The protection and security of our customer data is given high priority at CoachVantage. Listed here are the measures we adopt to ensure the integrity of your data:
1. PRODUCT SECURITY
Our Cloud-based platform is engineered for redundancy and high availability.
The hosted servers we use have SLAs for 99.99% availability.
Our platform uses load balancing techniques to auto-scale when demand is high.
User sessions and tokens are securely stored and managed by JWT tokens.
Passwords are encrypted using Bcrypt hashing algorithm. Individual users can only reset their own password.
We enforce a very strong password requirement for all users to log in to their accounts.
The password must meet the complexity strength validation requirements for a very strong password.
2. NETWORK AND APPLICATION SECURITY
At the infrastructure level, CoachVantage is deployed on Heroku (a SalesForce company) cloud application platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX). You can read more about Heroku’s security policy here: https://www.heroku.com/policy/security
Our database is continuously versioned for recovery purposes using scheduled postgresql backups
Encryption and Sessions
Our web application (https://app.coachvantage.com) is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.
Sessions are authenticated with a 23-character security token.
All network traffic is encrypted both inside and outside our network.
Users are automatically logged out of each session after a prolonged period of inactivity and re-login is required to access the application.
3. ADDITIONAL SECURITY MEASURES
We do not store your Credit Card details. We outsource the processing of your payments to Stripe, a specialist secure PCI DSS compliant company. You can view Stripe's credentials here:
Segregation of Duties
CoachVantage staff do not have access to your data.
The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account.
In such circumstances, we will only access your data with your express permission.
Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.