Security & privacy

Your employee data is safe with us

The data we process in Learned is stored according to the highest security regulations, in Germany on the Google Cloud Platform. We work from the Netherlands and are ISO27001 certified, GDPR compliant and perform a penetration test on our platform at least once a year.

Stay-innovate-performance-management-Learned

General information

ISO27001

Learned is ISO27001 certified by TUV Netherlands. Our ISO certificate and declaration of applicability are available upon request.

GDPR compliant

We comply with GDPR regulations. Our data and server are stored in Germany at Google Cloud. More information can be found in our SLA and Processor Agreement.

99.99% uptime

Our software platform is almost always available. We perform any updates outside business hours.

Security

Communication

All communication with Learned (via chat or email) is always encrypted with the latest version of TLS.

Learned infrastructure

The data is stored at Google Cloud in Germany with a MongoDB database. See our Data Processing Agreement for more information about our IT landscape.

Encryption

TLS and authentication (SCRAM) are a standard part of Google Cloud. Data sent to the database (in transit) is encrypted with TLS. Encryption for data in rest is automated via Google Cloud Platform transparent disk encryption, which uses Advanced Encryption Standards (AES-256).

Single-Sign-On (SSO)

To log in easily and securely, we offer SSO from Microsoft Azure and Google.

(Forced) MFA

You can choose additional verification with MFA. Can also be made mandatory company-wide.

Authorization, rights and roles

Set up access to Learned manually or automatically through integration with your human resources system.

Need to know

All knowledge and access to systems within Learned are set up on a “Need to Know” basis.

Back-ups

Google Cloud automatically saves backups for us. A backup is restoreable by the minute (for point-in-time restore), is stored encrypted and stored up to 7 days back.

Pen test

At least once a year, an external party performs a pen test on the Learned platform.

Security awareness

All of our colleagues must go through training on information security. We also attend additional training several times a year.

Incidents

All information incidents are logged. We resolve incidents according to urgency and impact. More info can be found in our SLA.

Support

All Learned users can chat real-time with our support team for questions and/or incidents. See our SLA for more information.

Data export

Customers can always export their data from the platform to CSV or PDF without Learned’s intervention. Part of our SLA is an exit procedure.