Privacy Policy
Last updated: 2026-05-08
TGP Platform is a SaaS product in active development, built and operated by Bradley Gleave (sole founder). This policy explains what data we collect, how we use it, and what rights you have over it. Because the platform is pre-launch, some services listed below are planned but not yet live — those are marked accordingly.
Information we collect
Account information
When you create an account we collect your name, email address, and a hashed password. Organisation owners and coaches may also provide billing information processed directly by Stripe — we do not store raw card details.
Usage data
We collect server-side logs of actions taken within the platform: which records were created, updated, or deleted, and by whom. This audit trail is a core part of how the product works and cannot be disabled. Log entries include timestamps, account IDs, and resource identifiers. They do not include message content from coaching sessions unless you explicitly enter that content into TGP.
Client records
Coaches and organisation owners enter client data — names, contact details, session notes, milestone progress — as part of normal platform use. This data belongs to the coach or organisation; TGP is the processor, not the controller, for that information.
Messages exchanged between a client and their coach may also be readable by the organisation owner (the head coach) when sent inside a TGP-managed thread. Clients can ask their coach which threads are owner-readable before sending sensitive content.
Analytics and support
We use PostHog (planned — not yet live on production) for product analytics, and Crisp (planned) for in-app support chat. These services may set cookies and collect browser metadata. We will update this policy when each service goes live.
How we use your information
- To operate and maintain your account and the services you access.
- To process payments via Stripe on behalf of coaches and organisations.
- To detect, investigate, and prevent security incidents and abuse.
- To improve the product based on aggregated, anonymised usage patterns.
- To respond to support requests.
- To comply with legal obligations where applicable.
We do not sell your data. We do not use your data for advertising. We do not share personally identifiable information with third parties except as described in the sub-processors section below.
Sub-processors
The following third-party services process data on our behalf. We maintain data processing agreements with each live sub-processor.
| Sub-processor | Purpose | Status |
|---|---|---|
| Vercel | Hosting and edge delivery of the web application. | Live |
| Managed Postgres (provider TBC) | Primary application database. | Live (provider to be finalised pre-launch) |
| Stripe | Payment processing and Stripe Connect for coach billing. | Live (test mode; production pending launch) |
| Cloudflare | DNS, CDN, and DDoS protection. | Live |
| PostHog | Product analytics (session data, event tracking). | Planned — not yet on production |
| Crisp | In-app support chat. | Planned — not yet on production |
Your rights
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with data protection law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data, subject to any legal retention obligations.
- Object to or restrict certain processing activities.
- Request a portable copy of your data in a machine-readable format.
- Lodge a complaint with your local supervisory authority if you believe your rights have been violated.
To exercise any of these rights, contact us at the address in the Contact section below. We will respond within 30 days. We do not yet have a formal Data Protection Officer; as a sole-founder pre-launch product, all data requests are handled directly by Bradley Gleave.
Data retention
Account data is retained for as long as your account is active. If you close your account, we will delete your personal data within 90 days except where retention is required by law (for example, financial records associated with Stripe transactions). Audit log entries are retained for 12 months and then purged.
Security
We use HTTPS for all data in transit. Application data is stored in an encrypted managed database. Access to production systems is restricted to the sole founder at this stage. We do not claim any specific security certifications. If you discover a security issue, please report it to the contact address below before disclosing it publicly.
Changes to this policy
We will update this policy as the platform evolves and new sub-processors are added. Material changes will be communicated by email to registered users. The date at the top of this page reflects the most recent update.
Contact
Questions about this policy or requests to exercise your data rights: privacy@tgp.so. If we do not yet have that address active, contact us via the support chat on the platform or through the contact form.