Security

Privacy & Security at Simply.Coach

With great trust comes great responsibility!

The world's most secure coaching management platform
We follow the tenets of 'Security by Design'. Simply.Coach has been built with security at its heart. Having built global SaaS platforms with GDPR & ISO 27001 compliance, our founders back themselves with robust data security and privacy practices that form an integral part of our product engineering and service delivery principles.

Protecting your data

Simply.Coach has been audited and certified compliant for SOC2, HIPAA, GDPR (Europe & UK) standards

Certificates & Audit Reports are available on request with an NDA

  • We use AWS (Amazon Web Services), the worlds #1 trusted hosting partner.
  • Our dedicated clusters are deployed in a unique Virtual Private Cloud (VPC) with dedicated firewalls.
  • Database Access is restricted to our production application server through a secure tunnel. No one (including our engineers) has access to the data.
  • Access to our platform is secured by a SHA 256-bit encryption with 2048-bit key-strength for data access. This means that all your data is encrypted the moment it leaves your computer and is securely uploaded to our servers.
  • All network traffic is encrypted using Transport Layer Security (TLS)
  • Encryption for data at rest is automated using encrypted storage volumes

Our platform comes built-in with role-based access through IAM that enforces segregation of duties so that data is only shown to the user who has valid access rights in place.

  • Passwords are protected with hashed salts; which means no one (including us) can see your password.
  • Accounts are automatically locked after 5 failed attempts
  • Password reset links are valid only for 6 hours

Secure Product Development

Our platform has been developed securely and tested at every stage right from design to deployment, to ensure the highest level of security for your and your client's data.

Access to the production environment is restricted with a private key locked to our founder’s device. No one else has access to the production environment.

  • Our product roadmap is reviewed periodically, security fixes are prioritised and are bundled in the earliest possible sprint.
  • All changes are tested by the Quality Assurance team, and criteria is established for performing code reviews, web vulnerability assessment, and advanced security tests.
  • Builds are put through stringent functionality tests, performance tests, stability tests, and UX tests before the build is certified “Good to go”.
  • Source Code is managed centrally with version controls, and access is restricted based on various teams assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

Highly Resilient Architecture

Our platform is built with resiliency in mind to ensure high availability for the product and data.

We automatically distribute application traffic across multiple availability zones that support high availability, auto-scaling and robust security.

We have near real-time backups taken across multiple availability zones in encrypted and access-controlled containers.

We have procedures established for reporting incidents, and tracking it for timely communication, investigation, and resolution.

We use Cloudfront (a global leader) as our CDN partner to distribute service spatially relative to end-users to provide high availability and high performance

Take Simply.Coach for a spin!

Explore its possibilities for your business