Coaching Compliance

Privacy Policy for Online Coaching

Life coaches, business coaches, and fitness coaches collect some of the most sensitive personal data online -- health goals, financial details, session recordings, and payment information. Here is what your privacy policy must cover.

For life coaches, business coaches, health coaches, and fitness coaches.

Small Business PolicyGenerate Policy
AK
Written by Anupam Kumar
Last updated: March 2026
10 min read
Reviewed for compliance
1

Why Online Coaches Need a Privacy Policy

Online coaching involves collecting data that goes far beyond a typical website. Clients share personal goals, health information, financial situations, and life challenges during sessions. You also collect payment data, scheduling details, and often record video calls. All of this requires disclosure.

Coaching data can be highly sensitive. Health coaching involves health data (a GDPR special category). Financial coaching involves financial records. Life coaching may involve mental health disclosures. Under GDPR, processing special category data requires explicit consent and additional safeguards.
2

Data Online Coaches Collect

Most coaches collect far more data than they realize.

Client Intake Data

  • Name, email, phone number
  • Goals, challenges, and personal background
  • Health information (fitness coaches, wellness coaches)
  • Financial situation (business coaches, career coaches)
  • Intake questionnaire responses

Session Data

  • Video call recordings (Zoom, Google Meet)
  • Session notes and progress tracking
  • Chat messages during or between sessions
  • Action items and homework assignments
  • Assessment results and scores

Payment Data

  • Billing name and email
  • Payment method (processed by Stripe, PayPal, Square)
  • Subscription plan and billing frequency
  • Invoice history and refund records
  • Package or program enrollment details

Scheduling Data

  • Calendly, Acuity, or TidyCal booking details
  • Timezone and availability preferences
  • Appointment history and cancellations
  • Reminder preferences (email, SMS)
3

Common Coaching Tools and Their Data Practices

Each tool in your coaching stack processes client data under its own privacy policy. Your policy must name each tool as a third-party data processor:

ToolData It ProcessesDisclosure Required
Zoom / Google MeetVideo recordings, chat logs, participant namesName as video processor, disclose recording practices
Calendly / AcuityName, email, timezone, appointment detailsName as scheduling processor
Stripe / PayPalBilling info, card data (PCI-compliant)Name as payment processor, link their policy
Kajabi / TeachableCourse progress, login data, payment infoName as course platform, disclose student data
Mailchimp / ConvertKitEmail, name, engagement dataName as email processor, explain marketing use
Google Drive / NotionSession notes, client files, documentsDisclose where client data is stored
Practice Better / CoachAccountableClient goals, progress, health dataName as coaching platform, note sensitive data
4

Handling Sensitive Client Data

Coaching often involves data that GDPR classifies as "special category" data -- health information, racial or ethnic origin, religious beliefs, or sexual orientation. Processing this data requires additional safeguards:

Explicit consent: General terms of service are not enough. You need a separate, specific consent for processing sensitive data. 'I consent to [Coach Name] collecting and processing my health information for coaching purposes.'
Data minimization: Only collect sensitive information that is directly relevant to the coaching engagement. Do not ask about health conditions if you are a business coach.
Access controls: Limit who can access sensitive client data. If you have a team, implement role-based access. Do not share client files in shared drives without restrictions.
Secure storage: Sensitive data should be stored in encrypted systems. Use password-protected files for session notes. Avoid storing sensitive information in plain-text emails or unencrypted notes.
Retention limits: Define how long you keep client data after the coaching relationship ends. Industry standard is 3-7 years for business records, but sensitive health data should be deleted sooner unless required by law.
Recording consent: If you record coaching sessions (video or audio), obtain explicit consent before recording. State in your policy how recordings are stored, who has access, and when they are deleted.
5

What to Include in Your Coaching Privacy Policy

Your identity and contact information

Your name or business name, email address, and physical address if required by law (GDPR requires this for EU data controllers).

Types of data collected

List every category: intake form data, session notes, recordings, payment data, scheduling data, email communications, website analytics.

Purpose for each data type

Intake data: to understand client goals. Recordings: for session review. Payment data: to process coaching fees. Be specific per data type.

Third-party tools and processors

Name every tool: Zoom (video), Stripe (payments), Calendly (scheduling), Mailchimp (email), Google Drive (file storage). Link to each tool's privacy policy.

Data retention periods

State how long you keep each data type: session recordings (90 days), payment records (7 years for tax), client files (duration of engagement + X years).

Client rights

Right to access their data, correct it, request deletion, and withdraw consent. Provide a clear contact email for privacy requests.

Session recording policy

State whether sessions are recorded, how clients consent, where recordings are stored, who has access, and when they are deleted.

International data transfers

If you coach clients internationally, disclose where data is processed and stored (most tools are US-based, which is a GDPR cross-border transfer).

Generate Your Coaching Privacy Policy

Get a customized privacy policy covering client intake data, session recordings, payment processing, scheduling tools, and sensitive data handling -- in under 2 minutes.

Covers Zoom, Calendly, Stripe, and all major coaching tools

Related Resources

Privacy Policy for Small Business

Small business privacy requirements

Privacy Policy for Zoom

Video conferencing privacy guide

Privacy Policy for Calendly

Scheduling tool privacy requirements

Privacy Policy for Kajabi

Course platform privacy guide

Privacy Policy for Stripe

Payment processing privacy

Privacy Policy for Membership Site

Membership data collection guide

GDPR Privacy Policy Template

EU data protection requirements

How to Write a Privacy Policy

Step-by-step writing guide