Our security measures

We make several attempts to ensure that your data is secure

Patching

We have automated systems in place that monitor the versions and vulnerabilities in all the projects that power Learn Amp.

Encryption at rest

Our database is encrypted at rest, adding another layer of protection to your data.

Cross-site forgery tokens

We verify CSRF tokens on every transaction to help ensure your data can’t be tampered with by malicious 3rd parties.

HTTP strict transport security

When Learn Amp is accessed for the first time, it is recorded by the users browser, so that future attempts to load Learn Amp using HTTP will automatically use HTTPS instead.

Regular penetration tests

We test our own product regularly by hiring specialist CREST certified security bodies to attack us from the outside and in.

Security checks on build

We have automated safeguards in place to check our code for potential issues before anything goes live.

2 Factor Authentication

All our cloud services enforce Learn Amp staff to have two factor authentication enabled.

File storage

Your uploaded files can only be accessed through Learn Amp, and team members can only get access to the files intended for them.

High availability

We've designed Learn Amp to ensure high availability throughout the platform. At every layer of the stack we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.

SSL/TLS

All traffic between Learn Amp and the user's browser is encrypted in transit. We support TLS exclusively and only utilising strong cipher suites.

Third Party Security Audits

We give trusted source code auditors visibility of the code so there’s absolutely nowhere to hide. That’s the standard we set ourself.

Password salting and hashing

We use the most secure cryptographic libraries throughout Learn Amp. Passwords are salted and hashed using bcrypt and never stored in plain text.

Automated tests

We have automated test suites to verify that team members can only see what they are supposed to.

Key management

We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.

Customer data regulation

We never move user data out of the secured environment for testing or any other reason. 

Related links

Security overview

Secure by design

Security features

Want to join a growing number of businesses moving away from their old and clunky LMS?