Purpose:Labs is committed to maintaining the highest standards of data protection and privacy compliance across all jurisdictions where we operate.
ICF Al Coaching Standards
Global
International Coaching Federation Al Coaching Standards for Data Privacy
Professional standards for Al-powered coaching services that ensure ethical use of Al and protection of client data in coaching relationships.
Key Requirements
Transparent Al usage disclosure to clients
Human oversight of Al coaching interactions
Confidentiality of coaching conversations
Secure storage and transmission of coaching data
Client consent for Al processing
Regular review of Al bias and fairness
How We Comply
We maintain transparency about AI usage, ensure human coach oversight, implement encryption at rest and in transit for coaching sessions, and regularly audit our AI systems for bias and ethical compliance.
GDPR
EU & UK
General Data Protection Regulation
The GDPR is the EU's comprehensive data protection law that governs how personal data of EU residents is collected, processed, and stored.
Key Requirements
Lawful basis for processing personal data
Data subject rights (access, rectification, erasure, portability)
Data protection by design and by default
Data breach notification within 72 hours
Privacy impact assessments for high-risk processing
How We Comply
We implement technical and organizational measures to ensure GDPR compliance, including encryption at rest and in transit, clear consent mechanisms, comprehensive privacy notices, and robust data subject rights processes.
FADP
Switzerland
Federal Act on Data Protection
Switzerland's updated data protection law that aligns with GDPR principles while maintaining specific Swiss requirements.
Key Requirements
Transparency in data processing
Data subject rights similar to GDPR
Data protection by design
Cross-border data transfer restrictions
Data breach notification requirements
Regular data protection impact assessments
How We Comply
Our GDPR-aligned practices ensure FADP compliance, with additional safeguards for Swiss data subjects and appropriate transfer mechanisms for international data flows.
CCPA/CPRA
USA
California Consumer Privacy Act / California Privacy Rights Act
California's comprehensive privacy law that grants consumers specific rights regarding their personal information.
Key Requirements
Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information
Right to non-discrimination for exercising privacy rights
Right to correct inaccurate personal information
Right to limit use of sensitive personal information
How We Comply
We provide clear privacy notices, honor all consumer rights requests, do not sell personal information, and implement opt-out mechanisms for California residents.
PIPEDA
Canada
Personal Information Protection and Electronic Documents Act
Canada's federal privacy law that governs how private sector organizations collect, use, and disclose personal information.
Key Requirements
Consent for collection, use, and disclosure
Limiting collection to necessary purposes
Accuracy of personal information
Safeguards for personal information
Openness about privacy practices
Individual access to personal information
How We Comply
We follow PIPEDA's ten privacy principles, obtain meaningful consent, limit data collection to stated purposes, and provide individuals with access to their personal information.
LGPD
Brazil
Lei Geral de Proteção de Dados
Brazil's general data protection law inspired by GDPR, regulating the processing of personal data in Brazil.
Key Requirements
Legal basis for processing personal data
Data subject rights (access, correction, deletion, portability)
Data protection by design and by default
Data breach notification
Privacy impact assessments
How We Comply
Our GDPR-compliant framework ensures LGPD compliance, with Portuguese-language privacy notices and appropriate legal bases for processing Brazilian personal data.
PDPA
Singapore
Personal Data Protection Act
Singapore's comprehensive data protection law that regulates the collection, use, disclosure, and care of personal data.
Key Requirements
Consent for collection, use, and disclosure
Purpose limitation and notification
Data accuracy and protection
Retention limitation
Data breach notification
Transfer limitation for personal data
How We Comply
We implement PDPA-compliant consent mechanisms, purpose limitation practices, security safeguards, and appropriate cross-border transfer safeguards for Singapore personal data.
Our Implementation Approach
Questions About Our Compliance?
Our team is available to answer questions about our compliance practices and help you understand how we protect your personal information.
Our compliance practices are regularly reviewed and updated to ensure continued alignment with evolving regulations.
Last reviewed: August 18, 2025