Caring CourseForge LogoCaring CourseForge

Security & Privacy

Learn how CourseForge protects your data with enterprise-grade security

support

Security & Privacy

Your data security and privacy are our top priorities. Learn how we protect your courses, student information, and intellectual property with enterprise-grade security measures.

Overview

  • AES-256 Data Encryption: Bank-level encryption for stored data
  • TLS 1.3 In Transit: Secure data transmission
  • SOC 2 Type II Compliant: Audited security controls
  • 99.9% Uptime SLA: Reliable, always-available platform

Data Security

We implement multiple layers of security to protect your course content, student data, and intellectual property. Our security infrastructure is built on industry best practices and continuously monitored for threats.

Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption, the same standard used by banks and government agencies. This includes:

  • Course content and materials
  • Student information and progress
  • User account credentials
  • Payment information
  • Assessment data

Encryption in Transit

All data transmitted between your browser and our servers is protected with TLS 1.3 encryption, ensuring no one can intercept your data during transmission.

Secure Infrastructure

  • Cloud Platform: Hosted on Google Cloud with industry-leading security
  • Redundancy: Multi-region data replication for reliability
  • Backups: Automated daily backups with 30-day retention
  • DDoS Protection: Advanced protection against denial-of-service attacks

Access Controls

User Authentication

  • Secure password requirements (minimum 8 characters, mixed case, numbers)
  • Multi-factor authentication (MFA) available
  • Session management with automatic timeouts
  • Account lockout after failed login attempts

Role-Based Permissions

  • Granular access controls for team members
  • Separate permissions for courses, students, and settings
  • Audit logs for all administrative actions
  • Ability to revoke access instantly

Privacy Protection

Data Collection

We collect only the data necessary to provide our services:

  • Account Information: Email, name, profile details
  • Usage Data: Platform usage, feature interactions
  • Course Content: Materials you create
  • Student Data: Information you collect from learners

Data Usage

Your data is used solely for:

  • Providing and improving our services
  • Communicating with you about your account
  • Processing payments
  • Compliance with legal obligations

We never sell your data to third parties.

Data Rights

You have the right to:

  • Access your personal data
  • Export your course content
  • Request data deletion
  • Opt out of marketing communications
  • Control data sharing settings

Compliance

Industry Standards

  • GDPR: EU General Data Protection Regulation compliant
  • CCPA: California Consumer Privacy Act compliant
  • FERPA: Family Educational Rights and Privacy Act compliant
  • COPPA: Children's Online Privacy Protection Act compliant

Certifications

  • SOC 2 Type II certified
  • Regular third-party security audits
  • Penetration testing program
  • Vulnerability disclosure program

Security Practices

Development Security

  • Secure code review process
  • Regular security testing
  • Dependency vulnerability scanning
  • Security training for all engineers

Operational Security

  • 24/7 security monitoring
  • Incident response team
  • Regular security updates
  • Automated threat detection

Student Data Protection

Educational Privacy

When you use CourseForge to teach students:

  • Student data belongs to you or your institution
  • We act as a data processor, not owner
  • Students can request their data
  • Data is deleted upon account closure

Compliance for Educators

We help you comply with:

  • FERPA requirements
  • Student privacy laws
  • Institutional policies
  • Parental consent requirements

Third-Party Services

Trusted Partners

We work only with vetted service providers:

  • Payment Processing: Stripe (PCI DSS compliant)
  • Email: SendGrid (SOC 2 certified)
  • Analytics: Privacy-focused analytics only
  • Cloud Infrastructure: Google Cloud Platform

Data Sharing

We share data with third parties only when:

  • Required to provide our services
  • Required by law
  • Explicitly authorized by you

Incident Response

Security Monitoring

  • Real-time threat detection
  • Automated alert systems
  • 24/7 security operations center
  • Regular security audits

Breach Notification

In the unlikely event of a data breach:

  1. Immediate investigation and containment
  2. Notification to affected users within 72 hours
  3. Coordination with relevant authorities
  4. Remediation and prevention measures

Your Responsibilities

Account Security

To protect your account:

  • Use a strong, unique password
  • Enable multi-factor authentication
  • Don't share account credentials
  • Log out on shared devices
  • Report suspicious activity immediately

Content Security

When creating courses:

  • Don't include sensitive student information
  • Obtain necessary permissions for materials
  • Follow copyright and licensing requirements
  • Use secure file storage practices

Transparency

Security Updates

We regularly update our:

  • Security policies and procedures
  • Privacy policy
  • Terms of service
  • Compliance certifications

Communication

We communicate about:

  • Security updates and patches
  • Policy changes (with advance notice)
  • New security features
  • Best practices for users

Contact Us

Security Team

More Information

Last Updated: January 2025

For the most current security and privacy information, visit our Trust Center or contact our security team.

Topics

data securityrole-based access controlsingle sign-on (sso)privacy & compliancedata ownership & portabilityyou own your contentcomplete data exportautomatic backupsright to deletecontact security team