Security & Trust
Last updated: March 2, 2026
CoachCheck is built for ongoing coach-client workflows where reliability and privacy matter every week. This page outlines the current baseline controls and communication channels.
Access controls
- Role-based access boundaries for coach and client workspaces.
- Password login and magic-link authentication support.
- Authentication throttling to reduce brute-force abuse.
Data handling
- Coach and client data is stored only to provide core service workflows.
- Payment data is processed by Stripe; card data is not stored directly in CoachCheck.
- Transactional email delivery is handled through Resend.
Operational controls
- Subscription and billing state is synchronized through Stripe webhooks.
- Protected app areas require authenticated sessions.
- Security issues can be reported directly to the founder inbox.
Subprocessors
Stripe: billing and subscription processing.
Resend: transactional email delivery.
Report a vulnerability
If you discover a security issue, email Almikaze319@proton.me with reproduction steps and impact details.
We review credible reports and prioritize fixes based on impact and exploitability.