Privacy Policy
Last updated: May 1, 2026
This Privacy Policy explains how Guidly Inc. ("Guidly", "we", "us", or "our") collects, uses, and shares information when you use Guidly's coaching scheduling platform at guidly.ca (the "Service"). By using the Service, you agree to the practices described here.
About payments: Coaches pay Guidly a subscription fee for use of the platform. Guidly does not process or facilitate payments between coaches and their clients — those arrangements are made directly between coach and client outside the Service.
1. Information we collect
Information you provide directly
- Account information: name, email address, phone number, password (stored hashed), profile photo, and for coaches: specialty, hourly rate, availability schedule, meeting preferences.
- Booking information: session date, time, duration, meeting mode (Zoom or in-person), and any topic or notes you add.
- Subscription information (coaches only): we use Stripe to process coach subscription payments to Guidly. We do not store full card numbers; Stripe stores those on PCI-compliant infrastructure. We retain transaction records (amount, date, last four digits, plan tier) for accounting and tax purposes.
- Communications: messages you send to coaches or clients through the platform, and support requests you send to us.
Information collected automatically
- Usage data: pages viewed, actions taken, and timestamps. Used to operate and improve the Service.
- Device and connection data: IP address, browser type, operating system, and approximate location (derived from IP).
- Cookies and local storage: we use session tokens stored in your browser's local storage to keep you signed in. We do not use third-party advertising trackers.
Information from connected services
If you connect your Google Calendar or Zoom account, we receive the OAuth tokens and limited account information necessary to operate those integrations:
- Google Calendar: we read your calendar's busy times to prevent double-booking, and create/update/delete events for Guidly bookings on your calendar. We do not read or store the content of events we did not create.
- Zoom: we read your display name and email at connect time, and create/delete unique meeting URLs for confirmed Guidly bookings. We do not access meeting recordings, transcripts, participant lists, or chat logs.
2. How we use information
- To operate the Service: create accounts, manage bookings, send confirmations and reminders, sync calendars.
- To process coach subscription payments through Stripe.
- To communicate with you: confirmations, reminders, security alerts, occasional product updates. You can opt out of non-essential email and SMS at any time.
- To prevent fraud, abuse, and security incidents.
- To improve the Service through aggregated, non-identifying analytics.
- To comply with legal obligations.
3. How we share information
We do not sell your personal information. We share it only as follows:
Between coaches and clients
When a client books a session through Guidly, the coach and client see each other's name, email, and any session-related information needed to conduct the booking. Coaches additionally see clients' phone numbers if provided.
Service providers (sub-processors)
We use third-party services to operate Guidly. Each receives only the data needed for their specific function:
- Supabase — hosted PostgreSQL database (account and booking data, encrypted at rest).
- Render — application hosting.
- Netlify — frontend hosting.
- SendGrid (Twilio) — transactional email delivery.
- Twilio — SMS delivery.
- Stripe — coach subscription payment processing.
- Google — OAuth sign-in and Calendar API.
- Zoom — meeting creation API.
These providers are bound by their own privacy policies and contractual data protection obligations.
Legal and safety
We may disclose information if required by law, court order, or to protect the rights, safety, or property of Guidly, our users, or others.
Business transfers
If Guidly is acquired or merged, your information may be transferred to the successor entity, subject to this Privacy Policy.
4. How long we keep information
We retain your personal information while your account is active and for a reasonable period after closure to fulfill legal, accounting, and dispute-resolution obligations (typically up to 7 years for financial records). You can request deletion sooner — see "Your rights" below.
Booking records and associated communications are retained for the duration of any active dispute or until expiration of the applicable limitation period in Ontario.
5. How we protect information
We use industry-standard security measures including:
- HTTPS encryption for all data in transit.
- Encryption at rest for our database (Supabase, AES-256).
- Hashed password storage using bcrypt.
- Token-based authentication with short-lived sessions.
- Access controls and audit logging on our backend systems.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work to protect your information using commercially reasonable practices.
6. Your rights
Subject to applicable law, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information (most fields are editable in your account settings).
- Delete your account and personal information, subject to legal retention requirements.
- Export your data in a portable format.
- Withdraw consent for non-essential processing.
- Object to specific processing or lodge a complaint with a privacy regulator (in Canada, the Office of the Privacy Commissioner).
To exercise these rights, email support@guidly.ca. We respond within 30 days.
7. International transfers
Guidly is operated from Canada, but our service providers may process data in the United States and other countries. By using the Service, you consent to your information being processed in these locations, which may have different privacy laws than your jurisdiction.
8. Children
Guidly is not intended for users under 16. We do not knowingly collect information from children under 16. If you believe a child has created an account, contact us and we will remove it.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance.