A plain-language version of how this practice handles your information, followed by the legal disclosures.
Coaching does not diagnose, treat, or cure mental-health conditions. Zach Dornisch is not a licensed therapist, psychologist, psychiatrist, or medical professional, and nothing exchanged in a coaching engagement constitutes medical or mental-health advice.
If you are experiencing a mental-health crisis, suicidal ideation, or symptoms of a clinical condition, please contact a licensed mental-health professional, your physician, or — in the US — call or text 988 (Suicide & Crisis Lifeline). Outside the US, contact your local emergency services.
If during our work together I form the view that coaching is not the right fit and clinical support would serve you better, I will say so and try to point you in a useful direction.
Account information (name, email, password hash, optional pronouns and timezone), payment information (handled by Stripe — we never see card numbers), and the work product of our engagement: session bookings, messages you send, journal entries you choose to share, worksheet and form responses, and notes I take.
To deliver coaching: scheduling, session reminders, secure messaging, credit tracking, and the record-keeping you would expect of an ongoing professional relationship. We also use it for billing and tax records, and — in aggregated, non-identifying form — to improve the service.
We do not sell your information. We do not share it with advertisers. We do not train third-party AI models on it.
Your data lives in a Supabase Postgres database hosted in the United States, encrypted at rest. Files you upload are stored in Supabase Storage with the same row-level access controls. Payment data is held by Stripe under their PCI-DSS compliance.
Each client’s data is isolated by row-level security policies — another client cannot read yours, and you cannot read theirs.
The service uses a small number of vendors, each scoped to a specific purpose:
You can export your data at any time from Settings → Security. You can request deletion of your account and all associated data; we will retain the minimum required for tax and legal compliance (typically seven years for invoices) and confirm the rest is gone within 30 days. You can correct or update your profile information at any time.
We use a small set of essential cookies for authentication and session state. We use privacy-respecting analytics (Vercel Analytics) that does not set tracking cookies and does not share data with advertisers. We do not use Google Analytics, Meta pixels, or similar.
Coaching sessions are confidential between you and me. If a session is recorded for your own reference, I’ll tell you before we start and the recording is yours — stored alongside the session in your account. I keep my own private notes for continuity; you can request to see anything I have written about you.
If this policy changes in a way that affects how your data is handled, you’ll get an email with at least 14 days’ notice before the change takes effect.
Questions about this policy or how your information is handled? hello@zachdornisch.com. I read every message myself.
Last updated: April 2026.