We are concerned about safeguarding the confidentiality of your Information. We provide physical, electronic, and procedural safeguards to protect Information we process and maintain. For example, we limit access to this Information to authorized employees only who need to know that information in order to operate, develop or improve our Application/ Website/ Services/ products.
The company premises is under 24×7 physical security protection. Only authorized personnel have access to the building and offices. Employees are granted access to the office only after authorization using biometric authentication. Critical locations in the office are accessible only to authorized individuals. Important documents are stored in cabinets accessible only to authorized persons. The office is equipped with surveillance cameras and its images are regularly monitored by authorized persons. A policy has been implemented to approve and regulate visitor access to the building. The office is provided with 24×7 power supply, supported by an alternative uninterrupted power supply system to ensure smooth functioning in the event of power failure.
Data Security and Privacy Controls
The company’s physical infrastructure is hosted and managed within Google Workspace’s secure data centres. Google continually manages risk and undergo recurring assessments to ensure compliance with industry standards as seen here. We host customer and learner data in the United States and India.
Access Management, Encryption & Endpoint Security
- The company adheres to the principles of least privilege and role-based permissions when provisioning access; employees are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.
- Employee’s access to internal systems utilises multi-factor authentication and TLS secured network connections.
- Employees are required to use an approved password manager.
- The data is encrypted using secure cryptographic algorithms.
- All data in transit is encrypted using TLS 1.2 or greater.
- We leverage AES-256 encryption for data at rest.
- Key management is in place for all our encryption keys
- Employee endpoints are configured to comply with industry security standards.
- These standards require all endpoints to be properly configured, updated, and utilise up-to-date Endpoint Protection software, that endpoints employ encryption at rest, have strong complex passwords, and lock when idle.
Security Awareness Overview
- The company has a security awareness program that serves to ensure employees understand the importance of security and its intersection with their workday.
- New employees are required to read and adhere to the company’s IT and Security policies.
- Our physical office has a number of security controls in place including access control, physical security guard and CCTV monitoring.
Responding to Security Incidents
- The company has established policies and procedures for responding to security incidents.
- In the event of an incident, affected customers will be informed via email. Incident response procedures are tested and updated at least annually.
Data Privacy Overview
Data Sharing and Processing
- The company provides a high level of protection for learner & customer personal data. This includes only collecting, processing, and storing customer data in compliance with these obligations and providing you the right to access or delete it at any time.
- The company has implemented policies that provide controls for deleting customer data when it is no longer needed for a legitimate business purpose.
- The company also requires our data processing vendors to certify the use of customer data for no other purposes than the provision of services.
- As a learner, you can request data deletion or rectification at any time during the subscription period.
- The company’s hosting providers maintain industry standard security practices for ensuring the permanent removal of data from storage media.
- The company only shares your data with third parties that contractually agree to protect the confidentiality and privacy of the data.
- We have established agreements that require subprocessors to adhere to confidentiality commitments and take appropriate steps to ensure our security posture is maintained.
- We monitor these sub-processing vendors by conducting reviews of their controls before use and at least annually.
The company securely processes credit card information in accordance with PCI-DSS standards. We do not access or store any credit card information. Instead, we have partnered with Stripe to securely handle credit card information. You can learn more about Stripe’s security here.