AjitoCoaches Toolbox

Privacy Policy

Last updated: April 13, 2026

Ajito LLC ("Ajito," "we," "us," or "our") operates the Coaches Toolbox application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (or OAuth credentials if you sign in with Google or Microsoft). If you are invited by a coach, we also associate your account with your coach.

Calendar Data

With your explicit consent, we access your Google Calendar or Microsoft 365 calendar data in read-only mode. We retrieve meeting titles, times, durations, attendee lists, and locations. We do not access the content of your emails, documents, or files.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, and session duration. This data is used to improve the product and is not sold to third parties.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To classify your meetings against the Ajito Leadership Competency Framework using AI
  • To generate personalized insights and recommendations
  • To enable coach-client collaboration features
  • To send you service-related communications
  • To detect and prevent fraud or abuse

3. AI-Powered Features

We use artificial intelligence to classify your calendar events by meeting type, competency, and time horizon. This processing occurs on our servers using your calendar data. AI-generated classifications can be reviewed and overridden by you at any time.

4. Data Sharing

Coach-Client Relationship

If you are linked to a coach, your coach can view your calendar statistics, goals, and meeting classifications. Your coach cannot access the raw content of your calendar events or personal notes unless you explicitly share them.

Third Parties

We do not sell your personal information. We may share data with third-party service providers who assist in operating the Service (e.g., cloud hosting, payment processing), subject to confidentiality obligations. We use:

  • Amazon Web Services (AWS) for hosting and infrastructure
  • Stripe for payment processing
  • Google and Microsoft APIs for calendar integration

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS) and at rest
  • Calendar OAuth tokens are encrypted using AES-256-GCM before storage
  • Tokens are stored server-side only; no sensitive credentials are kept in the browser
  • We follow SOC 2 compliance standards
  • Access to production systems is restricted and audited

6. Data Retention

We retain your account data and calendar history for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Upon deletion, we will remove your data within 30 days, except as required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and personal data
  • Export your data in a portable format
  • Withdraw consent for calendar access at any time
  • Object to certain processing activities

8. Cookies

We use essential cookies for authentication and session management. We use HTTP-only, secure cookies for OAuth ticket exchange. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@ajito.io.