Security

Designed around isolated club workspaces.

KeepsMeSwimming should protect swim club and family data through tenant scoping, role permissions, secure authentication, and audit-friendly operations.

Tenant isolation

Workspace IDs scope club data at the database, API, and UI layers.

Role permissions

Super admins support setup. Club admins manage club users. Coaches operate assigned team tools.

Approval-gated access

New users who are not automatically approved wait for access approval before entering the app.

Operating posture

Security commitments to keep visible.

ControlExpectation
AuthenticationUse managed auth, secure sessions, MFA roadmap, and password reset protections.
AuthorizationEnforce least privilege and server-side checks for sensitive actions.
Data accessUse RLS policies and scoped queries to prevent cross-club access.
User approvalKeep unapproved accounts out of club data until a permitted admin approves access.
Admin elevationRequire password re-entry for super admin role elevation.
AuditabilityLog sensitive actions such as impersonation, sync runs, user approvals, and role changes.
Youth data

Swimmer information deserves narrow access.

KeepsMeSwimming handles data that can include swimmers, guardians, meet availability, volunteer activity, training groups, videos, and coach feedback. The product should keep that information tied to the right workspace, role, and family relationship.

Family relationships

Parent visibility is linked to the swimmers they are allowed to see, not to every swimmer in a club.

Staff separation

Club admins, coaches, parents, swimmers, and super admins each have distinct access needs.

Legal acceptance

Account creation should capture required terms, privacy, and youth data acknowledgements.

Security questions

How access is intended to work.

Can a newly registered user enter the app immediately?

No. Users who have not been approved should remain in an approval-required state until an authorized admin grants access.

How does KeepsMeSwimming separate club data?

Club data is scoped through workspace IDs, role-aware queries, RLS policies, and UI navigation that reflects the user's membership and permissions.

Who can manage users?

Super admins support platform setup. Club admins manage users inside their club workspace. Coaches, parents, and swimmers should only receive the access needed for their role.