LearnWorlds Data Security
Here at LearnWorlds we take data security and privacy very seriously and we continuously look for opportunities to make improvements.
While it would not be prudent to share too much about what we do to protect our systems (since we would be effectively assisting malicious individuals who might try to compromise them), we can provide some general information about steps we take to keep your Online School and your customers safe.
Here are the measures we employ for securely storing the data you entrusted to us:
Protection from Data Loss & Data Corruption
Each LearnWorlds School has its own, isolated Database. This means that even if a School gets compromised or goes rogue, all other Schools will remain unaffected.
Databases are mirrored and backed up off site, across multiple facilities. We keep daily database backups.
Customer data regulation
We never move any school or user data outside of our secured environment for testing or any other reason.
Application Level Security
Password salting and hashing
LearnWorlds uses the most up-to-date and secure cryptographic methods. School Admin Passwords are salted and hashed and never stored or transmitted as plain text. Employees cannot view or manually change passwords. If you forget your password it cannot be retrieved, even by our own CTO – the password must be reset by you.
Encrypted Data Storage
All user passwords are salted and hashed and never stored or transmitted as plain text.
We do not store credit card details on our infrastructure. All credit card transactions are processed using secure encryption on a PCI-Compliant network.
LearnWorlds forces all requests over HTTPS, ensuring all traffic between your school and the user’s browser is encrypted. This means that anyone trying to eavesdrop on this data will not be able to decrypt and access the underlying data. All schools powered by LearnWorld get a free SSL certificate for lifetime. LearnWorlds uses TLS 1.2 exclusively, throughout its site and subdomains.
XSS vulnerability avoidance
All user inputs are properly treated to ensure that XSS vulnerabilities are avoided.
Secure Software Development Life Cycle
Vulnerability Scanning & Patching
We have automated systems in place that monitor all the software infrastructure that powers LearnWorlds for new versions and vulnerabilities. Our infrastructure is updated regularly with the latest security patches. Moreover, our in-house security expert is constantly on the lookout for things that could jeopardize our systems, ready to intervene. We test our systems regularly through simulated attacks from the outside and in.
Secure File storage
Your uploaded files can only be accessed through LearnWorlds. Your students can only access files intended for them. Only authorized LearnWorlds personnel can access your files, on a strict per-need basis.
For our employees, access rights and levels are based on job function and role, on a need-to-know basis, match defined responsibilities. All employees must abide by our policies about protecting customer data.
Security by design
Our code is being developed following the latest patterns and industry best practices, and is constantly reviewed. Clear, readable and well-maintained code means secure systems.
We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.
Data Center Security
The GDPR requires controllers and processors of personal data to “implement appropriate technical and organisational” measures to ensure a sufficient level of security. LearnWorlds uses Microsoft Azure as its third-party cloud storage subcontractor and does not host customer data on its premises. This means that all our servers are located at Microsoft, in different world-class data centers in the United States and Western Europe (Ireland).
- Microsoft Azure is a leading cloud provider, and holds industry best security certifications, such as SOC2 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers. All servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches. For more info on Azure physical server security check here.
- High availability. We’ve designed LearnWorlds to ensure high availability throughout the platform. At every layer of the stack we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.
Protecting LearnWorlds Against rogue or hacked users
We can secure ourselves, but if your computer gets compromised or someone gets into your LearnWorlds account, that’s not good for either of us. Therefore,
- We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
- We monitor accounts and school activity for signs of abuse (both via automatic notifications and human reviewers).
We are working continuously to make our systems secure. But modern software is amongst the most complex artefacts ever created by humans and cybersecurity is a moving target. If you do find any security issues, whether you are a user or security expert, please reach out to us at firstname.lastname@example.org. We will make sure the issue is fixed and updated ASAP.