Security

The full security posture — encryption, infrastructure, sub-processors, backup retention — is documented on the marketing site at coachingportal.io/trust .

This page focuses on security as it affects daily use of the app.

Sign in with email and password, or with a supported OAuth provider. Credentials are not stored directly by CoachingPortal.

In Settings → Notifications, you can enable biometric authentication (Face ID, Touch ID, or fingerprint) for app unlock.

Workspace privacy

Your workspace is private. Other coaches outside your workspace cannot see your clients, plans, check-ins, messages, or analytics. Inside your workspace, your team members see what’s been explicitly shared with them; clients see only their own data and the parts of the workspace you’ve opted to share with them.

Subdomain

Your workspace has its own unique subdomain (e.g. yourname.coachingportal.io). Some subdomains are reserved for the platform and can’t be claimed.

Workspace deletion

When a workspace is deleted, its clients, plans, check-ins, photos, and other content are removed. Deletion is irreversible.

Account deletion

Both coaches and clients can self-delete their accounts directly from in-app settings — no support ticket required. Once deletion is confirmed, the account and its data are removed from active systems immediately. Backup retention follows the standard 30-day window described on the Trust page .

What CoachingPortal staff can see

Engineering and support staff have access to operational logs (errors, performance metrics) but not to client check-in content, photos, or messages. For specific support requests where access is required, you’ll be asked for explicit consent before any escalated lookup.

Reporting a security issue

If you believe you’ve found a security issue, email admin@coachingportal.io rather than filing a public issue or community post. We take responsible disclosure seriously.