Learning Machine is committed to helping our customers understand and comply with the General Data Protection Regulation (GDPR), which extends privacy, security, and legal obligations to any organization that handles EU citizens’ personal data, regardless of where those organizations are located.

Measures we have implemented
As a processor of customer and end user information, Learning Machine has implemented a variety of policies, procedures, and data security practices to meet our obligations as a Data Processor under Article 28 of GDPR.

  • We process end user data strictly per your instructions.
  • We have implemented technical and organizational measures to protect all data entered into the system. You can view a detailed description of our security controls in our Data Security and Privacy Policy.
  • We only use compliant sub-processors and have provided that list below.
  • We have instituted a policy informing and requiring our employees to maintain the confidentiality of your information.
  • We have instituted a procedure to assist you in complying with requests for access, amendment, or deletion that you may get from your end users. 
  • We are able to quickly inform you in the event of a data breach.
  • We will delete end-user information at the end of our agreement with you.

As guidance about GDPR continues to be published, we will continue our efforts to refine and improve our compliance.

Our Subprocessors
Learning Machine requires our sub-processors to comply with the terms of the GDPR. You can view that list below.

Name Purpose
Amazon Web Services Cloud Infrastructure
Postmark Email Delivery
Datadog Application Monitoring
Matamo Login Session Monitoring
Box Document Storage