Security & Data Protection

Overview

Security is fundamental to everything we do. We apply industry best practices — technical, physical, and organizational — to protect the confidentiality, integrity, and availability of user data. Our approach combines secure development, hardened infrastructure, monitoring, and continuous improvement.

Technical & Organizational Measures

Encryption

All data transmissions between your browser and LearnTool are protected using HTTPS (TLS). Sensitive data stored by LearnTool — such as passwords and tokens — is encrypted at rest using strong encryption algorithms.

Authentication & Access Control

We follow the principle of least privilege for internal access. Administrative access to production systems is restricted, monitored, and protected by multi-factor authentication (MFA) where possible.

Secure Development Lifecycle

Security is integrated into our development lifecycle. We perform code reviews, static code analysis, dependency scanning, and vulnerability scans before deploying updates. Critical fixes are prioritized and applied promptly.

Infrastructure & Hosting

Our infrastructure is hosted with reputable providers that provide physical security, automated backups, network isolation, and DDoS protections. We use secure configurations, firewalls, and continuous patch management for servers and services.

Data Minimization

We collect only the data necessary to provide and improve our services. Personal data retention periods are documented and reviewed regularly. Wherever possible, we store pseudonymized or aggregated data instead of direct identifiers.

Backups & Recovery

Backups of critical systems and databases are taken regularly and stored securely. We routinely test backup integrity and restoration procedures to ensure timely recovery in case of data loss.

Monitoring, Detection & Logging

We operate monitoring and logging systems to detect anomalies, suspicious activity, and service issues. Logs are retained according to our retention policy and are used for troubleshooting, security investigations, and improving system resilience.

Security Alerts

Automated alerts notify our operations team for suspicious events, failed login spikes, or application errors. Alerts are triaged and acted upon according to documented playbooks.

Third-Party Services & Supply Chain

We use trusted third-party services for analytics, hosting, email, and other platform functions. Third parties are assessed for security and privacy practices before integration. We limit the data shared with third parties to what is necessary and require contractual protections where applicable.

Vulnerability Reporting & Responsible Disclosure

If you discover a security vulnerability in LearnTool, we appreciate responsible disclosure. Please follow these guidelines:

1. Email security reports to: yash92726@gmail.com. Include a clear summary, steps to reproduce, affected URLs, and any proof-of-concept code. Do not share exploits publicly before we have had a reasonable time to investigate and remediate.
2. We will acknowledge receipt within 48 hours and provide status updates as we investigate.
3. We will not pursue legal action against good-faith security researchers who follow responsible disclosure practices.

Do NOT perform denial-of-service attacks, social-engineering attempts, or other intrusive actions when testing — they may disrupt service and are not necessary for reporting vulnerabilities.

Security Incidents & Data Breach Response

We maintain an incident response plan to ensure rapid, coordinated action in case of a security event. Our process includes detection, containment, eradication, recovery, and post-incident review.

If a data breach occurs that affects your personal information, we will:

• Contain and investigate the incident promptly.
• Notify affected users with clear guidance on steps they should take.
• Notify relevant authorities if legally required (for example, under GDPR or other regional laws).
• Take corrective actions to prevent recurrence and publish a summary of the incident and lessons learned.

How You Can Stay Secure

• Use a strong, unique password for your LearnTool account and change it periodically.
• Enable MFA if/when multi-factor authentication is available for your account.
• Beware of phishing — LearnTool will never ask for your password by email. Verify sender addresses before following links.
• Keep your devices updated with the latest OS and browser patches.
• Use a reputable password manager to store and generate secure passwords.

Legal & Compliance

We align our practices with applicable laws and standards, including data protection requirements such as GDPR where relevant. Security and privacy commitments are reflected in our Privacy Policy, Terms & Conditions, and other legal pages.

Contact & Reporting

For security questions, coordination, or to report an incident or vulnerability, contact our security team:

• Email: yash92726@gmail.com
• General support & partnership contact: yash92726@gmail.com

We aim to acknowledge security reports within 48 hours and provide regular updates until the issue is resolved.

Transparency & Security Audits

We periodically conduct internal security reviews and third-party audits on critical systems. Where appropriate, we publish summaries of audit results and security improvements to maintain trust and transparency.

Continuous Improvement

Security is a continuous effort. We regularly update controls, improve our systems, and learn from the security community to keep LearnTool secure and reliable for all users.