GDPR compliant, 2FA, full audit logs, magic-link authentication, and complete data isolation between every trainer account. Built to the standards your clients expect.
Every login, data change, and admin action is logged with a timestamp and user. Essential for GDPR accountability — and peace of mind when something looks off.
You shouldn't need a security team to keep client data safe. Lodestar handles it by default.
No passwords to forget or share. Trainers and clients log in via a secure one-time link sent to their email. Phishing-resistant by design.
Optional TOTP 2FA for trainer accounts using any authenticator app. Add a second layer of protection on top of magic-link in seconds.
Every login, data change, and system event is logged with timestamp, IP, and actor. Exportable for GDPR accountability and compliance reviews.
Each trainer account is fully isolated at the database level. No shared tables, no risk of one trainer ever accessing another's client data.
Client data export and right-to-erasure requests handled from the dashboard in one click. Full compliance without a legal team.
TLS 1.3 for all data in transit. Sensitive fields encrypted at rest. Progress photos stored in encrypted S3-compatible object storage.