Security and Standards

We go above and beyond to ensure that your data is secure

Trusted by

Trusted by logo (1)

Held to the highest standards

Data security is our highest priority. Bi-annual PEN tests and annual ISO 27001:2022, SOC II Type 2 and Cyber Essentials audits help us to stay safe and secure. We're GDPR compliant and a BCorp too!


Security Measures

In order to protect your data, we use specific measures such as 24/7 SIEM monitoring, external penetration testing and automated security testing.

View our security measures  

Group 1429
Group 1428

Security Features Built In

Data security is not just about how we protect your data, but giving you power to protect your own data. Learn Amp has a series of security features built-in that you can take advantage of, from time-out controls to SSO.

View our Security Features

Data processing agreement (DPA)

A data processing agreement is a signed document that dictates how your data should be handled by us. This sets out terms that are compliant with GDPR. To make this easy for you, we've provided a signed and dated version of our agreement for you to download.

Request a copy  

doc_exchange 1
Group 1845

Third Party Suppliers

From time to time Learn Amp needs to pass data to third parties in order to deliver a high quality service. We're transparent about how this data is used.

View our Third Party List

Compliance and certifications

Our security measures

24/7 SIEM monitoring

With around the clock SIEM (Security Information and Event Management) monitoring. Our dedicated security team continuously oversees and analyses network and infrastructure activities. 

 Encryption at rest

Your data, when at rest (including database backups, files, videos, images, etc.), is encrypted. This approach guarantees enhanced safety for your sensitive information.

Regular penetration tests

We test our own product regularly by hiring specialist certified security bodies to attack us from the outside and in. We do this twice a year (every 6 months).

HTTP strict transport security

We enforce secure web traffic, ensuring all interactions with Learn Amp are automatically routed over HTTPS for enhanced safety.

Cross-site forgery tokens

We verify CSRF tokens on every transaction to help ensure your data can’t be tampered with by malicious 3rd parties.

Automated code security checks 

We have automated safeguards in place to check our code for potential security issues before anything goes live. 


We have automated systems in place that monitor the versions and vulnerabilities in all the projects that power Learn Amp.

File storage

Your uploaded files can only be accessed through Learn Amp, and team members can only get access to the files intended for them.

High availability

We've designed Learn Amp to ensure high availability throughout the platform. At every layer of the stack we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.


All traffic between Learn Amp and the user's browser is encrypted in transit. We support TLS exclusively and only utilising strong cipher suites.

Third Party Security Audits

We give trusted source code auditors visibility of the code so there’s absolutely nowhere to hide. That’s the standard we set ourself.

Password salting and hashing

We use the most secure cryptographic libraries throughout Learn Amp. Passwords are salted and hashed using bcrypt and never stored in plain text.

Automated tests

We have automated test suites to verify that team members can only see what they are supposed to.

Key management

We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.

Customer data regulation

We never move user data out of the secured environment for testing or any other reason. 

Want to join a growing number of businesses moving away from their old and clunky LMS?