Security

Updated 09/2020

Security at Learnerbly

At Learnerbly we're committed to protecting the content and data from our clients. We know your data is sensitive. That’s why we are committed to offering world-class data protection standards to ensure your data is safe and your compliance requirements are met.

We’ve added some information on how we approach security here, and if you have additional questions feel free to get in touch via our Intercom chat service.

Data centre security

Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centres, including ISO 27001 compliance, PCI certification, and SOC. For more information about their certification and compliance, please visit the AWS Compliance site.

EU hosted infrastructure

The Learnerbly infrastructure is hosted on servers based in the European Union. This allows us to meet the specific regulatory and compliance requirements of organisations in Europe. Our data centre provider AWS is located in Ireland. AWS maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001.

Data encryption in transit & at rest

All data sent to or from Learnerbly is encrypted using TLS, and all customer data is encrypted using AES-256.

Vulnerability disclosure

In the event of a data breach involving personal data, we will promptly report to the local authority and to the people (data subjects) involved.

Processing of Company Personal Data

Learnerbly will comply with all applicable Data Protection Laws in the Processing of Company Personal Data and not Process Company Personal Data other than on the relevant Company’s documented instructions.

3rd party Sub-Processors

Our sub-processors are leaders in their space and have security as the top priority. You can find the list of our sub-processors in our Privacy Policy page.

GDPR commitment

Learnerbly is committed to compliance with the General Data Protection Regulation, and meeting our legal obligation by helping our customers become compliant.

Data backups

We run automated backups of our databases every day to ensure your data stays safe and highly available.

Log collection

We collect detailed logs to ensure we have a high-resolution trail of the actions performed across the platform for any incident investigation if so required.

Software updates

We have automated systems in place that monitor the versions and vulnerabilities in all of the code that powers Learnerbly and our infrastructure is continuously updated to the latest and most secure versions of software.

Automated tests

We run an extensive suite of automated tests after each code change to verify the correctness of our features, including authentication and the permission system.

Penetration tests

We work with an external partner to regularly run penetration tests against our application and infrastructure.

HTTP strict transport security

Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protected against protocol downgrade attacks.

Vulnerability Scanning

We run automated scans to detect common vulnerabilities.