Trust & Security

Security & Data

How we protect your data and your team's data. Built on enterprise-grade infrastructure from day one.

Last updated: 5 July 2026

AES-256

Encryption at rest

TLS 1.2+

Encryption in transit

30 days

Data deletion

72 hours

Breach notification

Infrastructure

  • Hosted on Google Cloud Platform (Firebase App Hosting) — SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 certified infrastructure.
  • Data stored in Google Firestore and Firebase Storage with server-side encryption at rest (AES-256) enabled by default.
  • All data in transit encrypted using TLS 1.2 or higher.
  • Firebase Authentication handles all credential management — LearnFast never stores raw passwords.

Access Controls

  • Firestore and Firebase Storage security rules enforce row-level access — users can only read and write their own data.
  • Organisation data is isolated by org ID; members can only access data within their own organisation.
  • Admin access to platform infrastructure is restricted to the LearnFast founding team.
  • No shared credentials. All internal access is via individual Google accounts with 2-step verification.

Data Handling

  • Presentation recordings are stored in Firebase Storage and accessible only to the recording owner.
  • Audience feedback is anonymous by default — no personally identifiable information is collected from audience members unless voluntarily provided.
  • We do not use your data for advertising, sell it to third parties, or use it to train AI models without explicit consent.
  • Account deletion: all personal data is purged within 30 days of an account deletion request.

Incident Response

  • In the event of a data breach, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware, as required by UK/EU GDPR.
  • Security vulnerabilities can be reported confidentially to info@learnfastapp.com.
  • We conduct periodic reviews of access permissions and security rules.

Sub-processors

We share data with the following sub-processors only to the extent necessary to provide the service. All are bound by contractual data protection obligations.

Sub-processor
Google Cloud Platform / Firebase

Database (Firestore), file storage, authentication, hosting

Stripe Inc.

Payment processing

Google LLC (Gmail / SMTP)

Transactional email (session summaries, account notifications)

YouTube Data API (Google LLC)

Surfacing video resources — no personal data shared

Podcast Index / iTunes Search API (Apple Inc.)

Surfacing podcast resources — no personal data shared

GDPR & Data Processing Agreement

LearnFast acts as a data processor on behalf of your organisation (the data controller) when processing employee presentation data. For enterprise customers, we provide a Data Processing Agreement (DPA) compliant with UK GDPR and EU GDPR Article 28.

You can review our standard DPA below. To request a countersigned copy for your records, email us at info@learnfastapp.com.

View Data Processing Agreement

Questions or security concerns?

For security disclosures, DPA requests, or data subject rights enquiries, contact us at:

info@learnfastapp.com

© 2026 LearnFast™. All rights reserved.

Cookie preferences

We use Google Analytics to understand how visitors use LearnFast — pages visited, time on site, and general location. No personal data is shared with third parties. Privacy Policy