Work without worry

-
15+ yearsfine-tuning our security practices
-
ISO 27001certified for security best practices and controls
-
>40 millionlearners whose data we protect annually
Total security, zero stress
Your product can never be too safe, so we employ multiple layers of protection against bad actors.
Product security
-
HTTPS and disk-based encryption
Our robust security standards include TLS encryption in transit and AES 256 encryption at rest.
-
Authentication
We enforce two-factor authentication (2FA) on login to our Author Site to ensure your proprietary content can only be accessed by the right people.
Network security
-
Multi-tiered security model
Our numerous lines of defense include VPN usage from IP-restricted locations, putting public-facing web servers behind port-restricted load balancers, and using SSH with public key encryption across all servers for maintenance communications.
-
Data location
We’re currently hosted on AWS in the US, EU, and Australia, so our customers can choose where they want to store their encrypted data.
-
Failsafes
Where possible, our production systems use immutable images to ensure a consistent operating state.
Additional security features
-
Continuous learning
We’re always vigilant against possible threats. We run regular security workshops to educate staff, share knowledge on the challenges we face, and determine the safest options during development.
-
Penetration testing
We run regular third-party penetration tests to assess the strength of our systems’ defenses.
-
Policies
We’ve developed an in-depth set of privacy and security policies covering a range of topics, which we update regularly.
Alan Garfield
Principal Engineer
1. Your number one principle for data security?
Attention to details matter. 90% of the time, a breach or an exploit happens because something really simple was missed or one simple change was made that caused the problem. This can be as simple as receiving an email and mistaking an illegitimate request as a legitimate one. Or accepting the default setting when making some change to a running system. It’s never foolproof, but paying attention to the details of things really does matter.
2. Most rewarding part of the job?
Helping the team, and growing with them. No one person can do and know everything. Everyone in history is standing on the shoulders of those before us. Recognizing that and helping to lift others up and sharing my experiences makes me happy.
3. Ever consider becoming a hacker?
I like puzzles and problems. But many puzzles don’t lead to legal issues. I’ve always preferred to share and protect, than break and exploit. Plus you can more freely talk about what you do without fear. 😀
Mark Lynch
Chief Strategy Officer and Co-founder
1. Your number one principle for data security?
Don’t collect it if you don’t need it. We have designed a system that only collects data that is the minimum to provide the service. We don’t need to know the name/age/gender of any of the students answering questions – we just need to know what they answered. It keeps it simpler, and reduces security risk.
2. Most rewarding part of the job?
Seeing the awesome ways that people use our technology. The most recent example of this was a program of learning to teach media literacy, which is more relevant now than it every has been, to teach children (and adults) how to discern #realnews from #fakenews.
3. Ever consider becoming a hacker?
Not again, no 😉 My hacking exploits were limited to reverse engineering the copy prevention on Commodore 64 games when I was a kid and had more free time and no money. I had some successes and many failures – but in the end, this was what drove my interest and passion in software development.
Discover our ethos


Four suggestions for getting privacy right when developing edtech
As digital interactions increase, so does the flow of data and the risk of its misuse. But edtech can respect and protect learner privacy. John Kleeman, EVP at Learnosity & Questionmark, explains how.


Infrastructure as code: Successfully scaling to new heights
How do you prepare a product to meet the demands of a rapidly growing user base? Meet someone who knows. Alan Garfield is a busy…


Here’s one simple way we make your content more secure
Enforcing 2FA for Author Site users makes it significantly more difficult for attackers to access your content – here's how.
Reporting security vulnerabilities
We investigate all legitimate reports of security vulnerabilities and do our best to quickly fill the gap in our defenses. If you believe that you have found a problem in any of our sites or APIs, let us know ASAP at security@learnosity.com.
Let's play it safe
Security is a big deal. If you need more details about how we protect our customers, contact our team today.
Get in touch