Engineered for procurement.
Coaches handle uniquely sensitive data — biometrics, progress imagery, medical history, billing. peak/performance is built so studios, gyms, and corporate wellness providers pass procurement-stage due diligence without remediation.
Row-level security
Coaches only see clients explicitly assigned to them. Enforced at the database, not in application code.
MFA + account lockouts
Multi-factor authentication available account-wide. 5 failed attempts → temporary lockout. 10 in 24h → permanent.
Brute-force detection
Real-time monitoring on auth and admin endpoints, with IP-level rate limiting on all public APIs.
Encrypted file storage
Private buckets for sensitive media — progress photos, form-check videos, lab results — encrypted at rest.
GDPR-ready
TOS acceptance tracking, DPA signature records, and data export logs built into the platform from day one.
Live status & monitoring
Public status page, circuit breakers, request tracing, and proactive performance monitoring.
Need a DPA, security questionnaire, or SOC2 letter?
Procurement-grade documentation — Data Processing Agreement, completed security questionnaires, sub-processor list, and pen-test summaries — is available on request for qualified corporate and enterprise customers.
Request documentation →