·04 — Changes

Changes
to our
legal docs.

Maintained continuously

Plain-English log of revisions to our Privacy Policy, Terms of Service, and sub-processor list. We bump the effective date on the relevant document whenever it changes materially, and note what changed (and why) here.

What we log

We aim to log every change to the live versions of the three documents linked above, whether material or minor. The line between "material" and "minor" can be subjective; if you spot a change you think should have been called out and wasn't, email privacy@seshman.com and we'll backfill the entry.

For material changes — new processing purposes, new categories of personal data, new sub-processors, changes to retention, changes to legal basis, or any change that affects your obligations or rights — we also notify trainers via in-app banner and (where we have your email address) by email at least 30 days before the change takes effect.

Change log

[Publication date TBD]

Comprehensive rewrite of the Privacy Policy and Terms of Service

Both documents were rewritten to reflect Seshman's current product surface, including offline clients, transactional email handling, push notifications, our sub-processor footprint, and the operator identity of Inca Labs Limited. The sub-processor list was published as a new standalone page, and this change log was created.

Material changes:
- New "Roles" section in the Privacy Policy explaining that trainers are data controllers for their clients' data and Seshman is the processor, plus the cases where Seshman is also a separate controller (email delivery infrastructure, suppression list, audit logging, abuse handling, anonymised retention).
- New "Training-related personal information" section setting out the explicit-consent basis (UK GDPR Article 9(2)(a)) for goals, injuries, and health-related notes. Existing users will be asked to confirm consent in-app when paid-feature rollout reaches them.
- New "Offline clients" section setting out the Article 14 disclosure split — Seshman handles disclosure by email footer where the offline client has an email on file; the trainer carries the disclosure burden where they don't.
- New "Push notifications" section disclosing the use of Apple Push Notification Service, Google Firebase Cloud Messaging, and Expo Push (650 Industries, Inc.).
- New "Sub-processors and international transfers" section pointing to /sub-processors and naming the UK Extension to the EU-U.S. Data Privacy Framework + UK IDTA / EU SCCs as the transfer mechanisms.
- New retention table replacing the generic "as long as your account is active" line, including the 6-year HMRC-driven anonymised retention for invoices.
- New "Your obligations as a trainer" section in the Terms of Service codifying the warranties around existing service relationships, lawful basis, explicit consent for health-related fields, emergency contacts, minors, and Article 14 disclosure.
- New Data Processing Agreement embedded as Schedule 1 of the Terms of Service.
- New "Service status (beta)" clause acknowledging Seshman is in beta and is provided "as is".
- Subscriptions section pre-states the future billing model (Apple In-App Purchase, Google Play Billing, RevenueCat, Stripe) marked as not yet active.
- Operator identity (Inca Labs Limited, company number 14731709, VAT GB438261686, registered office at 167-169 Great Portland Street, Fifth Floor, London, W1W 5PF) named in both documents.
Minor changes:
- Email categories list updated to enumerate the eight current transactional emails: invoices, payment receipts, payment reminders, session schedule confirmations, session cancellations, session summaries, welcome messages, and security or account alerts.
- Payment reminder wording corrected to reflect that reminders go by email to all clients with an email address on file (in addition to a push notification for app clients), rather than only to clients without the app.
- Sub-processor list corrected: replaced "Vercel" with "AWS Amplify" (marketing site has always been on Amplify), confirmed Plausible as the analytics provider, and added the previously-omitted entries (SES, SNS, RDS, App Runner, CloudWatch, APNs, FCM, Expo Push, App Store, Google Play).
- Open-tracking pixels and click-tracking link rewrites disabled at the email-delivery configuration level — and the absence of tracking is stated explicitly in the Privacy Policy.
- Privacy contact moved from info@seshman.com to privacy@seshman.com.
- Children's-data threshold clarified at 13 (UK GDPR Article 8) with trainer-warranty cover for under-13s.
- Plain-English summary boxes, tables of contents, and per-section anchors added to both legal documents for navigability.
The changes do not require existing users to re-accept the Terms — continued use of the service after the effective date constitutes acceptance of the rewrite, per the "Changes to these Terms" clause.

Earlier versions

We keep prior published versions of our legal documents in our internal records and can produce them on request. Email privacy@seshman.com if you need a copy of an earlier version for any reason.

Contact

Questions about a change, or about anything else legal: privacy@seshman.com.

Seshman is operated by Inca Labs Limited, 167-169 Great Portland Street, Fifth Floor, London, W1W 5PF, United Kingdom.