Security

Privacy & Security at Simply.Coach

With great trust comes great responsibility!

The world's most secure coaching management platform
We follow the tenets of 'Security by Design'. Simply.Coach has been built with security at its heart. Having built global SaaS platforms with GDPR & ISO 27001 compliance, our founders back themselves with robust data security and privacy practices that form an integral part of our product engineering and service delivery principles.

Protecting your data

Simply.Coach has been audited and certified compliant for SOC2, HIPAA, GDPR (Europe & UK) standards

HIPAA has three rules that protect patient health information:

1) The Privacy Rule: Protects “individually identifiable health information” (PHI) in any form, including electronic, paper, or oral.

2) The Security Rule: Protects patient health information.

This means increased trust for your practice among prospective clients!

GDPR compliance requires meeting the requirements for handling personal data as defined in the General Data Protection Regulation (GDPR). It is a binding regulation that was created by the European Union to regulate how organizations collect, handle, and protect the personal data of EU residents

With Simply.Coach’s GDPR compliance, clients have greater control over how their data is collected, processed, and used. Compliance with GDPR principles such as data minimization, transparency, and consent ensures that clients’ personal information is handled ethically and lawfully.

SOC 2, or Service Organization Control Type 2, is a voluntary cybersecurity framework that assesses an organization’s information systems for security, availability, processing integrity, confidentiality, and privacy.  

SOC 2 compliance standards include:

1) Security: Protecting information and systems from unauthorized access
2) Availability: Maintaining infrastructure, software, and information
3) Processing integrity: Ensuring systems perform as intended

Because Simply.Coach is SOC2-compliant, your clients can rest assured that their data is processed and stored securely. It involves rigorous auditing of internal controls, risk management practices, and data protection measures, giving clients confidence in the reliability and trustworthiness of the service provider. With Simply.Coach’s SOC2 compliance, you avoid any risks associated with data breaches, downtime, or inadequate security measures.

  • We use AWS (Amazon Web Services), the worlds #1 trusted hosting partner.
  • Our dedicated clusters are deployed in a unique Virtual Private Cloud (VPC) with dedicated firewalls.
  • Database Access is restricted to our production application server through a secure tunnel. No one (including our engineers) has access to the data.
  • Access to our platform is secured by a SHA 256-bit encryption with 2048-bit key-strength for data access. This means that all your data is encrypted the moment it leaves your computer and is securely uploaded to our servers.
  • All network traffic is encrypted using Transport Layer Security (TLS)
  • Encryption for data at rest is automated using encrypted storage volumes

Our platform comes built-in with role-based access through IAM that enforces segregation of duties so that data is only shown to the user who has valid access rights in place.

  • Passwords are protected with hashed salts; which means no one (including us) can see your password.
  • Accounts are automatically locked after 5 failed attempts
  • Password reset links are valid only for 6 hours

Secure Product Development

Our platform has been developed securely and tested at every stage right from design to deployment, to ensure the highest level of security for your and your client's data.

Access to the production environment is restricted with a private key locked to our founder’s device. No one else has access to the production environment.

  • Our product roadmap is reviewed periodically, security fixes are prioritised and are bundled in the earliest possible sprint.
  • All changes are tested by the Quality Assurance team, and criteria is established for performing code reviews, web vulnerability assessment, and advanced security tests.
  • Builds are put through stringent functionality tests, performance tests, stability tests, and UX tests before the build is certified “Good to go”.
  • Source Code is managed centrally with version controls, and access is restricted based on various teams assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

Highly Resilient Architecture

Our platform is built with resiliency in mind to ensure high availability for the product and data.

We automatically distribute application traffic across multiple availability zones that support high availability, auto-scaling and robust security.

We have near real-time backups taken across multiple availability zones in encrypted and access-controlled containers.

We have procedures established for reporting incidents, and tracking it for timely communication, investigation, and resolution.

We use Cloudfront (a global leader) as our CDN partner to distribute service spatially relative to end-users to provide high availability and high performance

Frequently Asked Questions

Since these are confidential documents, the reports are accessible on request for our Leap & Surge customers after signing an NDA

Yes we certainly do. Please reach out to our help desk and we will share the BAA signatures with you.

Take Simply.Coach for a spin!

Explore its possibilities for your business

We've got exclusive content, just for you!
Subscribe to our mailing list and receive actionable content designed to help you grow in different stages of your business journey.
We're committed to your privacy. Simply.Coach uses the information you provide to us to contact you about our relevant content, products and services. You may unsubscribe from these communications at any time. For more information, check out our privacy policy.