Information security, legal compliance, and data privacy are top priorities for edyoucated. Keeping our customer's data secure is fundamental to the nature of our business. We want to share some of the details of what we do to keep things secure, and some of the work that we're doing to continually improve the security of your data.
Technical and organizational measures (TOMs)
Security is ensured through the following categories of our technical and organizational measures:
Physical access control: Prevents unauthorized physical access.
Entry control: Prevents unauthorized access and use of IT systems.
Access control: Prevents unauthorized activities in IT systems beyond granted permissions.
Order control: Ensures that service providers process data only according to the client's instructions.
Separation control: Ensures that data collected for different purposes, individuals, and companies can be processed separately.
Transmission control: Regulates the transmission of personal data, including electronic transmission and data transport.
Input control: Ensures traceability and documentation of data management and maintenance.
Availability control: Protects data against accidental destruction or loss.
Resilience and fail-safety control: Ensures system resilience and reliability.
Control procedures: Regular audits by Keyed GmbH.
Note: Additional agreements are made between clients and edyoucated in specific data processing agreements (AVVs). For further questions about data protection and individual TOMs or AVVs, please contact the edyoucated customer support.
Data location and cloud environment
The edyoucated platform uses AWS Cloud, with servers in Frankfurt, ISO27001 certified. The AWS certificate is available here. For AI-related services, Microsoft Azure Cloud is used, with servers in the EU, also ISO27001 certified. The Microsoft Azure certificate is available here.
Ensuring authorized access to customer data
Data protection policies and compliance: Adherence to all relevant data protection laws and regulations.
Use of encryption: Customer data is encrypted during transmission and storage to protect against unauthorized access. Learn more about our encryption standards here.
Access to production systems: Restricted to selected personnel for maintenance and error analysis.
Access control measures
Physical access control: Not applicable as no own servers are operated.
Access control to interfaces:
Authentication: Access is allowed only for authenticated users. Options include SSO integration, Google authentication, or registration with email and secure password.
Authorization: Access to tenant-specific data is allowed only for authenticated users assigned to the respective tenant.
Encryption standards
Client-server communication: Encrypted via HTTPS.
Data at rest: Encrypted using AWS 256-bit Advanced Encryption Standard (AES-256).
Password storage
Passwords are hashed in the database.
Service availability and recovery
Code version control: Utilizes a CI/CD pipeline for deployment across multiple test stages before production.
Error monitoring: Automated tools alert immediately about errors in production.
High availability: Utilizes AWS with automated backups.
Data backup and disaster recovery procedures
Server-side failures: Mitigated by AWS Serverless Architecture.
Development errors: Extensive automated end-to-end tests conducted before each software release.
Backup frequency and recovery time: A native backup strategy using Amazon DynamoDB allows point-in-time recovery for the past 35 days, minimizing potential downtime to a few hours.
Upgrade and patch implementation process
Automated end-to-end tests: Conducted before deploying updates to ensure minimal downtime.
Feature testing: New features are thoroughly tested before user access.