This site includes the following security mechanisms to protect its members and their resources:
Every account has its own unique user id and password which can be managed by an administrator. In addition, policies can allow an instructor to access and/or reset the passwords of their learners. Login is encrypted using SSL. Every course and group can have an optional password, and every district must be password protected.
By default, your organization is a walled community, which isolates your learners from contact by anyone who is not also in your organization. Organizations can change this policy if they want their learners to be able to enroll in courses with other organizations or message members of the site who are not in their organization.
To prevent resources being accessed by unauthorized members, when someone views a page on the site, all the resources on that page have a special custom code appended to their URL that's unique for the viewer. Our system only allows access to resources whose custom URL matches the account of the viewer. This approach prevents a member from sharing a resource by sending its URL to someone else.
If an organization is a walled community, learner profile pages can only be seen by members of their organization.
We apply a strict set of rules to messaging to ensure that members do not receive unauthorized communications. For a list of the rules, visit the messages section.
Premium plan members can enable communications monitoring that sends alerts whenever communications include potentially offensive language. For more information about monitoring, visit the policies article.
Our integrated e-commerce system uses Paypal, Authorize.net or Stripe as secure payment gateways, and all communications between our site and these sites are encrypted using SSL. In addition, we do not store any payment information at our site.
We store all files in the Amazon storage system (S3), which is secure and only allows authorized access to those files. We store all data in the Amazon relational database system (RDS) which is secure and password protected.
All our software runs on the Amazon Elastic Computing cloud (EC2), which is secure and password protected. The servers are constantly monitored by our staff and Amazon's own management software.
Data collected through our websites or registration/subscription to our learning platforms
The data provided by users when registering to use our learning platforms is used in the following ways:
Our clients are fully responsible for the data hosted on our platform and how they use it. In this case, they are the "data collector" and we are the "data processor". We only collect the data that clients use when registering for our platforms, which is usually the administrator account of the platform. Clients decide the type of user data they upload and use in our platform and if they want to use our platforms to collect more user data, by allowing users to self-register for their portals.
Client data such as registration details, company details, data stored by the client in our learning platforms, is stored as long as the client is registered to use our learning platforms. After the 14-day Free Trial, if the user does not upgrade to a paid plan, their registration is terminated and we delete their data.
Personal data gathered through marketing campaigns and website forms (such as contact forms on our websites) is stored until the user decides that they don't want to receive updates from us anymore. We use email marketing to communicate with these contacts and there is an "Unsubscribe" option available in each email. If a person does not interact with our marketing campaigns for a period longer than one year, we will delete the contact information from our database.
Blog subscribers receive blog updates until they decide to stop their subscription. The "Unsubscribe" option is available in each blog update we send out. We do not store phone numbers.
Clients' data located in the USA is stored on our secure company servers on AWS. Clients' data located in Europe, is stored on the Amazon servers in Frankfurt. Clients' data located in Australia, is stored on the Amazon servers in Australia.
Our learning platforms include the following security mechanisms to protect its members and their resources: passwords, walled communities, authenticated resource access, secure profiles, secure messaging, communications monitoring, secure e-commerce, secure storage, secure servers. All communications are over HTTPS, all personal passwords are encrypted with individual SALT values, we use a rate limiter to prevent script kiddies or malicious attackers from overwhelming the system, our Amazon servers are hosted in their own VPC (virtual private cloud), and all remote ssh logins are protected using public/private keys. We conduct regular security audits and run daily security tools on our site to automatically detect and report security issues. You can easily prevent selected users from logging in, revoke their access rights, or delete them entirely if necessary. You can configure your site security policies to specify which operations can be performed by specific account types.
We provide Policy documents for our clients to use on their portals. This feature gives clients the framework to create documents that describe their privacy policy and require users to accept their privacy policy.
We use the information provided by users such as their email address for authentication through Google Workspace single sign-on and for accessing the files in Google Drive of the user if they use this integration in our platform. We don't alter in any way the user data in Google Drive and we only store the data in our system if the user wants this. We do not use Google user data in any other way.