Back to home

Security

Last updated: April 19, 2026

Security is a first-class product concern at Leagrow. The platform is built to meet the expectations of L&D, HR, and compliance teams at organizations of every size — from fast-moving startups to regulated enterprises. This page summarizes our controls. Customers on Growth and Enterprise plans can request our latest third-party audit reports, penetration test summaries, and questionnaires via info@leagrow.com.

Platform architecture

  • Hosted on top-tier cloud infrastructure with multi-availability-zone redundancy and continuous failover.
  • Strict logical separation of customer workspaces; no customer can access another customer's data.
  • Regional processing options available to Enterprise customers, including data residency in the EU, UK, and US.

Data protection

  • Encryption in transit: TLS 1.2 or higher for all client connections and service-to-service traffic.
  • Encryption at rest: AES-256 for primary data stores, with managed key rotation.
  • Backups: automated, encrypted backups with tested restore procedures.
  • AI content handling: prompts and customer content are never used to train foundation models. Enterprise customers can opt into private model endpoints.

Identity and access

  • SSO via SAML 2.0 and OpenID Connect (Okta, Azure AD, Google).
  • SCIM provisioning for user lifecycle management.
  • Role-based access control down to the workspace, course, and seat level.
  • Multi-factor authentication enforced for all Leagrow personnel with access to production.
  • Least-privilege access policies, regularly reviewed and logged.

Monitoring and response

  • 24/7 infrastructure monitoring, anomaly detection, and automated alerting.
  • Centralized, immutable audit logs for administrative and access events.
  • Formal incident response plan with defined roles, severity tiers, and customer-notification SLAs.
  • Continuous vulnerability scanning of code, containers, and dependencies, plus annual third-party penetration tests.

Compliance and certifications

  • SOC 2 Type II (independent audit report available under NDA).
  • ISO/IEC 27001 aligned controls and roadmap.
  • GDPR and UK GDPR compliant, with SCC-based transfer framework.
  • HIPAA-ready architecture available to Enterprise customers.

People and practices

  • Background checks on employees and a formal code of conduct.
  • Mandatory annual security, privacy, and anti-phishing training.
  • Secure software development lifecycle with peer code review and automated security testing in CI.
  • Vendor risk management program for all sub-processors.

Reporting a vulnerability

We welcome reports from the security research community. Please send findings to info@leagrow.com with a clear description, reproduction steps, and any proof-of-concept material. Please do not access data that is not yours, degrade the Services, or disclose issues publicly before we have had a reasonable opportunity to address them.

Contact

Leagrow, Inc.
New Jersey Turnpike Ext, Burlington, New Jersey 08016, United States
info@leagrow.com