Data Privacy Architecture
Protecting learner data is our highest priority. LearnAdapt operates under strict zero-trust infrastructure, complying fully with FERPA, PDPA, and GDPR to guarantee institutional and individual privacy.
Zero-Trust & No Data Selling
Our infrastructure is built on a zero-trust model: no user, device, or system component is trusted by default, regardless of its location inside or outside our network. Furthermore, LearnAdapt maintains an absolute prohibition on data monetization. We do not, and will never, sell student, educator, or institutional data to third parties, advertisers, or data brokers.
Encryption at Rest & In Transit
All data stored within the LearnAdapt ecosystem is encrypted at rest using industry-standard AES-256 encryption. Data in transit between the client browser and our servers is secured using robust TLS 1.3 protocols, preventing man-in-the-middle attacks and ensuring secure telemetry pipelines.
Role-Based Access Control
We implement strict Role-Based Access Control (RBAC) to enforce the principle of least privilege. Student PII (Personally Identifiable Information) is strictly siloed and only accessible to authorized educators and institutional administrators connected to that specific learner's cohort.
FERPA & PDPA Compliance
LearnAdapt is designed natively to satisfy the rigorous requirements of both the U.S. Family Educational Rights and Privacy Act (FERPA) and Singapore's Personal Data Protection Act (PDPA).
- Data Minimization: We collect only the telemetry explicitly required to power educational AI and learning analytics.
- Right to Be Forgotten: Users and institutions can initiate secure, permanent deletion of their historical data upon request.
- Anonymized Telemetry: System-level performance metrics and LLM routing data are thoroughly scrubbed of PII before being used for platform optimization.