Work without worry

Learnosity’s enterprise-grade data security protects the information of millions of learners around the world.

Product security policy

15+ years

fine-tuning our security practices
ISO 27001

certified for security best practices and controls
>40 million

learners whose data we protect annually

Total security, zero stress

Your product can never be too safe, so we employ multiple layers of protection against bad actors.

Product security

HTTPS and disk-based encryption

Our robust security standards include TLS encryption in transit and AES 256 encryption at rest.
Authentication

We enforce two-factor authentication (2FA) on login to our Author Site to ensure your proprietary content can only be accessed by the right people.

Network security

Multi-tiered security model

Our numerous lines of defense include VPN usage from IP-restricted locations, putting public-facing web servers behind port-restricted load balancers, and using SSH with public key encryption across all servers for maintenance communications.
Data location

We’re currently hosted on AWS in the US, EU, and Australia, so our customers can choose where they want to store their encrypted data.
Failsafes

Where possible, our production systems use immutable images to ensure a consistent operating state.

Additional security features

Continuous learning

We’re always vigilant against possible threats. We run regular security workshops to educate staff, share knowledge on the challenges we face, and determine the safest options during development.
Penetration testing

We run regular third-party penetration tests to assess the strength of our systems’ defenses.
Policies

We’ve developed an in-depth set of privacy and security policies covering a range of topics, which we update regularly.

How we protect user privacy

Meet our security experts

Alan Garfield

Principal Engineer

Meet Alan

Mark Lynch

Chief Strategy Officer and Co-founder

Meet Mark

Alan Garfield

Principal Engineer

Alan Garfield

Principal Engineer

1. Your number one principle for data security?

Attention to details matter. 90% of the time, a breach or an exploit happens because something really simple was missed or one simple change was made that caused the problem. This can be as simple as receiving an email and mistaking an illegitimate request as a legitimate one. Or accepting the default setting when making some change to a running system. It’s never foolproof, but paying attention to the details of things really does matter.

2. Most rewarding part of the job?

Helping the team, and growing with them. No one person can do and know everything. Everyone in history is standing on the shoulders of those before us. Recognizing that and helping to lift others up and sharing my experiences makes me happy.

3. Ever consider becoming a hacker?

I like puzzles and problems. But many puzzles don’t lead to legal issues. I’ve always preferred to share and protect, than break and exploit. Plus you can more freely talk about what you do without fear. 😀

Mark Lynch

Chief Strategy Officer and Co-founder

Mark Lynch

Chief Strategy Officer and Co-founder

1. Your number one principle for data security?

Don’t collect it if you don’t need it. We have designed a system that only collects data that is the minimum to provide the service. We don’t need to know the name/age/gender of any of the students answering questions – we just need to know what they answered. It keeps it simpler, and reduces security risk.

2. Most rewarding part of the job?

Seeing the awesome ways that people use our technology. The most recent example of this was a program of learning to teach media literacy, which is more relevant now than it every has been, to teach children (and adults) how to discern #realnews from #fakenews.

3. Ever consider becoming a hacker?

Not again, no 😉 My hacking exploits were limited to reverse engineering the copy prevention on Commodore 64 games when I was a kid and had more free time and no money. I had some successes and many failures – but in the end, this was what drove my interest and passion in software development.

Discover our ethos

Read Time 4 Mins

Four suggestions for getting privacy right when developing edtech

As digital interactions increase, so does the flow of data and the risk of its misuse. But edtech can respect and protect learner privacy. John Kleeman, EVP at Learnosity & Questionmark, explains how.

by John Kleeman EVP at Learnosity

Read Time 8 Mins

Infrastructure as code: Successfully scaling to new heights

How do you prepare a product to meet the demands of a rapidly growing user base? Meet someone who knows. Alan Garfield is a busy…

by Micheál Heffernan Senior Editor

Read Time 3 Mins

Here’s one simple way we make your content more secure

Enforcing 2FA for Author Site users makes it significantly more difficult for attackers to access your content – here's how.

by Tyler Nienhouse Software Engineer

Reporting security vulnerabilities

We investigate all legitimate reports of security vulnerabilities and do our best to quickly fill the gap in our defenses. If you believe that you have found a problem in any of our sites or APIs, let us know ASAP at security@learnosity.com.

Let's play it safe

Security is a big deal. If you need more details about how we protect our customers, contact our team today.

Get in touch

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_dc_gtm_UA-*	1 minute	This cookie is used to help identify the visitors by either age, gender, or interests by DoubleClick - Google Tag Manager.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_*	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_pk_id.*	1 year 27 days	This cookie is used to store a few details about the user such as the unique visitor ID.
_pk_ses.*	30 minutes	This is a short lived cookies used to temporarily store data for the visit.
1P_JAR	1 day	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.
CONSENT	2 years	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.
DV	1 day	Used to collect information about how visitors use our site which we use to compile reports to help us make improvements. The cookies enable the collection of information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
lpv*	30 minutes	This cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session
NID	6 months	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
visitor_id*	10 years	This cookie includes a unique visitor ID and the unique identifier for your Pardot account. This cookie is set for visitors by the Pardot tracking code.
visitor_id*-hash	10 years	This cookie contains the Pardot account ID and stores a unique hash. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.

Work without worry

Total security, zero stress

Product security

HTTPS and disk-based encryption

Authentication

Network security

Multi-tiered security model

Data location

Failsafes

Additional security features

Continuous learning

Penetration testing

Policies

Meet our security experts

Alan Garfield

Mark Lynch

Alan Garfield

Alan Garfield

1. Your number one principle for data security?

2. Most rewarding part of the job?

3. Ever consider becoming a hacker?

Mark Lynch

Mark Lynch

1. Your number one principle for data security?

2. Most rewarding part of the job?

3. Ever consider becoming a hacker?

Discover our ethos

Four suggestions for getting privacy right when developing edtech

Infrastructure as code: Successfully scaling to new heights

Here’s one simple way we make your content more secure

Reporting security vulnerabilities

Let's play it safe