SOC 2 Type II certification: In progress (certification pending observation period – Fall 2025)
LearnExperts is a leading course authoring and exam generation platform that automates instructional design and exam development for organizations of all sizes.
Trusted by enterprise companies, LearnExperts leverages content assets to build high-quality courses and test with instructional design best practices and learning science applied with the ability to repurpose into any learning modality or export in multiple formats to deliver the learning in different ways. Founded in 2019, LearnExperts serves customers around the globe.
Our Commitment to Information Security at LearnExperts
LearnExperts follows a holistic and collaborative approach to guarantee the confidentiality, availability and integrity of your information and data. We always consider the big picture when working on the security aspects of our products.
Our approach is based on the NIST Cybersecurity Framework (CSF) and we undergo external testing to check that our controls meet SOC 2 Trust Service Principles for security and confidentiality.
LearnExperts is committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets throughout the company.
We design our platform with compliance in mind and are in process of attaining SOC 2 Type II certification (completed fall 2025).
Security
When it comes to Cloud, the security of the infrastructure is just as important as the security of the software you put on top of it. LearnExperts works with leading Cloud vendor AWS with trusted security and a solid track record. All our client data is encrypted at rest in AWS Canada Central, be it live, failover or backup data. Data transfer only occurs through encrypted channels.
LearnExperts spreads across multiple datacenters to ensure no Single Point of Failure.
We conduct frequent penetration tests to ensure a secure Cloud environment. We also perform external penetration tests on a regular basis.
Encryption: All customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Penetration Testing: Independent third-party penetration tests are conducted regularly, with findings remediated promptly.
TLS Testing: Our TLS configurations are validated to meet industry standards for cryptographic security.
Access Controls: Administrative access is limited by role-based access and multi-factor authentication.
Monitoring & Incident Response: Continuous monitoring with a documented incident response program.
Privacy
Data Handling: We collect only the information needed to provide and improve our services, as described in our Privacy Policy.
Customer Control: Customers can access, update, or delete their data at any time in the platform.
Compliance Alignment: Our practices align with GDPR, CCPA, and PIPEDA principles.
Third-Party Sharing: We do not sell personal data. Subprocessors are used only as necessary to provide services.
Compliance
SOC 2: SOC 2 Type II certification is in progress (certification pending observation period – fall 2025).
Vendor Certifications: Our infrastructure providers, including AWS and SOC 2.
Confidentiality: Both parties commit to protecting non-public information under the terms of our Master Services Agreement.
Reliability
Hosting: LEAi™ is hosted in the cloud with no impact on customer IT resources.
Availability: Systems are monitored for uptime and performance.
Backups & Recovery: Customer data is backed up regularly with tested recovery procedures.
Business Continuity: Continuity planning ensures operations during disruptions.
Product Commitments
Security is considered throughout the lifecycle of the development and release of our software. Our software code is constantly scanned for security threats, and we release security fixes on a frequent basis to ensure the cloud environment’s security.
Secure access and onboarding provided to all customers.
Ongoing support via email and phone during business hours.
Customers retain full ownership of their content and data created within LEAi™ are in full control of it’s use. Customers decide what content they want to use to create a course, they can choose when to use the AI to rewrite or auto-generate learning content, and can edit or delete the information at any time. Once deleted, it’s completely deleted from the system.
Intellectual property rights in the LEAi™ platform remain with LearnExperts.
Responsible Disclosure
We encourage responsible reporting of vulnerabilities. Please contact us at security@learnexperts.ca.
Etiam magna arcu, ullamcorper ut pulvinar et, ornare sit amet ligula. Aliquam vitae bibendum lorem. Cras id dui lectus. Pellentesque nec felis tristique urna lacinia sollicitudin ac ac ex. Maecenas mattis faucibus condimentum. Curabitur imperdiet felis at est posuere bibendum. Sed quis nulla tellus.