Trust & Security
Last updated: June 2026. Rushes LTD (t/a Rush Mind Coaching) aligns technical controls with UK GDPR and SOC 2-style trust principles (security, confidentiality, privacy).
Encryption in transit
All public pages and apps are served over HTTPS (TLS). Session cookies use Secure, HttpOnly, and SameSite attributes. Email is sent via TLS where supported.
Encryption at rest
- Client portal — passwords hashed with bcrypt; sensitive audit logs encrypted; coaching intake stored with AES-256-GCM when submitted via the portal.
- Reconnect — couple messages use client-side vault encryption; server fields use AES-256-GCM at-rest keys per instance.
- RushMind Hub — Laravel-standard password hashing and secure sessions.
- Backups — portal backups should be stored encrypted; keys are never committed to source control.
Access control
Coaching clients sign in once at the client portal. RushMind Hub and Reconnect open via short-lived signed links (60 seconds, single use) without sharing passwords across apps. Reconnect couple spaces use random, unguessable URLs and dedicated databases.
Consent & special-category data
Discovery calls and onboarding collect explicit consent before wellbeing or health-related information is processed. See our Privacy Policy and Privacy & Engagement pages.
Your rights
You may request access, correction, or erasure of your data via the Get Started form. Coaching clients can export data from the portal profile area.
Report a concern
Security or privacy concerns: contact us via Get Started (mark “Security” in your message). We aim to respond within 5 working days. If a breach poses risk to individuals, we follow UK GDPR notification timelines (including ICO where required).