Nextro

Legal

Privacy Policy

Last updated: March 1, 2026

1. Who we are

Nextro is operated by COACHFLO LTD, a company registered in England and Wales (Company No. 17052803) ("Nextro", "we", "us", "our").

COACHFLO LTD is the data controller for personal data processed through the Nextro platform. For data protection enquiries, contact us at admin@nextroapp.com.

Coaches act as independent data controllers in respect of personal data relating to their Clients and are responsible for their own compliance with applicable data protection law when processing Client data outside the platform.

2. What data we collect

From Coaches (registered users):

  • Account information: name, email address, and password (hashed by Firebase Authentication).
  • Business information: gym address, online session links, arrival instructions, payment preferences.
  • Stripe Connect data: Stripe account ID and onboarding status (we do not store card or bank details).
  • Session and booking data: availability slots, session types, cancellation reasons, refund records.
  • Subscription and billing records: plan status, payment history via Stripe.
  • Technical data: IP address, browser type, device information, access timestamps.

From Clients (people who book sessions):

  • Booking details: name, email address, phone number, booked session time and type.
  • Payment status: whether a session was paid by card or cash, and payment outcome (processed by Stripe; we do not store card numbers).
  • Technical data: IP address and browser type collected during the booking process.

3. How we use your data

We process personal data for the following purposes:

  • Providing and operating the Nextro platform and its features.
  • Creating and managing Coach accounts and authentication.
  • Facilitating bookings and payment processing via Stripe Connect.
  • Sending booking confirmation and reminder emails to Clients (via Resend).
  • Managing subscriptions and credit balances.
  • Detecting and preventing fraud, abuse, and security incidents.
  • Complying with our legal obligations (including tax and financial record-keeping).
  • Providing customer support and responding to enquiries.

Transactional service emails (such as booking confirmations, reminders, security notifications, and billing communications) are necessary for the performance of the service and cannot be opted out of while maintaining an active account.

4. Legal bases for processing (UK GDPR)

We rely on the following legal bases under UK GDPR Article 6:

  • Contract (Art. 6(1)(b)): processing is necessary to provide the Nextro service to Coaches, and to fulfil the booking transaction with Clients.
  • Legitimate interests (Art. 6(1)(f)): processing is necessary for our legitimate interests including platform security, fraud prevention, improving service reliability, and direct communications with existing users. We have carried out a balancing test and concluded our interests do not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): where we are required to process data to comply with applicable law (e.g. financial record-keeping, responding to lawful requests from authorities).
  • Consent (Art. 6(1)(a)): where we rely on consent (e.g. for optional communications), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Third-party data processors

We share personal data with the following processors, who are contractually bound to process data only on our documented instructions:

  • Google LLC / Firebase — provides authentication, Firestore database, and cloud infrastructure. Data may be stored on Google Cloud servers in the EU/UK or US. Transfers outside the UK are covered by Google's Standard Contractual Clauses and adequacy decisions where applicable.
  • Stripe Technology Europe, Limited — processes card payments via Stripe Connect. Stripe is an independent controller for its own services and is subject to its own privacy policy. Stripe may transfer data internationally in accordance with its data transfer mechanisms.
  • Resend Inc. — provides transactional email delivery (booking confirmations and reminders). Client email addresses are shared with Resend solely for the purpose of sending emails triggered by a booking.
  • Vercel Inc. — provides hosting and edge infrastructure for the Nextro web application. Vercel may process request metadata (such as IP addresses) as part of its logging.
  • Google LLC / Firebase Analytics — used to collect anonymised usage data about how coaches interact with the platform. Only activated after you accept cookies via the cookie consent banner. Governed by the Google Privacy Policy.
  • Meta Platforms, Inc. — Meta Pixel is used to track page visits on the Nextro marketing site for advertising attribution and audience analytics. Only activated after you accept cookies. Governed by the Meta Privacy Policy. We do not share Client personal data with Meta.

We do not sell personal data to third parties. Non-essential tracking tools (Firebase Analytics, Meta Pixel) are only activated after explicit cookie consent.

6. Data retention

We retain personal data for as long as necessary to fulfil the purposes described above:

  • Coach account data: retained for the duration of the account and for up to 7 years after account closure for financial and legal compliance purposes.
  • Booking and Client data: retained for up to 7 years to support tax records and potential dispute resolution, unless a shorter period is required or Coaches request earlier deletion.
  • Authentication logs and technical data: retained for up to 90 days for security and incident investigation purposes.

When data is no longer required, it is securely deleted or anonymised.

7. Your rights under UK GDPR

Depending on the circumstances, you may have the following rights in relation to your personal data:

  • Right of access: to receive a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to have your data deleted in certain circumstances ("right to be forgotten").
  • Right to restriction: to restrict our processing of your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to object: to object to processing based on legitimate interests.
  • Rights related to automated decision-making: we do not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, contact us at admin@nextroapp.com. We will respond within one calendar month. We may need to verify your identity before fulfilling a request.

8. Security

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data storage (via Firebase), HTTPS encryption in transit, access controls, and httpOnly authentication cookies.

No system can guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to individuals, we will notify affected individuals and the Information Commissioner's Office (ICO) as required by UK GDPR.

9. International data transfers

Some of our processors (including Google/Firebase and Vercel) may transfer or store data outside the UK or EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner, adequacy decisions, or the UK International Data Transfer Agreement (IDTA).

10. Cookies

We use cookies and similar technologies on Nextro. For full details, please see our Cookie Policy.

11. Right to complain to the ICO

If you believe we have handled your personal data unlawfully or have not addressed your concerns satisfactorily, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the revised policy on this page with an updated "Last updated" date. For material changes, we will take reasonable steps to notify you.

13. Contact

For any privacy-related questions or to exercise your data rights, contact us at: admin@nextroapp.com
COACHFLO LTD, Company No. 17052803, England and Wales.

Terms & ConditionsCookie Policy
We use performance cookies to improve Nextro. Cookie policy