The short version
Your coaching conversations are yours. Your employer cannot read them. We encrypt everything. We never sell your data or use it to train AI. You can delete everything at any time.
Below is the full legal detail. It is long because we take this seriously, not because we are hiding something.
Who we are
Poyntr Ltd is the data controller. We are registered in England and Wales (Company No. 17117967) and comply with UK GDPR and the Data Protection Act 2018. Contact: [email protected].
What we collect
Account information. Name, email, organisation membership, role, authentication credentials (hashed), timestamps.
Coaching conversations. Messages you send, AI responses, session metadata (time, duration, mode). Voice audio is transcribed in real-time and not stored as audio.
Behavioural detection. AI analysis of conversation patterns to personalise coaching. Stored as structured data, never shared with your employer as individual data.
Voice and emotion. Speech rate, pitch, pause patterns, emotional tone. Processed in real-time. Only transcripts and derived indicators are retained.
Text emotional signals. Language patterns (agency, hedging, absolutist language), emotional tone, aggregate typing dynamics. Stored as scores, not content.
Memory. Encrypted long-term memory: key insights, session summaries, commitments, coaching profile. Provides continuity across sessions.
Technical data. IP address, browser, device info, usage patterns, error logs. No personal coaching content in logs.
Calendar integration (optional). If you connect a Microsoft 365 or Google calendar, we receive upcoming event titles, start and end times, organisers, and locations needed to render your day-at-a-glance and inform coaching context. We never receive or store event body content. You decide per-calendar whether the coach can reference any of this; Personal calendars default to off until you turn the toggle on.
What we do not collect
Biometric data for identification. Precise geolocation. Financial information. Advertising cookies. Cross-site tracking.
How we use your data
Coaching. Generating personalised responses, running behavioural analysis, maintaining memory across sessions, providing session summaries.
Safety. Detecting indicators of acute distress, self-harm, or suicidal ideation. Providing crisis resources. Alerting designated personnel per your organisation's escalation policy.
Analytics. Anonymised, aggregated analytics for organisation administrators. Never individual content. Minimum cohort sizes enforced to prevent identification.
Platform improvement. Performance monitoring, error fixing, usage pattern analysis. No personal coaching content used.
Legal. Complying with legal obligations and responding to lawful requests.
Legal basis
Contract performance (Article 6(1)(b)) for the coaching service. Legitimate interests (Article 6(1)(f)) for security, fraud prevention, and analytics, with assessments confirming our interests do not override your rights. Vital interests (Article 6(1)(d)) for crisis detection. Legal obligation (Article 6(1)(c)) for compliance.
Your data is private from your employer
User-private. Coaching transcripts, memories, commitments, emotional data, detection results. Only accessible to you. Never visible to your manager or admin. Encrypted with per-user key derivation. Filtered by your identity on every query.
Organisation-shared. Company values, coaching config, knowledge base. Uploaded by admins, shared across the org. Contains no user-generated content.
System-global. Platform configuration, AI parameters, operational metrics. No personal information.
Encryption and security
All coaching data encrypted at rest using AES-256-GCM with per-user keys via HKDF. All data in transit encrypted via TLS 1.2+. Voice streams encrypted via WSS. OAuth refresh tokens for optional integrations are encrypted at rest with envelope encryption keyed by Google Cloud KMS. Infrastructure hosted in European data centres. Access restricted and audited. Breach notification within 72 hours per UK GDPR Articles 33 and 34.
Optional integrations
Calendar (Microsoft 365 and Google Calendar). Connecting a calendar is entirely optional. You can connect a Work calendar, a Personal calendar, or both. Each slot can be filled by either Microsoft 365 or Google Calendar. Authorisation is via OAuth 2.0; we never see your account password.
What the coach sees. Each connected calendar has its own "Coach reference" toggle. Work calendars default to on. Personal calendars default to off — your personal events stay invisible to the coach until you choose to enable it. You can flip either toggle at any time, and you can also exclude individual events.
What we receive. Event metadata only: title, start, end, organiser, location, and a stable provider event ID. No event bodies, attendee lists, attachments, or chat threads. We do not read mail, files, or contacts.
How updates flow. With your consent, we subscribe to live update notifications from Microsoft Graph or Google Calendar so your day-at-a-glance reflects real changes. The notification itself is a signal to refetch; the calendar provider does not receive any of your Poyntr data.
Retention and deletion. Cached event data is held only as long as needed for the digest you see. Disconnecting a calendar revokes the OAuth tokens, cancels the push subscription, and deletes that calendar's cached events and tokens immediately.
What we never do. We never write to your calendar, create or modify events, send invitations, post to your inbox, or surface your event content to your employer, your institution, or other Poyntr users.
Your data never trains AI
Your coaching conversations, memories, detection results, and voice data are never used to train AI models. Third-party AI providers are contractually prohibited from using your data for training, fine-tuning, or any purpose beyond real-time service delivery. We improve the platform using only anonymised, aggregated data. We never review individual conversations for product development.
Google API Services User Data Policy (Limited Use)
Poyntr's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: Poyntr uses Google user data only to provide user-facing features prominent in our interface (day-at-a-glance and coaching context); does not transfer Google user data to third parties except as necessary to provide or improve user-facing features and for security purposes; does not use Google user data for serving advertisements; and does not allow humans to read Google user data unless we have obtained your affirmative agreement, it is necessary for security purposes, or to comply with applicable law. For the full disclosure of which scopes we request, how we access, use, store, share, and revoke Google user data, see our dedicated /google-api-disclosure page.
Third-party processors
All sub-processors are bound by data processing agreements requiring GDPR compliance. No sub-processor may use your data for their own purposes. We do not sell your data, share it with advertisers, or allow third-party AI training.
International transfers
Data is primarily stored in European data centres. Some processing (AI generation, transcription, voice synthesis, and the optional Microsoft 365 / Google Calendar integrations) involves US-based providers. Protected by UK IDTA or UK Addendum to EU SCCs, DPAs, Transfer Impact Assessments, and contractual prohibitions on data reuse.
Data retention
Active accounts: data retained while your account is active. On deletion or subscription end: coaching data deleted within 30 days, vector memory permanently erased, anonymised aggregates may be retained, operational logs retained up to 90 days. Token/provider usage: 90 days. Rate limits: 24 hours. Sessions: until expiry.
Your rights
Access, rectification, erasure, restriction, portability, objection, and rights related to automated decisions. Coaching suggestions are informational, not binding decisions. Contact [email protected] or use Platform settings. Response within one calendar month.
Cookies
One session cookie (poyntr.session_token) for authentication. Expires on logout or after 30 days. No advertising, analytics, or cross-site tracking cookies. No Google Analytics, Facebook Pixel, or similar.
Children
The enterprise Platform is not intended for under-18s. Institutional deployments for young people operate under separate agreements with enhanced safeguards, parental consent requirements, and KCSIE compliance.
Changes
Material changes notified through the Platform or by email before they take effect.
Contact and complaints
[email protected]. You can also lodge a complaint with the ICO (ico.org.uk, 0303 123 1113).