Privacy & Data Security Your Data Is Protected by Design CoachMIM is built with a security-first architecture. Your personal wellness data is encrypted and protected at multiple levels within the system. We do not treat security as a feature. It is a foundation. Application-Layer Encryption In addition to standard transport and server protections, CoachMIM uses application-layer encryption for sensitive user data. This includes: AES-256-GCM encryption A unique per-user Data Encryption Key (DEK) Secure key wrapping using a master encryption key What This Means Each user’s sensitive data is encrypted using their own dedicated encryption key. That key is then securely wrapped (encrypted again) using a protected master key. This layered key structure ensures: User data is logically isolated at the cryptographic level Compromise of one user’s data does not expose others Database access alone does not expose readable information Encrypted values cannot be interpreted without proper key access Even if raw database records were accessed, the stored values would remain encrypted and unusable without the corresponding decryption keys. Encryption in Transit and at Rest CoachMIM protects your data: In transit using TLS encryption (HTTPS) At rest using encrypted storage At the application layer using per-user encryption This multi-layered model reduces single points of failure and increases resilience. Access Controls and Least Privilege Access to production systems is restricted using strict authentication controls and role-based permissions. Internal access follows a least privilege model, meaning systems and services only receive the minimum access required to perform their function. Data Usage Policy Your data is used solely to: Track your wellness metrics Generate insights and progress reports Improve personalization and feature performance CoachMIM does not sell personal data. We do not provide advertising-based data sharing. We do not monetize your behavioral patterns. Your information exists to serve you—not to be resold. Data Ownership and Control You retain control over your data. You may: Request account deletion Request removal of stored data Discontinue use at any time Upon account deletion, encrypted user data and associated keys are removed from active systems according to retention policies. Responsible Design CoachMIM is not a medical provider, and we avoid collecting unnecessary medical or diagnostic data. We collect only the information required to provide tracking and feedback functionality. Data minimization reduces risk. Continuous Security Improvement Security is an ongoing process, not a checkbox. We regularly evaluate our encryption methods, access controls, and system architecture to maintain modern security standards.
Need help? Contact: mim@agenetmim.com