Early access·Applications open for the first cohort of coaches → Apply

Trust

How we protect your clients’ data.

The things your clients share with you should stay private, encrypted, and yours. Here, plainly, is how Grove keeps them safe.

Grove is built so the things your clients share with you stay private, encrypted, and yours. We use the same identity and infrastructure standards as established software companies, and we deliberately keep every coach’s data partitioned so one coach can never see another’s clients.

What we do
  • Sign-in is handled by Auth0.

    We use Auth0, an industry-standard identity provider, to manage logins. Grove never stores or even sees your clients’ passwords, and every protected request is checked.

  • Your practice is isolated from every other coach’s.

    Every piece of data is tied to your Practice and filtered at the database layer on every query. One coach can never read another coach’s clients, notes, or messages. This is enforced in code, not just by a setting.

  • Encrypted in transit.

    All traffic runs over HTTPS (TLS 1.2 or higher), and anything insecure is redirected to a secure connection. Nothing your clients send travels in the clear.

  • Encrypted at rest.

    The production database and uploaded files are encrypted at rest using managed keys. On its own, the raw storage cannot be read.

  • Hosted on AWS, database kept private.

    Grove runs on Amazon Web Services. The database lives on a private network and is not reachable from the public internet. Secrets and credentials live in a managed vault, never in our code.

  • Backed up every day.

    The database is backed up automatically with retention, so data can be recovered.

  • You stay in control.

    Clients can delete their account and data. Role-based access means coaches, clients, and admins each see only what they should.

What Grove is, and is not

Grove is a coaching platform, not a medical records system. It is a good home for the wellness context a client chooses to share with you, their goals, reflections, check-ins, and the notes that help you coach them well, all encrypted and private.

Grove is not intended for storing protected health information (PHI) or formal medical records. If your work involves clinical records such as diagnoses, lab results, or treatment notes, those belong in a system designed for that. A good rule of thumb: collect only the context you need to coach, and keep clinical records elsewhere. For the personal context your clients share in the normal course of coaching, the protections above apply.

Questions welcome

Security should be legible, not a black box. If you want more detail on any of this, or you have a specific concern about a client’s information, reach out and I will walk you through it.

hello@grove.coach · Privacy & terms

Beth Richardson, Founder, Grove Coach