Kz
Krazion

Privacy Policy

1. Identification of the Data Controller

Controller of personal data:

  • Company Name: Krazion Europe OÜ
  • Registered Address: Tartu mnt 67/1-13b, Kesklinna linnaosa, 10115 Tallinn, Harju maakond
  • Email: hello@krazion.com

The Platform may engage service providers located outside the European Union. Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. The Platform's Role in Data Processing

2.1. The Platform provides technology infrastructure and software services.

2.2. Depending on the processing activity, the Platform may act either as an independent data controller or as a data processor. When acting as a processor, the Platform processes personal data only on documented instructions from the Coach.

2.3. The Platform acts as an independent data controller for:

  • User account administration
  • Operation of the Platform
  • Security logging
  • Customer support
  • Billing and legal compliance

2.4. With respect to CRM data maintained by a Coach, the Platform may access such data only to the extent necessary to operate, maintain, support, secure, or improve the service. It does not use this data for marketing, profiling, or independent commercial purposes.

2.5. The Platform is not:

  • A healthcare provider
  • A coaching service provider
  • A dispute resolution authority
  • A party to any agreement between a Coach and an Athlete

3. User Model (Single Account – Multiple Roles)

3.1. The Platform uses a unified User Account system.

3.2. A User:

  • Maintains a single account
  • May hold multiple roles (Coach and/or Athlete)

3.3. Roles:

  • Are not separate legal entities
  • Are not separate data controllers
  • Constitute functional permissions only

4. Coach as an Independent Data Controller

4.1. Each Coach acts as an independent data controller for their own clients (Athletes).

4.2. The Coach is responsible for:

  • Lawful processing of client data
  • GDPR compliance
  • Management of their CRM database
  • Communication content

4.3. The Platform is not responsible for:

  • The Coach’s data processing practices
  • The lawfulness of data collected by the Coach

4.4. Where the Platform acts as a data processor, a separate Data Processing Agreement (DPA) may be entered into and may form part of this Privacy Policy and the Terms of Service.

5. Categories of Personal Data Processed

5.1. Account and Identification Data

  • Name
  • Email address
  • Authentication data
  • Role designation (Coach, Athlete, or both)

5.2. Profile Data

  • Coach profile information
  • Athlete profile information
  • Basic demographic information

5.3. Booking and Operational Data

  • Bookings
  • Session history
  • Availability information
  • Session types

5.4. Communication Data

  • Chat messages
  • In-platform communications

5.5. CRM-Related Data

  • Notes
  • Client interactions
  • Onboarding responses

5.6. Payment Data (Stripe Connect)

  • Transaction metadata
  • Billing information
  • Payment status information

5.7. Technical Data

  • IP address
  • Security and system logs
  • Device and usage information

6. Purposes of Processing

Personal data may be processed for:

  • Operation of user accounts
  • Booking functionality
  • CRM functionality
  • Enabling communications
  • Payment processing
  • Security and fraud prevention
  • Troubleshooting, maintenance, and service improvement
  • Compliance with legal obligations

7. Legal Bases for Processing (GDPR)

PurposeLegal Basis
Account administrationPerformance of a contract
Booking functionalityPerformance of a contract
Chat and communicationsPerformance of a contract or legitimate interests
Payment processingPerformance of a contract and legal obligation
CRM processing by CoachLegal basis determined by the Coach
Security and loggingLegitimate interests
AnalyticsConsent
MarketingConsent

Where processing is based on legitimate interests, the Platform conducts an appropriate balancing test considering the rights and freedoms of data subjects.

8. Data Sharing and Third Parties

The Platform may use the following service providers:

  • Stripe (payment services)
  • Clerk or other authentication providers
  • Cloud hosting providers
  • Email and notification service providers
  • Google Analytics

The Platform primarily uses European infrastructure providers. Some may operate outside the European Economic Area (EEA) with GDPR safeguards.

8/A. Cookies and Consent Management

  • Cookies may be used for operational, security, performance, and analytics purposes
  • Non-essential cookies are deployed only with user consent
  • Consent is managed through an approved Consent Management Platform (CMP)
  • Further details may be provided in a separate Cookie Policy

9. Chat and Communications

  • Chat messages and communications are personal data
  • Functionality exists solely for communication between Coaches and Athletes
  • Chat content is not used for marketing, profiling, or automated decision-making
  • Users may request access to communications relating to them, subject to applicable law

10. Refund and Dispute Data

  • Refund requests and dispute-related data may be logged and retained for audit purposes
  • The Platform does not adjudicate disputes and performs only technical transmission

11. Data Retention

Personal data is retained as long as necessary for its purposes or required by law. Indicative retention periods:

  • User account data: duration of the account
  • Coach CRM data: account duration + up to 90 days for recovery and security
  • Chat messages: may remain visible to other participants after account closure
  • Booking history: for establishment, exercise, or defense of legal claims
  • Billing and financial records: required accounting and tax periods
  • Security and audit logs: up to 24 months unless longer retention is legally required

12. Data Subject Rights (GDPR)

Users have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Object to processing
  • Lodge a complaint with a supervisory authority

Requests are handled within applicable legal timeframes. When the Platform acts only as a processor, requests may be referred to the relevant Coach.

13. Data Security

The Platform implements reasonable technical and organizational measures including access controls, logging, permission management, and security safeguards. No IT system can be guaranteed fully secure.

14. Automated Decision-Making

The Platform does not engage in automated decision-making or profiling that produces legal or similarly significant effects.

15. Special Category Data

  • The Platform is not primarily intended for healthcare services and does not request special category personal data
  • Coaches or Athletes may voluntarily record or share health or other sensitive information
  • Responsibility for such processing lies primarily with the Coach
  • The Platform does not use this data for profiling, marketing, or automated decision-making
  • The Platform may restrict storage of special category data where required by law or security considerations

16. Minimum Age Requirements

The Platform is intended for users aged 16+ unless use is authorized by a parent, guardian, or applicable law.

17. Changes

The Platform may amend this Privacy Policy from time to time. Amendments become effective upon publication.

18. Contact

For privacy-related inquiries:
Email: hello@krazion.com