← DM Coach

Privacy Policy

Last updated: 14 July 2026

DM Coach (“DM Coach”, “we”, “us”, “our”) is operated by Darren Gibb (the “Controller”). This Privacy Policy explains what personal data we process, why, the legal bases we rely on, and your rights. For any privacy question, or to exercise your rights, email darren@darrengibb.com.

Who this policy covers

DM Coach is a private assistant provided to our clients (the “operators”) — typically coaches and consultants. It processes personal data about (a) the operator and (b) the operator’s own prospects/contacts, whose LinkedIn conversations the operator brings into the tool. For the operator’s own account data we are the controller; for prospect data an operator imports, the operator is the controller and we act as a processor on their instructions.

What we process, and why

Google Calendar

If you choose to connect a Google Calendar, DM Coach accesses your calendar’s free/busy information (the times you are busy or free) through Google’s Calendar API, solely to suggest open meeting times when you schedule calls. We request the minimum necessary scope (calendar.freebusy) and do not access event titles, attendees, descriptions, or contents. Your Google authorization token is stored encrypted and used only to read your free/busy on your behalf. You can disconnect at any time, which revokes our access.

DM Coach’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

AI processing

Message drafting uses third-party AI models (Anthropic and OpenAI). Conversation content is sent to these providers to generate suggestions. We do not permit these providers to use your data to train their models beyond what is necessary to provide the service, consistent with their terms.

Where your data is stored

Data is hosted on servers in the European Union (Germany), via Hetzner and Supabase. Some sub-processors below may process data in the United States under appropriate safeguards (e.g., Standard Contractual Clauses and/or the EU–US Data Privacy Framework).

Sub-processors

Sub-processorPurposeRegion
AnthropicAI model provider (message drafting)US
OpenAIAI model provider (message drafting)US
SupabaseAuthentication + database hostingEU / US
ApifyLinkedIn data retrievalEU
GoogleCalendar free/busy (only if you connect a calendar)US / global
HetznerServer hostingEU (Germany)

Retention

We retain personal data for the duration of the engagement and delete it on request or within 30 days of account closure, except where we must keep limited records to comply with a legal obligation.

Your rights

Under the UK GDPR and EU GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and the right to data portability. You may withdraw consent (for example, disconnect your calendar) at any time. To exercise any right, email darren@darrengibb.com. You also have the right to lodge a complaint with your data protection authority — in the UK, the Information Commissioner’s Office (ico.org.uk).

Security

We use encryption in transit and at rest for sensitive credentials (including your Google authorization token), access controls, and per-client data isolation.

Changes

We may update this policy; the “last updated” date above reflects the current version. We will notify operators of material changes.