Security and privacy are not features. They're the foundation.
CoachLeap is built from the ground up around confidentiality, anonymity, and data protection. We're SOC 2 Type II and ISO 27001 certified, COPPA and FERPA compliant, and we never collect student personally identifiable information.
Certifications & Compliance
SOC 2 Type II
Our security controls are independently audited annually against the AICPA Trust Services Criteria. SOC 2 Type II certification verifies that our controls are not only designed correctly, but operating effectively over time.
ISO 27001
We maintain an ISO 27001 certified Information Security Management System (ISMS). This international standard ensures our security practices are comprehensive, systematic, and continuously improved.
COPPA Compliant
CoachLeap does not collect personal information from students under 13, or any students at all. Athletes interact with surveys anonymously via QR code. No accounts, no sign-ups, no personal data collected. COPPA compliant by design.
FERPA Compliant
We do not collect or store student personally identifiable information (PII). Survey responses are completely anonymous: no student names, emails, or identifiers are captured. This makes CoachLeap FERPA compliant by architecture, not just by policy.
Infrastructure Security
US data centers
All CoachLeap data is hosted in secure, SOC 2 certified data centers located in the United States.
End-to-end encryption
Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Even our own engineers cannot access your evaluation data without authorization.
Role-based access control
Access is strictly role-based. Athletic Directors control who can see what. Concern data is restricted to authorized administrators only.
Annual security audits
Our infrastructure and practices are independently audited annually as part of our SOC 2 Type II and ISO 27001 certifications. We don't just claim security. We prove it.
Anonymity & Confidentiality
The entire platform is structured around protecting the people who give feedback and the coaches who receive it. Anonymity isn't a setting. It's the architecture.
Anonymous survey responses
Athletes, parents, and other raters complete surveys anonymously. Coaches never see who said what. This is fundamental to getting honest, useful feedback.
No student PII collected
Students scan a QR code at practice and complete a survey. No name, no email, no login, no app download. We structurally cannot identify individual students because we never collect their information.
AI Comment Review
Before coaches see any written feedback, AI screens every comment for personal attacks, identifying information, profanity, and hostile language. If a student accidentally includes their name or another identifying detail, it's flagged before the coach ever sees it.
Confidential concern reporting
The concerns system accepts anonymous submissions via a public QR code or link. Reporters can share issues without revealing their identity, encouraging more complete and honest reporting.
Frequently Asked Questions
No. CoachLeap does not collect student names, emails, grades, or any personally identifiable information. Athletes interact with surveys anonymously via QR code. No account, no login, no personal data. We are COPPA and FERPA compliant by design because we structurally cannot identify individual students.
All data is stored in SOC 2 certified data centers located in the United States. Data is encrypted in transit using TLS 1.3 and at rest using AES-256.
No. Survey responses are completely anonymous. Coaches see aggregated scores and reviewed comments, but never the identity of any individual rater. This anonymity is by design and cannot be overridden.
AI Comment Review automatically flags comments that contain identifying information, including names, jersey numbers, grade levels, or other details that could reveal the rater's identity. The Athletic Director reviews and redacts flagged content before the coach sees it.
If you cancel your subscription, your data is available for export for 30 days, then permanently deleted from our systems. You can also request deletion of specific data at any time by contacting us.
Yes. We provide our SOC 2 Type II report to customers and prospective customers under NDA. Contact us at hello@coachleap.app to request a copy.
Questions about security or compliance?
We're happy to walk through our security architecture, share our SOC 2 report under NDA, or answer any compliance questions.