CoachAccountable Security

Use a cloud platform with confidence: everything you need to know about entrusting your data with CoachAccountable.

Hosting Environment

Diagram of the flow of data in and around CoachAccountable

CoachAccountable is hosted with INAP in a SOC 2-Certified data center located in the United States (Chicago, Illinois, to be exact), in a HIPAA-compliant hosting environment protected by a hardware Web Application Firewall. The split server architecture has the database located in a DMZ that is inaccessible to web traffic.

All web traffic to and from CoachAccountable is encrypted via TLS/SSL, mandated by HSTS (HTTP Strict Transport Security).

Outside of allowed web traffic, connection to the environment is only allowed via SSH to authenticated users who are logged into the VPN.

The CoachAccountable database is backed up nightly, and stored encrypted offsite with Amazon S3.


Regulatory Compliance

CoachAccountable is fully GDPR compliant. We do NOT have separate policies for users from parts of the world outside of the European Union, so all users worldwide enjoy the same protections and rights over their data and how it is used by CoachAccountable.

You can find complete details on what data we capture and how we use it in our Privacy Policy. Use of CoachAccountable is subject to our Data Processor Addendum, which outlines our mutual responsibilities in our handling of your data (and the data of your clients), as well as our operating procedures for secure data handling.

CoachAccountable is NOT HIPAA compliant. Our server environment is HIPAA compliant, and generally our policies and practices around data handling are in line with HIPAA regulations, BUT many of the requirements for HIPAA compliance are antithetical to a frictionless user experience that CoachAccountable is designed for. If you require HIPAA compliance, CoachAccountable is not the solution for you.


Operating Procedures for Data Handling

CoachAccountable is the responsible stewards of any data you or your clients enter into the platform. As such, authorized staff have the ability to access customer data and will do so with discretion when requested, either to provide assistance or trouble shooting.

All staff access to customer data is logged and periodically reviewed, and all staff are subject to a data security agreement covering their obligations and responsibilities.


Privacy Policies

Our Privacy Policy and Data Processor Addendum outline our practices and obligations as handlers of our customers' data.

We are proud to not in any way be in the business of trafficing in data for the purposes of advertising, researching, selling, etc, and we are proud to afford the rights and protections guaranteed to citizens of the EU (as mandated by the GDPR) to ALL users worldwide.

See our complete privacy documents for more detail:


Maintaining Security

Rigorous competence and awareness rule the day in the building, hosting, and securing of CoachAccountable and the data it holds.

Pen tests? Yes, the last was performed March 2024.

Bug bounty program? Yes, we're keen to work with security researchers and reward them for their findings.


Getting Data Out

Ultimately YOU own all the data that you enter into CoachAccountable, and that data is easy to get out in a variety of formats. This includes:

  • Reports as CSV files
  • Client records as portable HTML files
  • All user uploaded files
  • Account content in a raw, machine-readable format (JSON)
  • Full API access




Sound reliable?
It is.

Loading...