Learn what we use and do to keep your data safe in our servers across the globe.
We take your security and data security serious, perhaps more than any other software in the industry. We have thousands and thousands of transactions per day, every single transaction that goes through our servers have the below security measures and more (some may not be disclosed for security purposes).
GDPR (General Data Protection Regulation)
EducationLink is complaint with GDPR laws, which requires us to handle data breaches, data privacy and data management in a transparent way. For more information about GDPR, check the official website.
Alternatively, check our article focused only in privacy and EducationLink: How does EducationLink handles my privacy and data?.
Our servers are provided by Amazon Web Services (AWS). AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, and 27018:2014. These certifications are performed by independent third-party auditors.
Access to our servers are restricted and only granted to the specific resources needed to test, improve and fix potential errors. Every access to our services (only provided to internal employees) is temporary.
Data base security
We use many different methods to protect our database from unauthorised access. Including encryption at rest. Which means your data is encrypted even while saved in the our database, so even if someone had access to the server of our database, they wouldn't be able to access your data.
Our database is the most important part of our system, and has many layers of protection not disclosed here for security purposes.
We have two backups running in real-time and every 6 hours snapshots. So even if something goes wrong, your data will be safe and sound. Besides automatic backups, stored in different machines than our database, we move this data to a different geographic location for extra precaution.
Credit card information
EducationLink only works with payment gateways (in this case Stripe) that has been audited by a PCI-certified auditor and are certified to be PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
EducationLink uses its payment gateways to store a tokenized version of your credit card. The data of your credit card is transformed in a token in your browser and saved in our payment gateway. Your credit card information never reaches our server. EducationLink is not certified PCI DSS compliant, due to the fact we don't store credit card info.
HTTPS and HSTS for secure connections
We use HSTS to ensure browsers interact with EducationLink only over HTTPS. We encrypt all communication between our servers and services and your browser using standard industry best practices. Our security certificates are constantly renewed and periodically internally audited.
DNSSEC was designed to protect applications from using forged or manipulated DNS data, such as that created by DNS cache poisoning. EducationLink uses DNSSEC in all domains that provide any type of service to our customers.
User identification and validation (ID&V)
Whenever a request is sent to our servers, we validate the user which is requesting, based on organization, role, authentication and other factors (such as browser).
Web application firewall
Our firewall is continually identifying and blocking new potential threats. We constantly and automatically add new rules to prevent attacks and breach of our system. Our web application firewall sits on the same network that powers our CDN, HTTP/2, and web optimization features. Our latency of less than 1 millisecond per request allows to route every request to our firewall while keeping our application secure.
EducationLink uses unlimited DDoS protection 100% of the time.
Content delivered from a server relies on the quality of established network paths for consistently fast performance. Traditional networking technologies utilize static routing information that can send content across slow, compromized and congested paths.
EducationLink uses smart routing algorithms to route traffic across the fastest paths available across the globe, and maintains open, secure connections to eliminate latency imposed by connection setup. EducationLink uses tiered caching technology in different data centers to propagate content to a global network of 150+ Data Centers, maximizing performance and security.
Disaster Recovery Plan
We have a DRP in place to make sure even if a disaster happens EducationLink will be prepared to act and secure the safe resume of our operations, guaranteeing that any data saved and backed-up remains consistent.
We periodically use third-party penetration tests to test the effectiveness of our systems. In case you want to do a penetration test against our systems, you must comply with the following rules:
- Permission is required for all penetration tests.
- To request permission, the owner of the account has to get in touch with us via email (firstname.lastname@example.org).
- Our policy only permits testing EducationLink accounts that you own. Tests against any other account is prohibited.
- At this time, only Enterprise contracts are allowed to perform penetration tests.