Privacy Policy
Last updated: May 7, 2026
Effective date: May 7, 2026
This is the privacy policy for the coaching service operated by Salman Kasi (referred to as "we", "us", "I"). It explains, in plain terms, what personal data is collected, why, how it's used, and what you can do about it.
If you have questions about anything in this policy, contact: salmankassi@gmail.com.
1. WHO IS RESPONSIBLE FOR YOUR DATA
The data controller is:
Name: Salman Kasi (sole trader)
Location: Helsinki, Finland
Email: salmankassi@gmail.com
Website: salmankasi.com
If you're an EU resident and want to make a complaint about how your data is handled, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) at https://tietosuoja.fi.
2. WHAT PERSONAL DATA IS COLLECTED, AND HOW
2.1 If you visit my website
Standard server logs (IP address, browser type, pages viewed, timestamps). Used for security and basic site analytics. Retained 90 days. Cookies if you accept them via the cookie banner. Strictly necessary cookies (for the site to function) are always on. Analytics or other optional cookies require your consent.
2.2 If you book a call or sign up for a webinar through Calendly
Your name and email address (you provide these to Calendly to book). Time zone (auto-detected by Calendly). Answers to any optional questions on the booking form (for example, "what would you like to talk about", or "if we connected on Reddit, what's your handle"). All form fields except your name and email are optional. Booking metadata: when you booked, which event type, whether you cancelled or rescheduled. Referral metadata: if you arrived from a link I sent you (for example, a Reddit DM), the link includes a referral tag so I can understand which outreach channels lead to bookings. This means if I sent you a Calendly link from a Reddit conversation, my system records which Reddit username received that link, and matches it with the email you used to book. This is used internally to evaluate which conversations convert and to prepare for our call. It is not shared with anyone, sold, or used to contact you outside the channel you originated from.
2.3 If we exchange messages on Reddit
Public Reddit username, public posts you've written, and the messages you and I exchange directly. A short summary of relevant posts may be saved in my customer relationship system so I can follow up sensibly without re-asking what you've already shared.
2.4 If you become a coaching client
Whatever you choose to share in our sessions, plus contact details for scheduling and invoicing. Payment details are processed by my payment provider — I do not store full card information.
2.5 Email correspondence
If you email me, I keep the email and any attachments you send. Used to respond to you and continue the conversation. Not used for marketing unless you've separately signed up for a list.
3. WHY YOUR DATA IS PROCESSED (LEGAL BASIS)
Under the EU General Data Protection Regulation (GDPR), personal data can only be processed if there is a lawful basis. Here is what applies and why:
Schedule and run coaching calls or webinars
Legal basis: Performance of a contract (Article 6(1)(b))
I cannot deliver the service without your contact details.
Reply to messages you send me
Legal basis: Performance of a contract or legitimate interest
If you wrote, you want a reply.
Outreach via Reddit DMs
Legal basis: Legitimate interest (Article 6(1)(f))
You posted publicly about something I help with; the outreach is one message and you can ignore or block.
Track which outreach channels convert (referral tags on links)
Legal basis: Legitimate interest
Helps me understand which audiences benefit from this work; data stays internal.
Send marketing or follow-up emails (planned)
Legal basis: Consent (Article 6(1)(a))
Only if you opt in via a signup form or check a box on a booking form.
Comply with tax and accounting law
Legal basis: Legal obligation
Invoicing records must be kept for a number of years under Finnish law.
You can object to processing based on legitimate interest at any time (see Section 6).
4. WHO YOUR DATA IS SHARED WITH
Your data is never sold. It is shared only with services I use to operate the coaching practice:
Calendly receives booking name, email, form answers, and time zone. Based in the USA, covered under the EU-US Data Privacy Framework or Standard Contractual Clauses.
Email provider (when added) receives your email address and any messages you send.
Hosting provider for my website receives server logs as described above.
Webshare receives Reddit URLs and responses passing through their proxy network when my system scrapes public Reddit posts. They do not receive any user-submitted content (booking forms, messages, coaching session content). Based in the USA, covered under Standard Contractual Clauses.
Payment processor (when applicable) receives name, email, and payment information. Card details are handled by the provider directly; I do not see them.
I may also disclose data if required by law (court order, tax audit, etc.). I do not share data with advertising networks, data brokers, or social media platforms.
5. HOW LONG YOUR DATA IS KEPT
Server logs: 90 days
Calendly bookings: as long as Calendly's policy provides; copies in my system kept for 2 years after last contact
Reddit conversations: up to 2 years from last message, then archived or deleted
Coaching client records: 6 years after last contact (Finnish tax and accounting law)
Email correspondence: 2 years after last reply, unless ongoing
Referral and attribution data: 2 years, then aggregated and personal identifiers removed
Marketing email opt-in (when applicable): until you unsubscribe
You can request earlier deletion at any time (see Section 6).
6. YOUR RIGHTS
You have the following rights over your data, under GDPR. To exercise any of them, email salmankassi@gmail.com. I will respond within 30 days.
Right of access: get a copy of the data I hold about you.
Right to rectification: correct inaccurate or incomplete data.
Right to erasure (right to be forgotten): ask me to delete your data, subject to legal obligations such as tax records.
Right to restrict processing: ask me to stop using your data while we sort something out.
Right to object: object to processing based on legitimate interest, including referral tracking and Reddit outreach.
Right to data portability: get your data in a machine-readable format to take elsewhere.
Right to withdraw consent: where processing is based on consent (e.g. marketing email), you can withdraw at any time.
Right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) at https://tietosuoja.fi.
7. INTERNATIONAL TRANSFERS
Some of the services I use (notably Calendly) are based in the United States. Where data is transferred outside the European Economic Area, the transfer is covered by the EU-US Data Privacy Framework or Standard Contractual Clauses, which are the legal mechanisms recognised under GDPR for protecting your data in countries outside the EEA.
8. CHILDREN
This service is for adults. I do not knowingly collect data from anyone under 18. If you believe a child has shared data with me, contact me and I will delete it.
9. SECURITY
I use reasonable technical and organisational measures to protect your data, including encrypted communication (HTTPS) on the website, access tokens and credentials stored locally with file-system permissions limiting access, and no public sharing of internal databases or logs.
No system is perfectly secure. If a data breach affecting your personal data occurs, I will notify the Finnish Data Protection Ombudsman within 72 hours and contact you directly if there is a high risk to your rights.
10. CHANGES TO THIS POLICY
If this policy changes, the "Last updated" date at the top will change and the new version will be posted at the same URL. Material changes (changes that affect what data is collected or how it's used) will be highlighted at the top for at least 30 days.
11. CONTACT
For any privacy question, request, or concern:
Salman Kasi
Helsinki, Finland
This policy is written in plain terms to be clearly understood. If anything is unclear, ask me — that's the point.