Security

Payments

Card payments are processed by Stripe, a PCI-DSS–certified payment processor. Your card details are entered into Stripe’s own secure form and are never transmitted to or stored on RinkHQ servers.

Other payment methods — bank transfer, cash, and PayPal — are recorded in RinkHQ as a payment reference and status so the coach has a clear record. For those methods, the money moves between parent and coach directly; RinkHQ is the record-keeper, not the intermediary.

Because RinkHQ never holds funds, there is no RinkHQ wallet to compromise. A card-details breach at a payment gateway is Stripe’s scope, not ours — and Stripe is one of the most audited payment processors in the world.

Account security

Two-factor authentication (TOTP) is available for both coaches and parents. Once enabled, a time-based one-time code from an authenticator app is required at every login — so a stolen password alone is not enough to access your account.

Passwords are hashed using a strong, salted algorithm; we do not store them in plain text and we cannot retrieve them if lost. Account sessions are tied to short-lived, rotating tokens.

We recommend enabling two-factor authentication, particularly for coach accounts, which have access to family and medical data across their entire roster.

Data isolation

Every coach on RinkHQ operates their own rink — a closed group that only admitted parents can see. Access controls are enforced at the database row using Postgres row-level security (RLS), not just in application code. This means:

• A coach can only query data belonging to their own rink. Another coach’s roster, bookings, and financials are invisible — the database itself enforces this, regardless of the application layer.
• A parent can only see their own bookings, their own skater records, and the public-facing information the coach has chosen to publish.
• Medical notes and emergency contacts are restricted to the coach who has an active booking with that family.

Row-level security is not a UI convention — it is enforced at the database, independent of UI code. A small number of server-side operations (payment webhooks, admin tooling) run with elevated service-role access that sits outside RLS by design; each of those paths carries its own authorization checks.

Audit & records

When a platform administrator takes a sensitive action — granting or revoking admin access, banning or reinstating an account, verifying a coach, or moderating a review — it is recorded in an audit log with a timestamp and the administrator’s identity.

That gives us an accountable record of privileged actions and the ability to investigate a reported issue without relying on memory. Your own coaching records carry their own trail too: every booking has a unique payment reference, and the credit ledger is append-only, so balances are never silently rewritten.

Notifications

RinkHQ sends transactional email for booking confirmations, payment reminders, cancellations, waitlist alerts, and review requests. These emails are sent via a dedicated transactional email provider and contain only information relevant to the action that triggered them.

We do not send marketing email. We do not share email addresses with third parties. If you receive an email claiming to be from RinkHQ that asks for your password or payment details, treat it as a phishing attempt and contact us immediately.

Reporting a security concern

If you believe you’ve found a security vulnerability, or if something about your account looks wrong, please contact us directly:

We will acknowledge every report and investigate it. We can’t commit to a fixed response time, but we take security reports seriously and will not ignore them. If you’d prefer to use general enquiries, you can also reach us via the contact page.