Mobile Coach, LLC is committed to the security of our users’ data. Our security-first approach is fundamental to our business. Our company is committed to providing and maintaining the level of Quality and Information Security that meets all of our stakeholders’ needs.
- create an environment that is safe and empowering;
- ensure transparency while completing our business activities;
- commit to the availability, integrity, and confidentiality of our information assets and ensure our legal and contractual compliance;
- regularly review risks to our organizations information security, and incorporate security controls to mitigate risks that are deemed unacceptable;
We implement security procedures at all the levels described in this document.
Training and Awareness
Yearly Information security and data privacy training is mandatory for all employees and contractors. This training includes information about policies and procedures, and provides a reminder on the process to report security incidents.
All newly hired employees have to participate in a mandatory information security training as part of their onboarding. Mobile Coach employees are required to comply with the information security policies that are regularly reviewed. The awareness is checked through regular internal audits.
Mobile Coach LLC complies with the General Data Protection Regulation (GDPR) and adheres to the set of data protection principles in the ISO 27001:2018 standard.
We have in place contractual clauses with subsidiaries and providers that perform data processing outside Europe. Learn more in our statement of data privacy.
Code of Conduct and Confidentiality Agreements
Mobile Coach employees and contractors are required to sign a code of conduct and a confidentiality clause as part of their employment contract prior to access to our platform. The clause prohibits any disclosures of confidential information concerning the business of Mobile Coach and its customers. The obligations and duties remain in force after termination.
Data Center and Network Security
- Customers upload data for storage and processing within applications that are hosted on our cloud platforms.
- We ensure the confidentiality and integrity of customer data with industry best practices.
- Mobile Coach’s services are hosted at ISO/IEC 27001, ISO/IEC 27018, SOC 1 and SOC 2 certified Amazon AWS data centers located within the United States.
- Amazon’s AWS data centers are certified to comply with internationally-recognized standards and certifications. Amazon takes a layered approach to physical security. Data centers managed by Amazon have extensive security protocols.
- Customers can also elect to have Mobile Coach install and support a dedicated instance of the Mobile Coach Platform to bypass the default multi-tenant architecture as well as choose for this instance to be installed in the country or facility of their choice.
Segregation of Production & Non-Production Environments
- Production & Non-Production environments are segregated at all levels: Mobile Coach utilizes different tenants and domains for production & non-production environments.
- Uptime over 99%
- Mobile Coach actively monitors all critical systems within the production environment. Both the availability and the performance of our applications are monitored.
- Mobile Coach aims to provide services with higher than a 99% availability.
Continuous Data Backup
Mobile Coach is running scheduled backups, to ensure that customer data is both backed up and available on geographically dispersed locations, physically separated from the primary Mobile Coach storage, aiming to ensure recovery.
Privileged Access Control
Access to production infrastructure is granted to a limited number of senior personnel. Mobile Coach uses RBAC and follows the principles of need-to-know and least-privilege in enforcing its access matrix. All access to infrastructure resources is logged and is subject to periodic audits.
We take steps to develop and test against security threats to ensure the information security of our customer data.
Software Development Lifecycle
Mobile Coach’s Software Development Life Cycle (SDLC) includes several stages to ensure that changes are documented, implemented on a source controlled version of the code, reviewed and tested against the acceptance criteria. Releases to each environment must happen through a controlled process.
Audits & Penetration Testing
In addition to our internal scanning and testing, we periodically undergo third-party black box penetration tests on all our services (infrastructure & application).
Authentication and Access Control
Each user with access to the Mobile Coach Platform has a unique account with a verified email address, and protected with a password, which are validated against strong password policies and stored securely using a strong hashing algorithm for every password.
Encryption in Transit
Communications with Mobile Coach services are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS 1.2 at least) over public networks. We use public trusted digital certificates, signed by an authorized Certificate Authority.
Encryption at Rest
All customers of Mobile Coach benefit from the protections of encryption at rest for the storage layer.
Each customer’s data are stored in a segregated container.
Customer data shared with Mobile Coach for the purposes of engaging users via a chatbot are never shared.