Built for the teams you sell to.
Your calls are some of the most sensitive artifacts in your business — every name, number, objection, and unguarded moment is in there. Here's exactly how we protect them.
Four principles.
Security is not a feature list — it's a set of commitments you can check against behavior. These four are the ones we'd want to see from a vendor handling our own sales calls.
Your data is yours.
You own it, you control it, you can export or delete it in a click. We don't sell it, we don't train AI on it, we don't share it with anyone we haven't disclosed.
Encrypt everything.
AES-256 at rest across every database and backup. TLS 1.3 in transit across every hop. Secrets in a managed vault with per-environment rotation.
Least privilege.
Engineers don't have standing access to customer data. Production access is just-in-time, approved, logged, and time-boxed. MFA is required everywhere.
Tell the truth.
If something breaks, you'll hear about it from us within 72 hours of confirmed impact — not from a news article. No spin, no lawyer-talk.
Compliance & Certifications.
SOC 2 Type II
Currently in audit. Expected completion Q2 2025. Annual audits verify our security controls meet industry standards for confidentiality, availability, and security.
GDPR Ready
Full data portability, right to deletion, consent management, and data processing agreements available for EU customers.
PIPEDA Compliant
As a Canadian company, we comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) requirements for data collection, use, and disclosure.
CCPA / CPRA
We honor California Consumer Privacy Act rights including access, deletion, and opt-out requests.
Incident Response.
If a security incident occurs, here's what happens:
Detection
Automated monitoring alerts our security team of potential incidents.
Containment
Affected systems isolated. Initial assessment completed. Response plan activated.
Notification
Affected customers notified with details on impact, actions taken, and recommended steps.
Post-Mortem
Root cause analysis, remediation steps, and preventive measures shared with affected customers.
Responsible Disclosure.
Found a security vulnerability? We want to hear about it.
Report Vulnerabilities
Email security@oneclickcoaching.com with:
- — Description of the vulnerability
- — Steps to reproduce
- — Potential impact
Safe Harbor
We will not pursue legal action against researchers who:
- — Report in good faith
- — Don't access customer data
- — Give us time to fix before disclosure