The CoachAccountable Blog

Master CoachAccountable and become the best dang coach you can be. Also, news.

Confidentiality and Privacy

A common concern with using a web-based system like CoachAccountable is one of privacy: the information that is captured and stored over the course of a coaching relationship is of course of a highly personal and often sensitive nature.  To use a system like CoachAccountable, wherein that information is stored and managed with a third party, requires confidence that such private matters will stay private.

This is a worthy and well-founded concern, and the expectation of confidentially is most reasonable and in fact should be present.

To address that concern I’d like to first contrast CoachAccountable against web-based companies like Google and Facebook, whose business model is to give away the platform for free and monetize customer relationships by owning and selling the customer data.  CoachAccountable on the other hand is a platform which charges for use of the product itself, and does not traffic in the sale or sharing of data in any way whatsoever.

Here’s a question which nicely expresses another aspect of concern:

Are the client records confidential or can you or any other admins go in and read intended confidential client accounts?

As it says in Item 11 of the Terms of Awesome, it is technically IMPOSSIBLE for our team, as custodian of all data stored within CoachAccountable, to NOT technically be able to access client records.

(This is the case for EVERY web-based collaboration platform which allows two or more parties to access shared data.  If you as coach were the only person who needed to access your data, it could technically be stored encrypted by your password, which, in a well-designed system is made unknowable to system administrators1.  But if your account data were encrypted with a key that only you possessed, sharing that data with your clients–and vice-versa–would be impossible because their password would not be able to unlock it.  Any comparable web-based service which claims otherwise is lying2.)

So yes: I AM technically able to go in and read confidential client information.  The ability comes from the same power that allows me to help folks access their account when they can’t log in.  The good news is that authorized members of the CoachAccountable team are the only ones with that level of access, and we tread very respectfully with the well founded expectation of confidentiality that you and your clients have3.  The only reason we ever access account data is if needed to troubleshoot a support issue upon request.  When we do, it is as a plumber on a house call: go directly to the kitchen sink and get it fixed, paying no heed to unrelated surroundings and certainly not poking around in bedrooms or rifling through drawers.

There is even slightly cynical line of reasoning that might instill confidence around safekeeping privacy: as a small-team operation with literally thousands of clients being coached on the platform, we have neither the time nor curious inclination to rifle through anyone’s data.  To spend time at an activity which wantonly disrespects the privacy of our customers is an exceptionally poor use of time at cost of good will–I’m not having it.

Ultimately if you and your clients are comfortable using email as a medium of exchanging coaching information, you have every reason to be similarly comfortable using CoachAccountable.  In fact a system like CoachAccountable has a leg up, as email is rarely encrypted in transit and generally leaves more of a digital paper trail.

For more of the technical side of how CoachAccountable is secure, see the CoachAccountable security page.

Notes:
  1. CoachAccountable is well-designed in this regard–passwords are stored in a one-way encrypted hash which renders them fully unknowable.
  2. I say this NOT from knowing the full lay of the land out there, but from a strong grasp of cryptography and information theory.
  3. And all such access by our team is thoroughly logged and reviewed regularly–a powerful check on abuse of that access.


Comments are closed.