Trust & Security
Security & Data
How we protect your data and your team's data. Built on enterprise-grade infrastructure from day one.
Last updated: 5 July 2026
AES-256
Encryption at rest
TLS 1.2+
Encryption in transit
30 days
Data deletion
72 hours
Breach notification
Infrastructure
- Hosted on Google Cloud Platform (Firebase App Hosting) — SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 certified infrastructure.
- Data stored in Google Firestore and Firebase Storage with server-side encryption at rest (AES-256) enabled by default.
- All data in transit encrypted using TLS 1.2 or higher.
- Firebase Authentication handles all credential management — LearnFast never stores raw passwords.
Access Controls
- Firestore and Firebase Storage security rules enforce row-level access — users can only read and write their own data.
- Organisation data is isolated by org ID; members can only access data within their own organisation.
- Admin access to platform infrastructure is restricted to the LearnFast founding team.
- No shared credentials. All internal access is via individual Google accounts with 2-step verification.
Data Handling
- Presentation recordings are stored in Firebase Storage and accessible only to the recording owner.
- Audience feedback is anonymous by default — no personally identifiable information is collected from audience members unless voluntarily provided.
- We do not use your data for advertising, sell it to third parties, or use it to train AI models without explicit consent.
- Account deletion: all personal data is purged within 30 days of an account deletion request.
Incident Response
- In the event of a data breach, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware, as required by UK/EU GDPR.
- Security vulnerabilities can be reported confidentially to info@learnfastapp.com.
- We conduct periodic reviews of access permissions and security rules.
Sub-processors
We share data with the following sub-processors only to the extent necessary to provide the service. All are bound by contractual data protection obligations.
| Sub-processor |
|---|
| Google Cloud Platform / Firebase Database (Firestore), file storage, authentication, hosting |
| Stripe Inc. Payment processing |
| Google LLC (Gmail / SMTP) Transactional email (session summaries, account notifications) |
| YouTube Data API (Google LLC) Surfacing video resources — no personal data shared |
| Podcast Index / iTunes Search API (Apple Inc.) Surfacing podcast resources — no personal data shared |
GDPR & Data Processing Agreement
LearnFast acts as a data processor on behalf of your organisation (the data controller) when processing employee presentation data. For enterprise customers, we provide a Data Processing Agreement (DPA) compliant with UK GDPR and EU GDPR Article 28.
You can review our standard DPA below. To request a countersigned copy for your records, email us at info@learnfastapp.com.
View Data Processing AgreementQuestions or security concerns?
For security disclosures, DPA requests, or data subject rights enquiries, contact us at:
info@learnfastapp.com© 2026 LearnFast™. All rights reserved.