Security policy
Security policy
Security policy
Effective Date: 2025-05-01
Website: https://coachsensai.com
1. Overview
Coach Sensai is committed to maintaining the confidentiality, integrity, and availability of customer data. Our architecture, processes, and operations are designed to protect organizational information while delivering actionable insights through metadata.
2. Data Handling & Privacy
No Intellectual Property Storage
Coach Sensai does not access, store, or transmit source code, product content, customer data, or any proprietary intellectual property.Metadata-Only Architecture
We operate strictly on metadata—such as ticket age, meeting duration, participation patterns, and workflow statistics—collected from integrated systems (e.g., Jira, Zoom, Salesforce, Slack).Data Minimization
Only essential metadata required for delivery analysis and coaching is collected. Personal information is not stored or used for profiling.Ephemeral Processing
All insights are computed in real-time or near-real-time. Temporary processing occurs in-memory and is discarded after use.
3. System Access & Integration
OAuth and API Tokens
We use industry-standard OAuth2 and encrypted API tokens to connect with third-party systems. Credentials are stored securely using environment-specific vaults.Least Privilege Principle
Permissions requested are restricted to read-only metadata scopes unless explicitly configured otherwise.Data Segregation
All customer data is logically segregated. Each organization’s metadata is scoped and isolated to prevent cross-organization access.
4. Security Practices
Encryption
Data in transit: TLS 1.2+
Secrets & tokens: Encrypted at rest using AES-256
Logs: Sanitized and stored securely
Authentication & Access Control
Admin and service accounts require MFA
Role-based access controls are enforced
Access logs are regularly audited
Vulnerability Management
Regular automated scans
Quarterly manual penetration testing
Patching within 72 hours of critical disclosures
5. Compliance & Governance
Data Residency
All data processing and storage occur in compliance with customer-defined regional requirements (e.g., US, EU).Auditability
Sensai maintains audit logs for all system access and processing operations.Third-Party Security
Vendors used for infrastructure (e.g., cloud hosting) comply with SOC 2, ISO 27001, and GDPR standards.
6. Incident Response
24/7 Monitoring
Security events are monitored continuously. Alerts are triaged and escalated as per SLA tiers.Response Timeline
Acknowledge within 1 hour
Triage within 4 hours
Resolve within 24 hours (critical issues)
Customer Notification
Customers will be notified of any confirmed breach within 48 hours.
7. Contact & Reporting
For security concerns, disclosures, or questions, please contact:
security@coachsensai.com
Effective Date: 2025-05-01
Website: https://coachsensai.com
1. Overview
Coach Sensai is committed to maintaining the confidentiality, integrity, and availability of customer data. Our architecture, processes, and operations are designed to protect organizational information while delivering actionable insights through metadata.
2. Data Handling & Privacy
No Intellectual Property Storage
Coach Sensai does not access, store, or transmit source code, product content, customer data, or any proprietary intellectual property.Metadata-Only Architecture
We operate strictly on metadata—such as ticket age, meeting duration, participation patterns, and workflow statistics—collected from integrated systems (e.g., Jira, Zoom, Salesforce, Slack).Data Minimization
Only essential metadata required for delivery analysis and coaching is collected. Personal information is not stored or used for profiling.Ephemeral Processing
All insights are computed in real-time or near-real-time. Temporary processing occurs in-memory and is discarded after use.
3. System Access & Integration
OAuth and API Tokens
We use industry-standard OAuth2 and encrypted API tokens to connect with third-party systems. Credentials are stored securely using environment-specific vaults.Least Privilege Principle
Permissions requested are restricted to read-only metadata scopes unless explicitly configured otherwise.Data Segregation
All customer data is logically segregated. Each organization’s metadata is scoped and isolated to prevent cross-organization access.
4. Security Practices
Encryption
Data in transit: TLS 1.2+
Secrets & tokens: Encrypted at rest using AES-256
Logs: Sanitized and stored securely
Authentication & Access Control
Admin and service accounts require MFA
Role-based access controls are enforced
Access logs are regularly audited
Vulnerability Management
Regular automated scans
Quarterly manual penetration testing
Patching within 72 hours of critical disclosures
5. Compliance & Governance
Data Residency
All data processing and storage occur in compliance with customer-defined regional requirements (e.g., US, EU).Auditability
Sensai maintains audit logs for all system access and processing operations.Third-Party Security
Vendors used for infrastructure (e.g., cloud hosting) comply with SOC 2, ISO 27001, and GDPR standards.
6. Incident Response
24/7 Monitoring
Security events are monitored continuously. Alerts are triaged and escalated as per SLA tiers.Response Timeline
Acknowledge within 1 hour
Triage within 4 hours
Resolve within 24 hours (critical issues)
Customer Notification
Customers will be notified of any confirmed breach within 48 hours.
7. Contact & Reporting
For security concerns, disclosures, or questions, please contact:
security@coachsensai.com