Trust center LearnLoop
This page provides transparent information about our security specifications, compliance certifications, data processing agreements, subprocessor management, and privacy commitments. This ensures you have the information needed to evaluate us as a secure and reliable partner.
External audits
Independently verified certifications
Sector standards & commitments
Self-attestations and compliance frameworks
Privacy and data processing
Security specifications
Encryption standards
- Data at Rest: AES-256 encryption (provided by MongoDB Atlas)
- Data in Transit: TLS 1.2/1.3 (provided by hosting platform)
- Password hashing using Bcrypt with salt rounds
Authentication & access
- Institutional email requirement for account registration
- Secure session management with HTTP-only cookies
- Email verification and access control
Monitoring & incident response
- Error monitoring and reporting via integrated notification system
- Activity logging for user interactions and chat history
- Dedicated incident response procedures and vulnerability reporting
- Vulnerability reporting: luc@learnloop.nl
Hosting & infrastructure
- Application hosted on Vercel Edge Network, Database on MongoDB Atlas
- Vercel (SOC 2 Type II certified) and MongoDB Atlas infrastructure
- High availability through Vercel's global edge network and MongoDB Atlas
Subprocessors
Third-party service providers and their security certifications.*
*AI model processing and data processing locations are configurable. AI model processing can be excluded.
| Service Provider | Purpose | Location(s) | Certifications | Enabled |
|---|---|---|---|---|
| Vercel | Application hosting & edge network | SOC 2 Type II, GDPR | - | |
| Railway | Application hosting & server runtime | SOC 2 Type II, SOC 3 | - | |
| MongoDB Atlas | Database hosting | ISO 27001, SOC 2 Type II | - | |
| GitHub | Code repository & version control | SOC 2 Type II, ISO 27001 | - | |
| LTIaas | LTI 1.3 / LTI Advantage (SSO, roster, grades, deep linking) | US | HECVAT, CSA CAIQ | - |
| OpenAI | AI model processing (optional) | SOC 2 Type II | ||
| Anthropic | AI model processing (optional) | US | SOC 2 Type II | |
| Google Gemini | AI model processing (optional) | SOC 2 Type II, ISO 27001 | ||
| OpenRouter | AI model processing (optional) | US | Enterprise-grade infrastructure | - |
Bring your own key (BYOK)
Organizations can use their own Azure infrastructure for AI processing and data storage.*
*Custom Azure OpenAI endpoints and Azure Cosmos DB connections can be configured for your organization, providing full control over data processing locations and encryption keys.
Microsoft Azure OpenAI endpoint
LLM provider
Microsoft Azure Cosmos DB
Data storage
Updates
View all 1 updatesTrust center Launch
GeneralPublished October 3, 2025
Our Trust center is now live, providing transparency into our security, compliance, and data protection practices.