PRIVACY POLICY

KAIROX LLC (“Kairox,” “we,” “us”) is a Wyoming limited liability company that provides personal- coaching services through kairox.co and the Kairox Method client application. This policy explains how we handle the personal information you share with us. Contact: admin@kairox.co.

We collect personal information in three contexts:

• Application. When you submit the form at /apply: name, email, optional phone and location, age, body measurements, training and injury history, goals, lifestyle context.
• Coaching. During your engagement: weekly check-ins, progress photos (only if you choose to share them), food logs, training logs, and messages exchanged with your coach.
• Site usage. When you visit kairox.co: minimal server logs (IP address, user-agent, page visited, timestamp). We do not use third-party analytics or advertising trackers on the marketing site.

Health-related information (e.g. injuries, medications you mention) is treated as “special category” data under GDPR and given additional safeguards (see §5).

• To deliver the service. Your training program, nutrition plan, mindset work, messages with your coach, scheduling, and billing.
• To honor your choices. Health-related details (injuries, medications you mention, progress photos) are only collected with your consent and only used to inform your coaching. You can withdraw at any time.
• To run the business. Minimal site logs for security and abuse prevention, replying to applications, and analyzing aggregate usage to improve the service.
• To meet legal obligations. Keeping financial records for the period required by US federal and state tax law (generally 7 years for the IRS).

We do not sell your personal information. We share it only with the service providers that help us operate Kairox, under a data processing agreement that limits what they can do with it:

• Hosting and infrastructure (Vercel), to serve the site and the client application.
• Email delivery (Resend), to send transactional emails such as application confirmations.
• Payment processing (your card processor, e.g. Stripe), to bill coaching fees. We do not store card numbers ourselves.
• Authority requests, where required by law, court order, or to prevent harm.

The current list of processors above may change as we improve the service. Material changes will be reflected on this page and announced to active clients.

Access to coaching data is limited to Allison and, where relevant, the processors named above. All client data is transmitted over TLS. Sensitive health data is treated as special-category data and kept in coaching records separate from marketing or billing systems.

• Applications that don't lead to a coaching engagement: deleted within 12 months.
• Active client records (programs, check-ins, messages): kept for the duration of your engagement plus 24 months, so you can return without re-onboarding.
• Invoices and financial records: kept for 7 years (US IRS standard for business records).
• Progress photos: deleted on request, otherwise treated like coaching records.

Regardless of where you live, you can ask us to:

• Send you a copy of the personal information we hold about you.
• Correct anything inaccurate.
• Delete your data (subject to legal retention obligations like tax records).
• Stop using your data for any non-essential purpose.
• Withdraw any consent you previously gave.

To make any of these requests, email admin@kairox.co. We respond within 45 days (the standard set by California’s CCPA) and usually much faster.

We do not sell or share your personal information. We also do not use it for behavioral advertising. If you’re a California resident, you have the right to opt out of sale or sharing under the CCPA/CPRA, but there’s nothing to opt out of here.

Although we are a US business primarily serving US clients, we honor the additional rights granted under the EU/UK General Data Protection Regulation (GDPR) for any clients located in those regions. In addition to the rights above, you can:

• Object to processing based on legitimate interest.
• Restrict processing while we resolve a dispute.
• Request data portability (a machine-readable export).
• Lodge a complaint with your local data-protection authority.

Email admin@kairox.co for any GDPR-related request. We respond within 30 days.

The marketing site (kairox.co) does not set advertising or analytics cookies. The client application (the PWA) uses a first-party authentication cookie to keep you signed in. That cookie is strictly necessary for the app to work, and is deleted when you sign out.

Your data is processed primarily in the United States. Some of our service providers (e.g. Vercel for hosting, Supabase for database, Resend for email) may operate data centers in other regions, including the EU. For any data transfers involving EU/UK residents, we and our processors rely on appropriate safeguards such as the EU Commission’s Standard Contractual Clauses.

Kairox is for adults (18+). We do not knowingly collect personal data from anyone under 18. If you believe we have, contact us and we will delete it.

We may update this policy from time to time. Material changes will be announced by email to active clients and reflected in the “Last updated” date at the top of this page.

Questions, requests, or complaints? Email admin@kairox.co.