JourneyLoop JourneyLoop

Data Access

Who can see your data and under what circumstances

Only you and your client can access their session data. No one else can see your coaching conversations—not other coaches, not JourneyLoop staff, and not anyone outside your coaching relationship.

Coach and Client Access

Coach Access

Coaches can access and manage all data for their own clients:

  • View all sessions with their clients
  • Review transcripts, insights, and action items
  • Edit session notes and metadata
  • Delete specific sessions or entire client accounts

Coaches cannot see data from other coaches' clients—each coach has their own isolated workspace.

Client Access

Clients can access their own session data through the client portal:

  • View their own session summaries and insights
  • Track their own progress and goals
  • Export their own data
  • Request data deletion through their coach

Clients never see data from other clients or the coach's private notes.

No Data Sharing Between Coaches

Think of each coach as having their own separate, locked room. Here's what this means in practice:

No Cross-Coach Visibility

Other coaches cannot see your client list, sessions, or any coaching content.

No Aggregate Learning

AI insights are never pooled or shared across coaches—each coach's data stays isolated.

No Directory Listings

We don't publish coach directories or reveal who uses JourneyLoop.

No Competitive Intelligence

We don't analyze or compare coaching methods across accounts.

JourneyLoop Administrator Access

JourneyLoop administrators have very limited access to your data, following industry best practices:

No Routine Content Access

Admins cannot read your session content without explicit permission. Database access is restricted to infrastructure monitoring and technical support.

System Maintenance Only

Limited to infrastructure monitoring, performance optimization, and resolving technical issues.

Support Access

When you contact support, we may access your account data to diagnose and resolve your issue. You'll always know when support accesses your account.

Legal Compliance

Access only when required by law or with your written consent. We will notify you unless legally prohibited from doing so.

All Access Logged

Any administrative access is automatically tracked and auditable. We maintain detailed logs of who accessed what data and when.

Third-Party Vendor Access

We use carefully vetted third-party vendors to operate our platform. Here's how we control their access:

Limited Access by Design

Vendors only receive the minimum data necessary to provide their service. For example:

  • Heroku/AWS: Host our infrastructure but cannot read encrypted data
  • Supabase: Hosts database on AWS infrastructure with encryption at rest
  • OpenAI: Processes transcripts for insights but doesn't store them
  • Stripe: Handles payments but never receives session data

Contractual Protections

All vendors sign Data Processing Agreements (DPAs) that legally require them to protect your data and use it only for the specified purpose.

Regular Audits

We regularly review our vendor relationships and their security practices. See our Vendor Compliance section for details.

Back to Privacy Overview Next: Coach IP Protection