Coachogo Security Information

At Coachogo, operated by Solopreneur Systems (ABN 98683428882), we understand the critical importance of data security and privacy. We are committed to safeguarding your information and the data of your clients. Our platform is built on a robust and secure infrastructure, designed with industry best practices and adherence to key security standards in mind.

Our Foundational Infrastructure (Powered by Base44):

Coachogo leverages the Base44 platform, which provides a managed and secure environment for modern web applications. This allows us to focus on delivering valuable coaching tools while Base44 handles the underlying complexities of cloud infrastructure, database management, and authentication security.

Key Security Pillars of Coachogo:

Data Encryption (At Rest & In Transit):

Encryption at Rest: All data stored within Coachogo's databases (client information, session details, financial records, etc.) is encrypted at rest using industry-standard encryption protocols. This protects your data even in the unlikely event of unauthorized access to physical storage.

Encryption in Transit: All communication between your browser, our application, and integrated services is secured using Transport Layer Security (TLS/SSL) via HTTPS. This ensures that your data is encrypted and protected from eavesdropping and tampering as it travels across the internet.

Secure Database Management & Data Isolation:

Your valuable client data and business records are stored in highly secure, managed database systems. These databases benefit from continuous monitoring, automated backups, and disaster recovery protocols to ensure data availability and integrity.

Row-Level Security (RLS): A crucial security feature in place ensures that coaches can only access their own data and their own clients' data. Clients can only access their own information. This strict data isolation prevents unauthorized users from viewing or modifying data belonging to others.

Robust Authentication and Access Control:

Google SSO: Coachogo utilizes secure third-party single sign-on (SSO) through Google, meaning we do not directly store or manage your password. This leverages Google's advanced security measures to protect your login credentials.

Role-Based Access Control (RBAC): Access to different features and data within Coachogo is strictly governed by user roles (Coach, Client, Admin). Users are only granted permissions necessary for their specific role, minimizing potential exposure.

Secure Session Management: User sessions are managed securely to prevent unauthorised session hijacking and ensure that only authenticated users can access their accounts.

Application Hosting and Network Security:

Coachogo is deployed on secure, scalable cloud infrastructure provided by Base44, leveraging leading cloud providers. This infrastructure benefits from built-in network security measures, including firewalls, intrusion detection systems, and DDoS protection.

Regular Patching and Updates: The underlying infrastructure and application components are regularly patched and updated to protect against known vulnerabilities.

Secure File Storage:

Any files you upload, such as business logos or profile images, are stored in secure cloud storage environments with strict access controls. These files are linked securely to your account.

Responsible Third-Party Integrations:

We integrate with reputable third-party services for specific functionalities (e.g., Stripe for payments, Resend for email delivery, T.ly for URL shortening). All integrations are configured with security in mind, utilizing secure API keys and established protocols.

Secret Management: API keys and other sensitive credentials for integrations are securely stored as environment variables or in dedicated secret management systems, never directly in code.

Compliance and Best Practices:

While Coachogo, as an application, adheres to the Australian Privacy Principles (APPs), it also aligns with general industry best practices for data security:

Privacy by Design: Security and privacy considerations are integrated into the design and development of Coachogo's features.

Vulnerability Management: We strive to address security vulnerabilities promptly through continuous monitoring and proactive measures.

Incident Response: Protocols are in place to address and respond to any security incidents efficiently, minimizing potential impact.

Transparency: We are committed to transparency regarding our data handling practices, as outlined in our Privacy Policy.

Your Role in Security:

While we take extensive measures to secure your data, user vigilance is also crucial:

- Use strong, unique passwords for your Google account.

- Maintain the confidentiality of your account information.

- Report any suspicious activity or security concerns immediately.

Coachogo is dedicated to providing a secure and reliable platform, allowing you to focus on what you do best: coaching your clients effectively.