Security Overview
We are concerned about safeguarding the confidentiality of your Information. We provide physical, electronic, and procedural safeguards to protect Information we process and maintain. For example, we limit access to this Information to authorized employees only who need to know that information in order to operate, develop or improve our Application/ Website/ Services/ products.
Physical Security
The company premises is under 24×7 physical security protection. Only authorized personnel have access to the building and offices. Employees are granted access to the office only after authorization using biometric authentication. Critical locations in the office are accessible only to authorized individuals. Important documents are stored in cabinets accessible only to authorized persons. The office is equipped with surveillance cameras and its images are regularly monitored by authorized persons. A policy has been implemented to approve and regulate visitor access to the building. The office is provided with 24×7 power supply, supported by an alternative uninterrupted power supply system to ensure smooth functioning in the event of power failure.
Data Security and Privacy Controls
The company’s physical infrastructure is hosted and managed within Google Workspace’s secure data centres. Google continually manages risk and undergo recurring assessments to ensure compliance with industry standards as seen here. We host customer and learner data in the United States and India.
Access Management, Encryption & Endpoint Security
Access Management
- The company adheres to the principles of least privilege and role-based permissions when provisioning access; employees are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.
- Employee’s access to internal systems utilises multi-factor authentication and TLS secured network connections.
- Employees are required to use an approved password manager.
Encryption
- The data is encrypted using secure cryptographic algorithms.
- All data in transit is encrypted using TLS 1.2 or greater.
- We leverage AES-256 encryption for data at rest.
- Key management is in place for all our encryption keys
Endpoint Security
- Employee endpoints are configured to comply with industry security standards.
- These standards require all endpoints to be properly configured, updated, and utilise up-to-date Endpoint Protection software, that endpoints employ encryption at rest, have strong complex passwords, and lock when idle.
Security Awareness Overview
- The company has a security awareness program that serves to ensure employees understand the importance of security and its intersection with their workday.
- New employees are required to read and adhere to the company’s IT and Security policies.
- Our physical office has a number of security controls in place including access control, physical security guard and CCTV monitoring.
Responding to Security Incidents
- The company has established policies and procedures for responding to security incidents.
- In the event of an incident, affected customers will be informed via email. Incident response procedures are tested and updated at least annually.
Data Privacy
Data Privacy Overview
The company’s data privacy controls are designed to honour our obligations around how we collect, process, use and share personal data, as well as our processes to support data retention and disclosure in compliance with applicable privacy laws. The collection and use of customer’s personal data is in accordance with our Privacy Policy.
Data Sharing and Processing
- The company provides a high level of protection for learner & customer personal data. This includes only collecting, processing, and storing customer data in compliance with these obligations and providing you the right to access or delete it at any time.
- The company has implemented policies that provide controls for deleting customer data when it is no longer needed for a legitimate business purpose.
- The company uses cookies only in accordance with our Cookies Policy as described with our Privacy Policy.
- The company also requires our data processing vendors to certify the use of customer data for no other purposes than the provision of services.
Data Disposal
- As a learner, you can request data deletion or rectification at any time during the subscription period.
- The company’s hosting providers maintain industry standard security practices for ensuring the permanent removal of data from storage media.
Vendor Management
- The company only shares your data with third parties that contractually agree to protect the confidentiality and privacy of the data.
- We have established agreements that require subprocessors to adhere to confidentiality commitments and take appropriate steps to ensure our security posture is maintained.
- We monitor these sub-processing vendors by conducting reviews of their controls before use and at least annually.
Credit Cards
The company securely processes credit card information in accordance with PCI-DSS standards. We do not access or store any credit card information. Instead, we have partnered with Stripe to securely handle credit card information. You can learn more about Stripe’s security here.