Skip to content

Security

Enterprise security, plainly stated.

Everything on this page ships in the platform today or is standard practice in our managed hosting. Nothing aspirational, nothing vague.

Account security

  • Two-factor authentication: email codes or an authenticator app (TOTP)
  • One-time recovery codes for account restoration
  • Session management with login history, visible to each user
  • Rate limiting and honeypot protection on public forms

Governance & auditability

  • An audit log records privileged admin actions — approvals, moderation, deletions — with actor, subject, and IP
  • Four registration modes: public, approval-required, invitation-only, or admin-created accounts only
  • Instructor applications reviewed and approved by administrators
  • Course reviews held for moderation before publishing

Data handling

  • Your institution’s data is exportable by your administrators at any time
  • Payment proofs (receipts, bank screenshots) are stored on private storage — never publicly reachable, visible to admins only
  • Certificates carry unique IDs with public verification and admin-controlled revocation
  • Learner passwords are hashed with modern algorithms; plaintext is never stored

Managed hosting

  • A dedicated instance per institution, on your own domain, behind SSL
  • Platform updates and security patches applied by our team as part of the service
  • Monitoring and regular backups included
  • Every asset — fonts, scripts, styles — is served from your portal’s own domain: no third-party CDNs, no trackers, no calls home

Procurement & review

Bring your security checklist.

IT reviews are welcome. During evaluation we’ll walk your team through authentication flows, the audit log, data-export tooling, and our hosting practices — on a live instance, not a slideshow. Accessibility matters too: the platform was rebuilt against WCAG 2.1 AA in 2026.

Your IT team will have questions. Good.

Bring them to a technical walkthrough — we answer on the live platform.