We are ISO 27001 and data protection certified. As the global market leader in digital coaching, we take our responsibility to protect your data very seriously and use only the highest industry standards to guarantee data protection and ensure privacy and confidentiality.

At CoachHub, we care about security as a matter of corporate culture: we also use technical and organizational measures at online banking level, PCI DSS Level 1, ISO 9001, and ISO 27001 certified data centers. We use multi-factor authentication, password managers, and other best security practices, because without security, there is no privacy, nor confidentiality. For details, please refer to our materials below or contact us. Please be aware that for legal and security reasons, detailed documentation of CoachHub and its partners is only available under a non-disclosure agreement.

ISO 27001 Certified

At CoachHub, we operate across 70 countries within 6 continents. In order to be a reliable partner and to guarantee you the highest level of data security, we have had our in-house information security management system (ISMS) audited and are now successfully ISO 27001 certified. The standard protects your most valuable information and as a DIN standard, ISO 27001 officially confirms the continuous improvement of data security by reducing information security gaps to a minimum. Much of the ISO 27001 requirements also fulfil those of GDPR and Data Protection Act compliance and provide a much greater information assurance overall.

GDPR As Our Joint Opportunity

Taking privacy and data protection laws to the next level, since May 2018 the General Data Protection Regulation (GDPR) revolutionizes and unifies European Union (EU) and European Economic Area (EEA) data protection laws. Integrity and trust is at the heart of CoachHub, which is why GDPR is very important to us. By complying, we seek to improve the protection of our European partners’ rights and provide a transparent overview of how we safeguard their data. Further, as the forerunner and gold standard in data protection, the GDPR inspires data protection laws across the globe, such as the California Consumer Privacy Act.

What’s Different Under The GDPR?

Important changes due to the GDPR include more rights for EU individuals, extensive data breach notification duties, strict security requirements, cross-border data protection, extensive accountability and easier enforcement. The GDPR allows for a fine of up to 4% of the global corporate group turnover. Consistent application matters: The European Court of Justice and the entire chapter 7 ensure the GDPR is applied cooperatively and consistently across the EEA. The GDPR supports the common data market, allowing for easier flow of personal data within the EEA and with third countries with comparable data protection standards. Measures such as Binding Corporate Rules, Adequacy Decisions, and data protection model clauses secure processing of personal data in third countries with lower data protection standards.We are and remain up to date with the latest European court decisions (such as Schrems II) and other European Data Protection Board (EDPB) guidelines. Please refer to our banking industry standard data processing addendum for details.

CCPA Compliant

We are a strong supporter of protecting consumers and their data. And as our operations have expanded internationally, so do our security measures. As such, we work to honor the legal requirements for all regional laws, which includes the California Consumer Privacy Act (CCPA). As of June, 2018, California passed AB 375, a consumer privacy act to better enhance the privacy rights and consumer protection for residents of California.

Certified Data Protection and Security

Data protection and data security are more important than ever and a top priority at CoachHub. To prove we really mean it, at CoachHub we offer our customers a platform with certified data protection including state of the art security. An independent on site audit by a renowned certification authority approved CoachHub’s data protection based on:
– compliance with legal requirements for data protection (such as the GDPR &
CCPA) as well as – principles of state of the art IT-security measures in accordance with important aspects of international standards on information security management systems (ISMS) such as ISO 27001.

Built for Global Enterprises

We design our software and related compliance and data protection measures so you can enjoy our digital coaching experience and leave the rest to us. As your number one digital coaching platform, CoachHub provides highly confidential digital coaching that effortlessly scales across global corporate groups. You can opt to receive GDPR, CCPA and other compliancies, fully anonymous statistics on coaching success. You transparently control your data. We take consent seriously: you’re free to share what you want. We moreover do not stop at GDPR compliance: we aim to go further and implement important privacy and confidentiality features even if they’re not legally required. We are happy to comply with the GDPR, CCPA and others, even where it doesn’t apply to you. Further, we gladly assist our clients in complying with applicable foreign and international law.

CoachHub Compliance

Presentations and more
Presentations and more

Please contact us for details on CoachHub’s Corporate Compliance and TOMs.

Frequently Asked

Do you process personal data?

Yes, we do.

Can we use your platform completely without personal data?


Do you have a data protection officer?

Yes, we do:

DataCo GmbH
Dachauer Str. 65
80335 München

Is the CoachHub digital coaching platform GDPR-compliant?

Yes, CoachHub meets the requirements of the GDPR: We’re data protection compliant as an organization and as a platform according to DSGVO. We have been and continue to be regularly audited by DataGuard. We’ve may use the DataGuard Seal.

Is personal data transmitted in encrypted form?

Yes, we use state-of-the-art SSL encryption in combination with an Extended Validation SSL Certificate.

Is a profile picture mandatory?

No. The specification of a profile picture is not mandatory. We would like to point out that, even if it was, non-personal pictures would be possible.

Do you support Single Sign-On (“SSO”)? Do you support Active Directory?

The CoachHub platform supports SSO with all common security standards. In particular, we  support Microsoft (Azure) Active Directory, Okta and other providers.

The Data Processing Agreement refers to the service agreement. Where is the service agreement?

The service agreement is the combination of our offer and our Platform conditions:

We found several establishments mentioned. Which establishment processes personal data?

Only the main establishment in Berlin processes personal data for the platform and web site. Other establishments may process personal data for sales purposes.

Which service providers / contract processors do you use for the processing of personal data? Where do you process these data?

A list of contractors with further information on processing can be found in our data protection declaration:
Insofar as the data is processed in GDPR third countries, we ensure the level of data protection through various measures in accordance with chapter V GDPR.

Are your data centers safe?

Yes. We use cloud service providers such as Amazon AWS, which are safe, ISO-certified and regularly audited.

Who is controller and processor for which processing?

Our view on acting as controller in light of recent case law: Generally, as the customer, you act as controller and we act as processor. You also act as controller and we act as processor for the anonymization for your purposes, for example for anonymous statistics about CoachHub in your company we create on your behalf. Once anonymization is complete, data is no longer personal and the GDPR no longer applies to it.

Are international data transfers GDPR compliant?

Data processing operations in third countries, as far as they occur, are GDPR-compliant. We have generally selected EU located/GDPR-compliant servers. We have concluded a DPA. In the event that an international data transfer is not covered e. g. by Privacy Shield, the DPA provides for a subsidiary relapse to binding corporate rules and standard contractual clauses pursuant to Art. 46 GDPR. We constantly monitor current case law and adapt our processing procedures accordingly.