Strata holds health and performance information for kids. We treat it that way — secure by default, visible only to the right people, and never anyone's to sell.
Every connection is HTTPS/TLS, and your data is stored with AES-256 encryption at rest on enterprise cloud infrastructure (Supabase on AWS). Nothing travels or sits in the clear.
Staff who can see protected health information are required to use two-factor sign-in (a code from their phone). Athletes and parents can turn it on too. You stay signed in on your own device, so it never becomes a daily hassle.
Everyone sees only what their job needs. Coaches see who's available to play; clinical details stay in the athletic trainer's protected record. The medical vault is restricted to medical staff.
Every organization's data is isolated at the database level (row-level security). One school can never see another's athletes — and demos never touch real customer data.
We don't sell data or use it to train outside products. You can export your information, and we'll delete it on request when you leave.
No open signup: schools pre-authorize each student's school email, so identity comes from the school's own records. AI features are clearly labeled as AI, never pose as a person, stay limited to sports performance and wellness topics, and never give weight-loss or supplement advice to students. Anything concerning routes to the school's Athletic Trainer, a licensed professional. Consistent with COPPA's school-authorization framework; usage is logged and auditable by the school.
School athletic programs generally fall under FERPA, which Strata is aligned to. For clinics and health centers that are HIPAA-covered entities, a Business Associate Agreement (BAA) is available through our infrastructure provider.
This page is a plain-English summary of how Strata protects information, not a legal contract. Specific compliance terms (FERPA data agreements, HIPAA BAAs) are handled per customer — just ask and we'll walk through it.
