GDPR-compliant and ISO 27001-certified

The security of your data is our top priority. We have been GDPR-compliant since 2018, and ISO 27001-certified since 2024. Do you want to know more about how we ensure security and privacy? Read our frequently asked questions! 

1. Where are your servers located?

Easy LMS runs on Amazon Web Services (AWS). The servers and databases are physically located in Frankfurt, Germany.

2. How do you protect my data?

We protect your data in several ways:

  • All data is stored in a fully encrypted database, which means that data can only be retrieved from the database in specific ways.
  • Any personal data that we request is stored in the database with an extra layer of encryption. Even if the database is compromised, an attacker could not read the data without the key to decrypt it.
  • Passwords are stored using a highly secure hashing algorithm. It is impossible to retrieve the original password from its hash, unlike other data.
  • Passwords are never sent to anyone in any way.

All communication between the client (you) and the server goes through an encrypted connection.

We never share your data without your consent

3. Who has access to my data?

You do, at all times. We can access some of your data, for example, for support purposes and invoices. We never share your data without your consent.

4. Who has access to the database?

Our database is accessible only by authorized users. This authorization is handled by a separate system, so no Easy LMS account has direct access to the database. This system is reachable only from within our internal network.

5. Do you have a Data Processing Agreement (DPA)?

Yes. Our Data Processing Agreement (DPA) is available on our website and is part of our Terms and Conditions. Read more on security and privacy at Easy LMS. We've also updated our Privacy Policy and operations according to the GDPR.

In short, a DPA is an agreement between a data controller (you) and a data processor (us). It is a legal document that states the rights and obligations of both parties. It is a legal framework required by the GDPR, allowing personal data to be sent between different companies. Read more about the GDPR and what it entails.

6. Are you ISO 27001-certified?

Yes. We are ISO 27001-certified. This means we have an information security management system (ISMS) that follows international standards to make sure that your data is safe in our hands. It also helps us continuously improve our security and handle possible incidents.

Download the certificate (in English).