Security

At CoachVantage, data protection and security is paramount

The protection and security of our customer data is given high priority at CoachVantage. Listed here are the measures we adopt to ensure the integrity of your data:

 

1. PRODUCT SECURITY

Reliability

Our Cloud-based platform is engineered for redundancy and high availability.

The hosted servers we use have SLAs for 99.99% availability.

Our platform uses load balancing techniques to auto-scale when demand is high.

Passwords

User sessions and tokens are securely stored and managed by JWT tokens.

Passwords are encrypted using Bcrypt hashing algorithm. Individual users can only reset their own password.

We enforce a very strong password requirement for all users to log in to their accounts.

The password must meet the complexity strength validation requirements for a very strong password.

 

2. NETWORK AND APPLICATION SECURITY

Data Hosting

At the infrastructure level, CoachVantage is deployed on Heroku (a SalesForce company) cloud application platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX). You can read more about Heroku’s security policy here: https://www.heroku.com/policy/security

Backups

Our database is continuously versioned for recovery purposes using scheduled postgresql backups

Encryption and Sessions

Our web application (https://app.coachvantage.com) is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.

Sessions are authenticated with a 23-character security token.

All network traffic is encrypted both inside and outside our network.

Users are automatically logged out of each session after a prolonged period of inactivity and re-login is required to access the application.

 

3. ADDITIONAL SECURITY MEASURES

We do not store your Credit Card details. We outsource the processing of your payments to Stripe, a specialist secure PCI DSS compliant company. You can view Stripe's credentials here:

Stripe Privacy Policy

Stripe Security

 

Segregation of Duties

CoachVantage staff do not have access to your data.

The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account.

In such circumstances, we will only access your data with your express permission.

Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.

REQUEST A DEMO

Contact us for a one-on-one demo. We'd love to learn more about your coaching business and how CoachVantage can help you succeed.