JourneyLoop JourneyLoop

Security Practices

How we protect your coaching data and client information

At JourneyLoop, we believe that independent coaches deserve enterprise-grade security without enterprise complexity. Your coaching data—session notes, client insights, and progress tracking—represents some of the most sensitive professional information you handle. We've designed our security practices around the principle that you own your data, and we're responsible for protecting it. Every technical decision is made with this commitment in mind.

Security Topics

Data Storage & Encryption

Bank-level encryption (AES-256), secure database infrastructure, encrypted field storage, and disaster recovery backups

Access Controls & Authentication

Role-based access control (RBAC), complete coach data isolation, session timeout mechanisms, and comprehensive admin access logging

AI Processing Security

How AI analyzes your session data, our zero-training policy, AI vendor security practices (Anthropic Claude, OpenAI), and opt-out controls

Core Security Measures

Encryption Everywhere

All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Sensitive fields get additional encryption layer.

Complete Data Isolation

Each coach's data is completely isolated. You can only access your own clients and sessions—never another coach's data.

Secure Infrastructure

Production hosting on Heroku with SOC 2 Type II compliance. Supabase PostgreSQL database with SOC 2 certification and daily automated backups.

Audit Logging

All administrative actions are logged and monitored. We track who accessed what data and when.

No AI Training Policy

Your coaching content is never used to train AI models. Each coach's data remains completely isolated from others.

Session Management

Automatic session timeout after inactivity to prevent unauthorized access to coaching data.

HIPAA Compliance Journey

While we don't currently handle Protected Health Information (PHI), we're proactively building our HIPAA compliance framework. Many of these security practices align with HIPAA technical safeguards.

Security Philosophy: Security isn't just about technology—it's about trust. We're transparent about what we do, how we do it, and where we're still improving.

View HIPAA Considerations