Security at Learnerbly
At Learnerbly we're committed to protecting the content and data from our clients. We know your data is sensitive. That’s why we are committed to offering world-class data protection standards to ensure your data is safe and your compliance requirements are met.
We've added some information on how we approach security here, and if you have additional questions feel free to get in touch at firstname.lastname@example.org.
Data centre security
Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centres, including ISO 27001 compliance, PCI certification, and SOC. For more information about their certification and compliance, please visit the AWS Compliance site.
EU hosted infrastructure
The Learnerbly infrastructure is hosted on servers based in the European Union. This allows us to meet the specific regulatory and compliance requirements of organisations in Europe. Our data centre provider AWS is located in Ireland. AWS maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001.
Data encryption in transit & at rest
All data sent to or from Learnerbly is encrypted using TLS, and all customer data is encrypted using AES-256.
In the event of a data breach involving personal data, we will promptly report to the local authority and to the people (data subjects) involved.
Processing of Company Personal Data
Learnerbly will comply with all applicable Data Protection Laws in the Processing of Company Personal Data and not Process Company Personal Data other than on the relevant Company’s documented instructions.
3rd party Sub-Processors
Learnerbly is committed to compliance with the General Data Protection Regulation, and meeting our legal obligation by helping our customers become compliant.
We run automated backups of our databases every day to ensure your data stays safe and highly available.
We collect detailed logs to ensure we have a high-resolution trail of the actions performed across the platform for any incident investigation if so required.
We have automated systems in place that monitor the versions and vulnerabilities in all of the code that powers Learnerbly and our infrastructure is continuously updated to the latest and most secure versions of software.
We run an extensive suite of automated tests after each code change to verify the correctness of our features, including authentication and the permission system.
We work with an external partner to regularly run penetration tests against our application and infrastructure.
HTTP strict transport security
Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protected against protocol downgrade attacks.
We run automated scans to detect common vulnerabilities.