Product Security Policy

Learnosity follows a simple policy to ensure our staff and customers have a clear understanding of our data handling and privacy requirements. The following relates to our Product offering and the users of those products, authors, teachers, students etc.

We do not share data across our customers for any reason.

Learnosity adheres to the following principles:

1. We are entrusted with the data of our customers and their users. We do not own this data but will look after it as if it were our own

2. We use best practice security including industry standard TLS encryption in transit and AES 256 encryption at rest.

3. Data is not shared - the data is only available to the customer who saved it, and we will not share this data with any other parties except if legally obliged to by a statutory body.

4. We may from time to time reprocess this data to allow more efficient storage or analysis.

5. We may process this data to provide insights for the benefit of our customers and their users. This will not mix or share data across customers.

6. We store data in an orphaned manner, meaning you control the mapping and context for the data.


What is data?

Data is any responses, recordings, content created or uploaded by our Customers or our customers users (students, teachers, administrators etc).

Do you store PII (Personal Identifiable Information)?

No - Learnosity is designed to not require any PII, and all user identifiers stored with Learnosity are set by our customers and should be one way functions []. This ensures that the data is orphaned and anonymous in Learnosity's Data Stores without the full user context and function/hashing pattern. This approach ensures our clients are the only ones in control of the mapping between their user identities and any data stored with us.

What happens if you change your policy?

Our Privacy Policy is subject to change, however we will not make material changes without:

  1. First providing prominent notice to those who contract with us
  2. Allowing them to opt out before data is used in any manner inconsistent with terms they were initially provided

We will not make material changes to other policies or practices governing the use of student personal information that are inconsistent with the Student Privacy Pledge.

Will you share my data with advertising agencies?

No - Data stored in Learnosity will not be shared by Learnosity with other providers.

Will data from one Education Provider be shared with any other organisation?

No - Data is controlled by the education provider and Learnosity will not share this data.

What happens in the event of a merger or acquisition?

We will not allow a successor entity maintain any student personal information, unless this entity is subject to these same commitments for the previously collected student personal information.

How do you enforce strict limits on data retention?

Learnosity work on the principle of "least data" and have built a system to not require or store PII. We also perform regular data reviews to ensure that we do not knowingly retain any student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.

Reporting Security Vulnerabilities

Security is a top priority at Learnosity, and if you believe that you have found a security vulnerability on any of our sites or APIs, we encourage you to let us know straight away at

We will investigate all legitimate reports and do our best to quickly fix the problem. As long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability, we will not pursue legal action.

Student Privacy Pledge Signatory

Learnosity is a member of the Student Privacy Pledge created by the Future of Privacy Forum (FPF) and the Software and Information Industry Association (SIIA).

By signing the Pledge, Learnosity joins major ed tech companies including: Amplify, Atomic Learning, Clever,, DreamBox Learning, Edmodo, Follett, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, Renaissance Learning, Think Through Math and Triumph Learning and publicly confirms that the company will:

  • Not sell student information
  • Not behaviorally target advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data

The Pledge and more information about how to support it is available here.