Privacy Policy

Overview

ReGenesis, Inc., a Delaware public benefit corporation ("ReGenesis," "we," or "us"), provides a governed coaching platform that helps coaches, the people they coach ("coachees"), and organizations run reflective coaching engagements. This Privacy Policy applies to the ReGenesis marketing site (myregenesis.ai) and the ReGenesis application.

ReGenesis is currently offered as an invite-led pilot. We collect only the information needed to provide and operate the coaching service, and we apply role-based, least-privilege access controls to it. We do not sell your personal information, and we do not use your content to train general-purpose AI models.

Information We Collect

• Account and identity data. When you sign in, authentication and basic identity information (such as name and email) are handled through our authentication provider, WorkOS. We receive the profile and organization information needed to establish your account and role.

• Coachee onboarding and baseline information. Intake and baseline information that a coachee provides during onboarding so a coach can tailor the engagement (for example, goals, reflections, and context the coachee chooses to share).

• Session content and AI-generated notes. Coaching session transcripts and the AI-assisted notes and summaries generated from them. Access to this content is restricted behind service boundaries and governed by privacy tiers and consent — see "How Coaching Content Is Protected" below.

• Consent records. Records of the consent you give or withhold (for example, consent to record a session or to share content with a coach), including when consent is granted or revoked, so we can honor and audit those choices.

• Connected-service data (Google). If you connect a Google account, the data described in the "Google User Data" section below.

• Usage and operational data. Technical and operational data needed to run and secure the service, such as log and audit events, device and browser information, and diagnostic data. Audit references may be retained in anonymized form.

How We Use Information

We do not sell your personal information. We do not use your coaching content, transcripts, or connected-service data to train general-purpose AI models, and we do not use it for advertising.

• To provide and operate the coaching platform, including session capture, AI-assisted notes, and the features you and your coach use.
• To apply privacy tiers, consent, and access controls so the right people see the right data and nothing more.
• To secure the service, prevent abuse, debug, and maintain audit and operational integrity.
• To communicate with you about your account, the pilot, and material changes to the service or this policy.
• To comply with legal obligations.

Google User Data

ReGenesis offers an optional Google integration so coaches can bring relevant context into their coaching workflow. You connect Google only if you choose to, and you can disconnect at any time. This section describes exactly which Google data we access, how we use it, and how we protect it.

Scopes we request

How we use and protect Google data

• We use Google data only to provide the specific features you explicitly connect — surfacing your calendar events and, when available, importing documents you choose. We do not use it for any other purpose.
• Google OAuth tokens are encrypted at rest (AES-256-GCM), scoped to the connecting coach and organization, and never exposed to the browser. Connected data inherits the same per-tenant isolation and governed, audit-logged access as the rest of your data.
• We do not sell Google user data, do not transfer it except as needed to provide these features, do not use it for advertising, and do not use it to train general-purpose AI models.
• You can disconnect Google at any time, which stops future access. You can also revoke ReGenesis’s access directly from your Google Account security settings.

How Coaching Content Is Protected

Coaching transcripts and AI-generated notes are among the most sensitive data we hold, and they are treated that way. Access stays behind service boundaries and is governed by privacy tiers and explicit, revocable consent: a coachee previews and approves what a coach can see, and organization administrators see only aggregated, anonymized analytics rather than individual session content.

AI-assisted notes are generated using Anthropic Claude models accessed through Amazon Bedrock (AWS). AI processing is service-bounded and ephemeral: your content is not retained by the model provider for training, consistent with our zero-retention posture. Certain categories of highly sensitive data are never sent to AI models.

Service Providers and Subprocessors

We use a small set of trusted infrastructure and service providers to operate ReGenesis. They process data on our behalf, under contract, only to provide their service to us:

• Amazon Web Services (AWS) — cloud hosting, storage, and AI model access via Amazon Bedrock.
• WorkOS — authentication and identity (sign-in, organizations, and directory).
• Anthropic — provider of the Claude AI models we access through Amazon Bedrock, under a zero data-retention posture.

Security

We encrypt data in transit (TLS 1.3) and at rest (AES-256-GCM), apply per-tenant isolation and dedicated encryption keys via AWS KMS, and enforce role-restricted, least-privilege, audit-logged access. Our broader security posture — including our compliance roadmap (SOC 2 in progress, HIPAA-ready, and GDPR designed-to-standard) — is described on our Security page.

Data Retention and Deletion

We retain personal data for as long as needed to provide the service and to meet legal, security, and operational obligations. Session recordings are subject to automatic expiration, while transcripts and notes persist to support the coaching engagement until deleted.

When data is deleted, we remove it from primary stores and backups and provide a signed deletion receipt. Audit-log references may be retained in anonymized form for integrity and security purposes.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can export your data in standard formats before deletion. To exercise these rights, contact us using the details below; we will respond consistent with applicable law.

Children's Privacy

ReGenesis is intended for use by adults in professional coaching contexts and is not directed to children. We do not knowingly collect personal information from children.

International Data Transfers

ReGenesis is operated from the United States, and data is stored in the United States (AWS US-East, Virginia). We do not currently target or market the service to individuals in the European Economic Area (EEA), United Kingdom, or Switzerland. If you access the service from outside the United States, your information will be transferred to and processed in the United States. Where we process the personal data of individuals in the EEA, UK, or Switzerland, we rely on appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum).

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice.

Contact Us

Questions about this policy or your data? Reach us at:

• Privacy and data requests: privacy@myregenesis.ai
• Security and vulnerability reports: security@myregenesis.ai