Security practices

How we protect your organization's data, content, and learner information.

Encryption

TLS 1.2+ for all data in transit
AES-256 encryption for data at rest
Encrypted database connections
Secure credential storage with hashing and salting

Access Controls

Role-based access control (admin, creator, learner)
SAML 2.0 SSO integration (Enterprise)
Per-tenant permission boundaries
Session management with secure token handling

Infrastructure

Multi-tenant architecture with data isolation
Cloud-hosted on hardened infrastructure
Regular automated backups
CDN-delivered assets with edge caching

Monitoring & Logging

Application-level audit logging
Real-time error monitoring and alerting
Access logs for administrative actions
Anomaly detection on authentication events

Data Protection

Tenant data isolation at the database level
Data portability — export your data at any time
Data Processing Agreement (DPA) available on request
Right to deletion supported

Incident Response

Documented incident response procedures
Defined escalation paths and response timelines
Post-incident review process
User notification procedures for security events

Data Processing Agreement

We provide a Data Processing Agreement (DPA) on request for organizations that require one. Enterprise plans include a DPA as standard, along with Business Associate Agreements (BAA) for healthcare organizations. Contact us to request a copy.

Certification roadmap

We are actively working toward formal SOC 2 Type II certification. Our current security controls are designed to align with SOC 2 requirements, and we are documenting our processes in preparation for a formal audit.

Questions about security?

Our team is available to discuss your security requirements and provide additional documentation.