing Agreement, sub-processor list, and breach notification procedures — everything a procurement or compliance team typically asks for. CoachNova Ltd. is registered in Ireland.

    If there is a breach, we notify you within 72 hours with a full incident report — what happened, what was affected, and what we did about it. If you cancel, your data stays available for export for 90 days, then it is permanently deleted. Your data always leaves with you.

    Your practice, protected.

    AI that earns your clients' trust. Not one that risks it.

    • You review and approve every client interaction
    • Session data stored in Europe. GDPR-compliant.
    • Ready-to-use consent and privacy templates included
    • Full data ownership. Export or delete anytime.
    • Your sessions are never used to train AI models