Security.
Last updated: 2026-05-19
Coaches handle some of the most sensitive content their clients ever share. Protecting it is the foundation of everything we build.
Encryption
- · TLS 1.3 for all data in transit.
- · AES-256 at rest for databases, object storage, and backups.
- · Per-tenant row-level security in Postgres.
Access controls
- · SSO via Clerk (Google, Microsoft, email + OTP).
- · Least-privilege internal access. All production access logged.
- · Hardware-key 2FA required for all employees.
AI and data handling
Session transcripts and client notes are processed by our LLM providers under zero-retention contracts. No client data is used to train any model — ours or theirs.
Infrastructure
- · EU/UAE-region hosting available on request.
- · Daily encrypted backups, 30-day retention.
- · Quarterly disaster-recovery drills.
Compliance
- · GDPR-aligned data processing. DPA available.
- · SOC 2 Type II audit in progress.
- · Vulnerability disclosure: security@coppleos.com
Found a vulnerability? Email security@coppleos.com. We respond within 24 hours.