Work without worry
Learnosity’s enterprise-grade data security protects the information of millions of learners around the world.
-
EU-U.S. DPFcertified under the EU-U.S. Data Privacy Framework, including the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework
-
ISO 27001certified for security best practices and controls
-
CSA STARlisted in the Security Trust Assurance and Risk (STAR) registry that encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices
-
HECVATcompleted the Higher Education Community Vendor Assessment Toolkit (HECVAT) assessment
Total security, zero stress
Your product can never be too safe, so we employ multiple layers of protection against bad actors.
Product security
-
HTTPS and disk-based encryption
Our robust security standards include TLS encryption in transit and AES 256 encryption at rest.
-
Authentication
We enforce two-factor authentication (2FA) on login to our Author Site to ensure your proprietary content can only be accessed by the right people.
Network security
-
Multi-tiered security model
Our numerous lines of defense include VPN usage from IP-restricted locations, putting public-facing web servers behind port-restricted load balancers, and using SSH with public key encryption across all servers for maintenance communications.
-
Data location
We’re currently hosted on AWS in the US, EU, and Australia, so our customers can choose where they want to store their encrypted data.
-
Failsafes
Where possible, our production systems use immutable images to ensure a consistent operating state.
Additional security features
-
Continuous learning
We’re always vigilant against possible threats. We run regular security workshops to educate staff, share knowledge on the challenges we face, and determine the safest options during development.
-
Penetration testing
We run regular third-party penetration tests to assess the strength of our systems’ defenses.
-
Policies
We’ve developed an in-depth set of privacy and security policies covering a range of topics, which we update regularly.
Meet our security experts
Alan Garfield
Principal Engineer
Joe Udwin
Chief Technology Officer
Charles McMillion
Information Security Officer
Discover our ethos
Four suggestions for getting privacy right when developing edtech
As digital interactions increase, so does the flow of data and the risk of its misuse. But edtech can respect and protect learner privacy. John Kleeman, EVP at Learnosity & Questionmark, explains how.
Infrastructure as code: Successfully scaling to new heights
How do you prepare a product to meet the demands of a rapidly growing user base? Meet someone who knows. Alan Garfield is a busy…
The gathering storm: Student data security in the Digital Age
How can student data security be guaranteed when faced with a threat that can neither be detected nor predicted? In the not-too-distant past, banks represented…
Reporting security vulnerabilities
We investigate all legitimate reports of security vulnerabilities and do our best to quickly fill the gap in our defenses, and authorize the public to conduct good-faith research with the intent of reporting such vulnerabilities to Learnosity. If you believe you have found a vulnerability in any of our sites or products, please let us know ASAP at security@learnosity.com.
Let's play it safe
Security is a big deal. If you need more details about how we protect our customers, contact our team today.
Get in touch