Squirrel Coach

Privacy Policy

Version 1.0 — Effective 20 April 2026

1. Who we are

Squirrel Coach (“the Platform”, “we”, “us”, “our”) is operated by The Data Shaman Limited, incorporated and registered in the Hong Kong Special Administrative Region (SAR). This policy explains what personal data we collect when you use the Platform, how we use it, who we share it with, and the rights you have over it.

This policy should be read alongside our Terms & Conditions. Defined terms used below have the meaning set out in those Terms.

2. Data we collect

We collect the following categories of personal data:

  • Account data — name, email address, authentication identifiers, account type (Coach or Individual), and any profile information you choose to provide.
  • Content you create — session notes, assessment responses, uploaded documents, reflections, and any other content you or your clients enter into the Platform.
  • Billing data — for paid plans, billing email, plan tier, subscription status, and payment metadata returned by our payment processor. We do not store full card numbers; these are held directly by our payment processor.
  • Analytics & technical data — aggregate visit counts, pages viewed, approximate location (country / region derived from a truncated IP address), device type, and browser. Where you have consented, a persistent analytics cookie is set to distinguish returning visitors.
  • Lead & assessment data — when you complete one of our public self-assessments (such as the Spiky Profile, Leadership Assessment or Belief Diagnostic) we store the email address you provide alongside your results so that we can email the results to you and, for tools administered by a Coach, deliver the results to that Coach.

3. How we use your data

We process personal data for the following purposes:

  • To provide the Platform and the specific features you request.
  • To authenticate you and keep your account secure.
  • To deliver assessment results, receipts, service notifications and other operational emails.
  • To process subscription payments and manage billing.
  • To understand how the Platform is used so we can improve it (aggregate analytics only).
  • To comply with legal obligations and to protect our rights and those of our users.

We do not use session notes, assessment results, or private client content to train artificial intelligence models — our own or any third party’s.

4. Legal bases for processing

Where data protection law requires a legal basis, we rely on the following:

  • Performance of a contract — to deliver the services you have signed up for.
  • Legitimate interest — to keep the Platform secure, prevent abuse, and measure aggregate usage.
  • Consent — for analytics cookies, and for any marketing communications. You can withdraw consent at any time.
  • Legal obligation — where applicable law requires us to retain or disclose data.

5. Cookies & similar technologies

The Platform uses a small number of cookies and equivalent browser storage items. These fall into two categories:

  • Strictly necessary — required to sign you in and keep your session secure. These are set by our authentication provider and cannot be disabled without breaking core functionality.
  • Analytics (optional) — Google Analytics 4 is used to count visitors and understand which pages are popular. IP addresses are anonymised before storage. Until you accept the cookie banner, analytics runs in “cookieless” mode (no persistent identifier is set). If you accept, a _ga cookie is stored so we can distinguish returning visitors.

You can change your decision at any time by clearing site data for squirrelcoach.com in your browser, which will cause the banner to reappear on your next visit.

6. Who we share data with

We never sell personal data. We share it only with the service providers who make the Platform possible, under contracts that restrict their use of the data to the services we have engaged them for:

  • Google Cloud / Firebase — authentication, database, and hosting infrastructure.
  • Stripe — payment processing for subscribing customers.
  • SendGrid — transactional email delivery (assessment results, receipts, system notifications).
  • Google Analytics — aggregate visitor analytics, loaded only after consent for persistent identifiers.

We may also disclose personal data where required by law, court order, or to protect the rights, property, or safety of the Company, our users, or the public.

7. International transfers

The Platform is operated from Hong Kong SAR, and the service providers listed above may process data in the United States, the European Union and other regions. Where your data is transferred outside your home jurisdiction, we rely on the contractual safeguards offered by those providers (standard contractual clauses or equivalent mechanisms) to protect it.

8. Retention

We keep personal data only for as long as needed for the purposes described in this policy:

  • Active account data is kept for the lifetime of the account.
  • After termination, account and content data are retained for 90 days before deletion, unless earlier deletion is requested.
  • Billing records are retained for the period required by applicable tax and accounting law.
  • Lead and assessment data submitted through public assessments are retained for up to 24 months, or until you request deletion, whichever is sooner.
  • Aggregate analytics data (non-identifying) may be retained indefinitely.

9. Your rights

Depending on where you live, you may have some or all of the following rights in respect of your personal data:

  • The right to access a copy of the data we hold about you.
  • The right to request correction of inaccurate data.
  • The right to request deletion of your data.
  • The right to object to or restrict certain processing.
  • The right to data portability in a common machine-readable format.
  • The right to withdraw consent for analytics or marketing at any time.
  • The right to lodge a complaint with your local data protection regulator.

To exercise any of these rights, email privacy@squirrelcoach.com. We will respond within 30 days.

10. Coach-held client data

Where a Coach uses the Platform to manage their own clients, the Coach is the independent data controller for that client information and the Company acts as a data processor on their behalf. Clients of a Coach should direct any data rights requests to their Coach in the first instance. The Company will assist Coaches in responding to such requests where technically reasonable.

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, audit logging, and regular review of our security posture. No online service can be guaranteed fully secure, and you are responsible for keeping your login credentials confidential.

12. Children

The Platform is not intended for use by children under the age of 18. We do not knowingly collect personal data from anyone under that age. Where a Coach engages a minor client through the Client Portal, the Coach is responsible for obtaining verifiable parental or guardian consent before enabling access.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email or in-platform message at least 14 days before they take effect. The current version and effective date are shown at the top of this page.

14. Contact

Questions, concerns, or data rights requests should be directed to:

The Data Shaman Limited
66F, 99 Queen’s Road Central
Hong Kong
Email: privacy@squirrelcoach.com

← Back to sign in·Terms·Version 1.0