← Back

Security.

Last updated: 2026-05-19

Coaches handle some of the most sensitive content their clients ever share. Protecting it is the foundation of everything we build.

Encryption

• TLS 1.3 for all data in transit.
• AES-256 at rest for databases, object storage, and backups.
• Per-tenant row-level security in Postgres.

Access controls

• SSO via Clerk (Google, Microsoft, email + OTP).
• Least-privilege internal access. All production access logged.
• Hardware-key 2FA required for all employees.

AI and data handling

Session transcripts and client notes are processed by our LLM providers under zero-retention contracts. No client data is used to train any model — ours or theirs.

Infrastructure

• EU/UAE-region hosting available on request.
• Daily encrypted backups, 30-day retention.
• Quarterly disaster-recovery drills.

Compliance

• GDPR-aligned data processing. DPA available.
• SOC 2 Type II audit in progress.
• Vulnerability disclosure: security@coppleos.com