Security at Learn+

Security you can rely on

We take data protection and security seriously. Here we transparently show how we protect your data and what measures we take.

View our practices

GDPR compliant

Full compliance with EU General Data Protection Regulation

SCORM compliant

Standard for e-learning content

Swiss Hosting

Data is hosted in Switzerland

Our 10 security practices

These measures form the foundation of our security strategy and enable us to maintain a high level of security even without ISO 27001.

01

Strong Access Controls

All admin accounts, email accounts, hosting, database, GitHub, Vercel, Supabase and payment providers are secured with MFA (Multi-Factor Authentication).

  • Admin rights only for those who truly need them
  • Principle of Least Privilege as foundation
  • Regular review of access rights
02

Roles and Permissions

In Learn+ not everyone can see everything. We have implemented clear roles like Superadmin, Customer Admin, Manager and regular users.

  • Everyone sees only what they need
  • Tenant separation for SaaS customers
  • Granular permission control
03

Encryption

Data is protected during transfer with HTTPS/TLS. Sensitive data is also protected at rest, passwords are never stored in plain text.

  • TLS 1.3 for all connections
  • Password hashing with modern algorithms
  • Encryption of sensitive data at rest
04

Backup and Recovery

Automatic backups for database and important files. We regularly test that restores actually work.

  • Daily automated backups
  • Geographically distributed backup storage
  • Regular restore tests
05

Logging and Traceability

Important actions are logged: logins, failed logins, admin changes, role changes, password resets and data exports.

  • Complete audit trail for admin actions
  • Monitoring of critical system events
  • NIST-compliant logging practices
06

Patching and Updates

Servers, packages, dependencies and frameworks are regularly updated. We address known vulnerabilities promptly.

  • Automated dependency scans
  • Regular security updates
  • OWASP software supply chain compliance
07

Secure Development Process

For important features we have a secure-dev process: code reviews, separate environments, no secrets in code.

  • Mandatory code reviews
  • Separate Dev/Staging/Prod environments
  • OWASP ASVS as technical foundation
08

Incident Response

Clear procedure for security incidents: Who does what in case of data leak, account hijack, outage or misconfiguration?

  • Defined escalation process
  • Fast customer notification for incidents
  • Documented recovery procedures
09

Employees and Vendors

We know: Who has access? Which tools do we use? What happens during offboarding? Which third parties process data?

  • Documented access control
  • Structured offboarding
  • Transparent vendor overview
10

Customer Documentation

We provide real security documentation: Security Overview, Access Concept, Backup Concept, Incident Process and Privacy Info.

  • Security one-pager on request
  • Transparent sub-processor list
  • Hosting and privacy documentation

Our security promise

The absolute minimum version for serious SaaS security - we have not only achieved it, but exceeded it.

MFA enabled everywhere
Role permissions cleanly separated
HTTPS + secure password storage
Automatic backups + restore tests
Audit logs for admin actions
Regular update process
Incident emergency plan documented
Security documentation for customers

Questions about security?

We gladly provide detailed security documentation or answer specific questions in a personal conversation.

Back to homepage