Home Security & Privacy

Security & Privacy at LearnFlow

We prioritize the protection of your data, your students, and your institutional trust. Learn how we secure our platform.

Our Security Pillars

LearnFlow is built on a foundation of industry-leading security practices designed to protect learners, educators, and organizations.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your credentials, payments, and personal information are never stored in plain text.

Strict Access Controls

We enforce role-based access control (RBAC), multi-factor authentication (MFA) for all staff, and least-privilege principles across our infrastructure.

Compliance First

LearnFlow adheres to GDPR, FERPA, COPPA, and SOC 2 Type II standards. We conduct annual third-party audits to maintain certification.

Secure Infrastructure

Hosted on AWS with automated backups, DDoS protection, WAF, and 24/7 monitoring by our dedicated security operations center (SOC).

Compliance & Certifications

We meet and exceed regulatory requirements to ensure your data is handled responsibly and legally.

GDPR

GDPR Compliant

Full compliance with EU data protection regulations, including data subject rights, DPA availability, and international transfer safeguards.

FERPA

FERPA Certified

Protects student education records and privacy. We provide strict access controls and audit trails for all educational data.

SOC2

SOC 2 Type II

Independently audited for security, availability, processing integrity, confidentiality, and privacy controls.

COPPA

COPPA Safe Harbor

Strict age verification and parental consent mechanisms for users under 13. No behavioral tracking or advertising for minors.

How We Protect Your Data

Transparency is core to our privacy philosophy. Here's exactly how we handle your information:

  • No Data Selling: We never sell, rent, or trade your personal information to third-party advertisers.
  • Minimal Collection: We only collect data necessary to deliver learning services, process payments, and improve the platform.
  • Right to Delete: Users can request full account deletion and data erasure at any time via account settings or support.
  • Secure Backups: Automated daily backups are encrypted and stored in isolated geographic regions for disaster recovery.
  • Breach Protocol: In the unlikely event of a security incident, we will notify affected users within 72 hours as required by law.

Your Data Stays Yours

LearnFlow operates on a zero-knowledge architecture for sensitive credentials. We implement strict data retention policies, automated purging of inactive accounts, and transparent privacy dashboards so you always know what we store and why.


Read Full Privacy Policy

Security FAQ

Common questions about our security practices, data handling, and account protection.

Passwords are hashed using bcrypt with a work factor of 12 and salted uniquely per account. We never store plain-text passwords, and we automatically block brute-force attempts after 5 failed logins.
Yes. All users can enable 2FA in Settings > Security. We support TOTP (Google Authenticator, Authy), SMS verification, and hardware security keys (FIDO2/WebAuthn) for maximum protection.
All third-party integrations (Zoom, Slack, payment processors, etc.) use OAuth 2.0 with scoped permissions. We conduct vendor security assessments and only integrate with partners who meet our compliance standards.
Immediately change your password, enable 2FA, and contact our security team at security@learnflow.io. We will freeze suspicious sessions, revoke active tokens, and investigate within 1 hour.

Report a Vulnerability or Security Concern

We take responsible disclosure seriously. If you discover a security issue, please contact us directly. We offer bug bounty rewards for verified vulnerabilities.

security@learnflow.io

PGP Key available upon request. Response within 24 hours guaranteed.