This is the page where I tell you exactly what data I collect, why I have it, and what I do with it. No long legal labyrinth, no buried clauses. I'm the only person running Unbreakable Method, so the answer to every question is "this is what Sean does."
My name is Sean Gaynor Doyle. I'm the founder and sole operator of Unbreakable Method. I'm based in Ireland. The whole operation runs through this website, my one-to-one consultation, and the Unbreakable Companion, which is the AI coaching intelligence I built and trained on my Method doctrine.
This policy is written under the EU GDPR and the Irish Data Protection Act 2018. If you ever want to ask me anything about your data, the address is [email protected] and I answer it personally.
What I actually collect
The stuff you give me directly
- Your name and email so I can find you in the system and email you back.
- Your phone number if you book a consultation, because the call needs to go somewhere.
- Payment information, but I never see your full card number. Stripe handles that. I get the last four digits, the card brand, the country it was issued in, and a Stripe customer ID. That is it.
- Everything you write into your Companion. Messages, check-ins, voice notes, photos, documents you upload. That is the coaching surface. It only works if you can talk to it.
- Optional context you share to make the coaching better. Training, nutrition, sleep, stress, recovery. You decide what to put in. None of it is required.
The stuff your browser tells me automatically
- Your IP address, browser type, device type, and which pages you visited. I use this for one reason: to keep the site running and to spot abuse. I don't run ad pixels, I don't sell traffic data, and I don't share any of this with anyone except the hosting provider that needs it to deliver the page.
- A session cookie that keeps you signed in. That is the only cookie I set on you, and it lives only while you're in your account.
If you connect your Google account
Some parts of the Companion work better if you connect your Google account, because the Companion can then act on calendar, documents, and spreadsheets the way a real chief of staff would. This is optional. You choose whether to connect it, and you can disconnect at any time.
When you connect, Google asks you to grant me access through OAuth. Here is exactly what I ask for and exactly why:
- Your basic profile and email (openid, profile, email): so I know which Google account you connected and can attach it to your Unbreakable account.
- Google Calendar (calendar): so the Companion can read your schedule and write events you ask it to create. Used for time-blocking, training session scheduling, and the chief-of-staff use cases. The Companion never creates events without your instruction.
- Google Docs (documents): so the Companion can create check-in summaries, training programmes, and other artefacts in your Drive in a format you can keep forever.
- Google Sheets (spreadsheets): so the Companion can log structured data (macros, training volume, weekly metrics) to a sheet you own.
- Drive file access (drive.file): scoped to the documents and sheets the Companion creates for you. I don't get access to your entire Drive, only the files my app makes on your behalf.
What I do not do with this Google data:
- I do not use it to train any AI model. Not mine, not anyone else's.
- I do not sell it.
- I do not show it to advertisers. There are no advertisers.
- I do not look through it manually unless you have asked me to help with a specific issue and you have given me explicit permission for that session.
- I do not share it with third parties beyond the technical processors listed below that are necessary to keep the service running.
You can revoke my access to your Google account at any time, either inside the Companion ("disconnect Google") or directly at myaccount.google.com/permissions. The day you revoke is the day my access ends.
What I do with all of it
- I run your coaching programme. The Method manual I build for you, the Companion's daily and weekly check-ins, the pattern recognition that tells me when something has shifted in your training or your state. All of that runs on the data you share with me.
- I process your payment through Stripe.
- I email you when something on the system changes that affects you. I don't send marketing email to clients unless you opt in.
- I keep the platform secure and watch for misuse.
- I keep the records I'm legally required to keep under Irish tax law.
Who else sees it
I work with a small set of processors. Each one is bound by either an EU adequacy decision or Standard Contractual Clauses, which is the legal framework that lets EU data travel to certain non-EU jurisdictions safely.
- Stripe. Payment processing. Ireland and US presence.
- Cloudflare. Site hosting, DDoS protection, CDN. US-headquartered, with EU edge.
- Supabase. Encrypted database storage for your programme data. EU region.
- Google. Only if you have connected your Google account. Calendar, Docs, Sheets, Drive file access, scoped exactly as described above.
- OpenAI, Anthropic, and other model providers. The AI models that power the Companion's replies. Conversations go through their enterprise data agreements. No provider trains on your data. None of them are allowed to.
- An email delivery provider for transactional email only.
That is the entire list. I do not sell your data. I do not run advertising. I do not share your data with anyone outside this list.
Your rights under GDPR
You can do any of the following at any time:
- Ask me for a copy of everything I hold on you.
- Ask me to correct anything that is wrong.
- Ask me to delete everything ("right to be forgotten").
- Ask me to stop processing your data, or restrict what I process.
- Ask me to send you your data in a portable format so you can take it elsewhere.
- Lodge a complaint with the Irish Data Protection Commission at dataprotection.ie if you think I'm doing it wrong.
To exercise any of these, email me at [email protected]. I respond within 30 days, usually within a few.
How long I keep it
- Your account and programme data: while your subscription is active, plus 30 days after you cancel. After that I delete it, unless you ask me to delete sooner.
- Payment records: 7 years, because Irish tax law makes me.
- Technical logs: 90 days, then aggregated and anonymised so they no longer point at you.
Security
Everything moves over TLS. Database storage is encrypted at rest. Access to production is on multi-factor authentication. Payment card details never touch my servers, because Stripe handles that under PCI-DSS Level 1 certification, which is the strictest tier.
International transfers
Some of the processors I use are headquartered in the United States. Where that's the case, the transfer happens under Standard Contractual Clauses and the EU-US Data Privacy Framework, which is the current legal mechanism for moving EU personal data to the US safely.
Children
This service is for adults. I don't knowingly collect data from anyone under 18. If you think a minor has signed up, tell me and I'll delete the account.
Changes to this page
If I change something material, I'll email you and I'll update the date at the top. Continuing to use the service after a change means you accept the new version.