LearnWorlds Data Security
Here at LearnWorlds we take data security and privacy very seriously and we continuously look for opportunities to make improvements.
While it would not be prudent to share too much about what we do to protect our systems (since we would be effectively assisting malicious individuals who might try to compromise them), we can provide some general information about steps we take to keep your Online School and your customers safe.
Here are the measures we employ for securely storing the data you entrusted to us:
Protection from Data Loss & Data Corruption
-
Isolated Databases
Each LearnWorlds School has its own, isolated Database. This means that even if a School gets compromised or goes rogue, all other Schools will remain unaffected. -
Regular Backups
Databases are mirrored and backed up off site, across multiple facilities. We keep daily database backups. -
Customer data regulation
We never move any school or user data outside of our secured environment for testing or any other reason.
Application Level Security
-
Password salting and hashing
LearnWorlds uses the most up-to-date and secure cryptographic methods. School Admin Passwords are salted and hashed and never stored or transmitted as plain text. Employees cannot view or manually change passwords. If you forget your password it cannot be retrieved, even by our own CTO – the password must be reset by you. -
Encrypted Data Storage
All user passwords are salted and hashed and never stored or transmitted as plain text. -
HTTPS everywhere
LearnWorlds forces all requests over HTTPS, ensuring all traffic between your school and the user’s browser is encrypted. This means that anyone trying to eavesdrop on this data will not be able to decrypt and access the underlying data. All schools powered by LearnWorld get a free SSL certificate for lifetime. LearnWorlds uses TLS 1.2 exclusively, throughout its site and subdomains. -
XSS vulnerability avoidance
All user inputs are properly treated to ensure that XSS vulnerabilities are avoided.
Credit Cards and PCI compliance
At LearnWorlds, we prioritize the security of your payment information by adhering to PCI-DSS (Payment Card Industry Data Security Standard) guidelines. This ensures that all credit card transactions are handled securely, helping to protect your sensitive data and prevent fraud.
LearnWorlds itself does not store, process, or transmit any credit card information. Instead, we rely on trusted payment gateway providers, such as Stripe and PayPal, to manage all credit card data securely. These providers are PCI DSS Level 1 Service Providers—the highest level of compliance—which means they meet the stringent security standards set by the PCI Security Standards Council, a joint effort by major credit card companies like Visa, MasterCard, American Express, and Discover.
By partnering with these industry leaders, we ensure that all transactions conducted through our platform are secure. You can learn more about Stripe’s security here and Paypal’s here.
Secure Software Development Life Cycle
-
Vulnerability Scanning & Patching
We have automated systems in place that monitor all the software infrastructure that powers LearnWorlds for new versions and vulnerabilities. Our infrastructure is updated regularly with the latest security patches. Moreover, our in-house security expert is constantly on the lookout for things that could jeopardize our systems, ready to intervene. We test our systems regularly through simulated attacks from the outside and in. -
Secure File storage
Your uploaded files can only be accessed through LearnWorlds. Your students can only access files intended for them. Only authorized LearnWorlds personnel can access your files, on a strict per-need basis. -
Internal Controls
For our employees, access rights and levels are based on job function and role, on a need-to-know basis, match defined responsibilities. All employees must abide by our policies about protecting customer data. -
Security by design
Our code is being developed following the latest patterns and industry best practices, and is constantly reviewed. Clear, readable and well-maintained code means secure systems. -
Key management
We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.
Data Center Security
The GDPR requires controllers and processors of personal data to “implement appropriate technical and organizational” measures to ensure a sufficient level of security.
LearnWorlds is a Google Cloud partner so we primarily use top-notch Google Cloud Platform servers as our third-party cloud storage subcontractor and we do not host customer data on our premises.
This means that all our servers are located at Google premises, in different world-class data centers around the world:
- East USA (South Carolina & Virginia, USA, North America)
- Central EU (Frankfurt, Germany, Europe)
- South America (São Paulo, Brazil, South America)
- Southeast Asia (Singapore, APAC)
Google Cloud Platform is a leading cloud provider, and holds industry best security certifications, such as SOC2/3 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers. All servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches. For more info on Google Cloud Platform physical server security check here.
- High availability. We’ve designed LearnWorlds to ensure high availability throughout the platform. At every layer of the stack, we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.
Protecting LearnWorlds Against rogue or hacked users
We can secure ourselves, but if your computer gets compromised or someone gets into your LearnWorlds account, that’s not good for either of us. Therefore,
- We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
- We monitor accounts and school activity for signs of abuse (both via automatic notifications and human reviewers).
Disclosure
We are working continuously to make our systems secure. But modern software is amongst the most complex artefacts ever created by humans and cybersecurity is a moving target. If you do find any security issues, whether you are a user or security expert, please reach out to us at support@learnworlds.com. We will make sure the issue is fixed and updated ASAP.