The CoachAccountable Blog

Master CoachAccountable and become the best dang coach you can be. Also, news.

Archive for Security

Delightful Collaboration XI: Client Present Mode

It’s been a while since I’ve written up an entry in the Delightful Collaboration series.  Though it may look like it’s only the 11th time (judging by the roman numeral above), acting on the input of our community to make CA better happens roughly once a week!

This one comes from Michiel Bosman of Open Forest Evidence-Based Online Coaching.  He wrote:

I am probably asking for the impossible, but this is very important to me from a privacy/NDA standpoint: I do a lot of CA screen sharing with my clients.

I would love to have a Single Client Mode: I click a checkbox, system will not show anything related to any other client, until I click that checkbox again.

This immediately jumped out at me as interesting.  CoachAccountable has always had the power to serve as a de facto shared, virtual workspace between coach and client.  Coach sharing his or her screen with client (or vice-versa) is a powerful way to invite structured collaboration (e.g. during a session, when actions are being planned, insights are being captured, and so forth).

But I really appreciate the abundance of caution that this request entails.  Indeed, when it’s coach doing the screen sharing, well, there’s a LOT of other data that coach can bring up with a click or two (a convenience that is quite intentional!), yet much of it is data that’s NOT suitable for a given client to see.

So I get the desire for a sort of “single client mode”: that power to accidentally wander over into another part of the system not meant for a client’s eyes could make the prospect of sharing your screen nerve wracking.

We’re always keen to make CA more thoroughly accommodating to expectations of privacy and confidentiality, for they are expectations that such sensitive work truly merits.  To that end, I present to Michiel and the rest of the CA community what we call “Client Present Mode”.

» Continue reading “Delightful Collaboration XI: Client Present Mode”

CoachAccountable and the GDPR

If you’re a coach in the European Union, you’ve probably already heard of the GDPR.

If you’re not, you’ve probably seen numerous relics of the GDPR over the last few weeks, namely in the form of emails from websites you use announcing a change in their Privacy Policies.

What’s it all about?  It’s the EU’s very-soon-to-be-in-effect General Data Protection Regulation.

It’s a good bit of law, I think!  Oh sure, it’s caused it’s share of grousing and griping among businesses for how much work it’s entailed as everyone wades through legalese and policy in order to get compliant (myself included!).  But I view it as a step in the right direction for end users to have greater control over their data and privacy.

Basically, it demands of companies that they don’t do terrible things with individual’s data, and that all usage of such data must be documented and above board.  Companies must get explicit consent to use someone’s data for a given purpose, and that consent can’t be buried in a huge pile of indecipherable legalese.  End users must have some real control over their data, including the ability to delete it.

As individual, this sounds good to me.

As a company, CoachAccountable has never had any business trafficking in user data in unexpected or vaguely nefarious ways.  And our in-app “Delete” buttons really do delete data (much to the chagrin of the occasional coach who accidentally deleted an entire client record!).  So our compliance is largely a matter of paperwork: basically to document and agree to be legally bound to the very practices we’ve always adhered to.

What this means for CoachAccountable customers

First off, our privacy policy has been updated, much like the policies of everyone else.  I encourage you to check it out: like most privacy policies, it’s largely boring, BUT I’ve been happy to lay out clearly what data we collect and what exactly we use it for (and why).  Part of this updated policy is that CoachAccountable is registered and listed with Privacy Shield, which is basically a fancy way of saying “we actually mean everything we say in this policy, AND we’re in legal trouble if we don’t hold true to it”.

Yep, we attest that we really mean what we say in our privacy policy.

In other words, the privacy policy isn’t just flowery language. :)

Second, for our customers who work with anyone in the EU: by setting those clients up within your CoachAccountable account, the GDPR applies to you.  Part of that applying to you is that you need to verify that any partner involved in processing your data is ALSO above board when it comes to the GDPR regulations.

In this case, that’s CoachAccountable!  You need to verify that CA is handling your EU citizen personal data in accordance with the law, so that your handling of that data [by way of CoachAccountable] is in compliance with the law.

To allow you to do this, we’ve got a Data Processor Agreement (DPA) available for you to agree to.  The DPA essentially states that you (as controller of your client data) and CoachAccountable (as processor of that data) mutually agree to handle that data appropriately and in compliance with the GDPR; that we’ve each got our part to play for the lawful handling of data; and that we each take responsibility to do so.

If the GDPR applies to you (i.e. if you work with and/or collect personal data on any citizen of the EU), you’ll want to enter into the CoachAccountable Data Processor Agreement right away.  You’ll find the place to do so when logged in (provided you’re a coach and owner of the account) under My Account >> Data Processor Agreement.

Give it a read, and click the button–good to go!

And that’s about it: an updated privacy policy and a DPA for you to agree to if you need it.


Update for 2020: Given the sweeping nature of the GDPR, coupled with how easy it is to miss that in-app agreement to the DPA (the net result being it appears optional, when for many it really isn’t!), we’ve updated our Privacy Policy (and Terms of Service) to include the DPA itself.

These terms apply only to the extent that your work is within the scope of the GDPR (i.e. work with any clients in the European Economic Zone).  You can find the CoachAccountable Data Processor Addendum here.


What if I’m not in the European Union?

If you coach anyone in the EU (or ever will) this still applies to you.  But if you don’t, then this very well might not mean anything to you.  One caveat to that, though: the GDPR mandates certain rights for citizens in the EU, as laid out in the privacy policy.  I’m happy to say that when it comes to CoachAccountable, these rights apply to everyone worldwide, and not just EU citizens.


GDPR looks to be a great way to better balance the rights of individuals against the companies they do business with.  There’s some work for those of us who handle the data of those individuals in order to reach compliance, but it’s reasonable and worthwhile.  We’ve done our best to make it easy as possible for coaches to be compliant in their handling of data with CoachAccountable!