Laz.coach
Install Laz.coach
Add to your home screen for the full app experience.

Privacy & Data Management Policy

Version 2026.02

Version 2026.02 — Laz.coach Connect

Laz.coach Connect ("we", "the Platform") protects your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Québec's Law 25. We also honour the spirit of the Universal Declaration of Human Rights in everything we do.

1. What we collect

  • Account data: name, email, password hash (bcrypt), role, profile bio and avatar.
  • Coaching data: business profile, services, bookings, payouts, ratings.
  • Activity data: posts, comments, likes, goals, tasks you create.
  • Payments: handled by Stripe and Square; we store provider IDs and amounts, never your card number.
  • Calendar: if you connect Google Calendar, we store OAuth tokens to create events on your behalf. We do not read or import existing events.

2. Why we collect it (purpose limitation)

Strictly to provide the service you signed up for: connect coaches and clients, process bookings and payouts, run AI content moderation, and operate the platform safely.

3. Your rights under PIPEDA + Law 25

You may, at any time:

  • Access every piece of data we hold about you (`Export my data` in Settings).
  • Correct any inaccurate information (`Settings → Account`).
  • Delete your account and all associated personal data (`Settings → Delete my account`). Bookings and financial records may be retained in anonymised form for the 7-year retention period required by Canadian tax and consumer-protection law.
  • Port your data in a structured machine-readable JSON file.
  • Withdraw consent for any non-essential processing at any time.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca) or the Commission d'accès à l'information du Québec.

4. AI content moderation

Posts are screened by OpenAI GPT-5.4 and Google Gemini 3 Flash through Emergent's universal LLM gateway. Content is processed in transit, not used to train models, and is not retained by the providers.

5. Security

  • Cookies are `HttpOnly`, `Secure`, `SameSite=None`.
  • Passwords are hashed with bcrypt.
  • Transport is HTTPS (TLS 1.2+).
  • Payment data never touches our servers — handled directly by PCI-DSS-certified Stripe / Square.

6. Confidentiality between coaches and clients

Every coach signs a Non-Disclosure Agreement (NDA) before they can list services. Every client acknowledges a confidentiality clause before booking. Coach-client communication that happens on the Platform is treated as Confidential Information.

7. Data retention

  • Active accounts: data retained while account is active.
  • Deleted accounts: personal data purged within 30 days. Aggregated, anonymised analytics may be retained indefinitely.
  • Financial records: retained for 7 years as required by the Canada Revenue Agency, regardless of account deletion.

8. Cross-border transfers

Some service providers (Stripe, Google Calendar, OpenAI) process data in the United States or the European Union. We use providers that offer contractual safeguards equivalent to PIPEDA / Law 25 standards.

9. Children

The Platform is not directed to children under 16. If you become aware that a minor has registered without parental consent, please notify privacy@lazcoach.com.

10. Contact

  • Privacy Officer: privacy@lazcoach.com
  • Founder: Hufrey Merveil LA ZOUBE
  • Mail: Laz.coach Connect — Privacy Office (address available on request)

Made with Emergent