Your clients trust you. We help you keep it.
You hold real, sensitive data — names, contact details and payments. Rosta is built to protect it from the database up, and deliberately gives you nowhere to store health or medical information in the first place.
UK/EU hosting
Your workspace is stored on infrastructure built by Supabase, with data isolation between every coach's account.
Encrypted, everywhere
TLS/HTTPS protects every connection, data is encrypted at rest with automated backups, and secrets never ship to the browser.
Row-level security
Access rules are enforced in the database itself — not just the app — so you only ever see your own clients and sessions.
Card data never touches us
Payments run through Stripe's hosted checkout, so card numbers go straight to Stripe and never pass through Rosta's systems.
Hosted authentication
Sign-in, password hashing and resets are handled by Supabase Auth — battle-tested infrastructure, not home-rolled login code.
Your data, exportable
Export your sessions and finances as CSV whenever you want — your data isn't locked in.
A clean historical record
Every session and payment is timestamped and kept in your history — nothing silently disappears or gets rewritten.
Tested & reviewed
Automated tests and a documented security review protect every release before it reaches your workspace.
No health data, by design
Rosta has no notes field for medical or health information about you or your clients — the safest data is data we never give you a place to store.
A clear data relationship
Under UK & EU GDPR, you are the data controller for your clients' data and Rosta is your data processor. We only ever process it on your instructions.
Want the detail?
Happy to share our DPA and walk through our security posture before you commit — just email rosta@trndsttr.co.uk.