Dream See Do strives to offer a secure and private space for people to learn in. We adhere to the principle of least privilege in terms of data and systems access, and use best practices and well-tested, open-source technologies when possible.
What security do we use to protect learner data?
We use bank-level encryption: data is encrypted at rest with AES-256, block-level storage encryption. All access to data is governed by the administrators of the course. The data is housed in ISO 27001-compliant data centers with strict physical security. Third-party vendors do penetration and vulnerability assessments.
How do you ensure data continuity and uptime?
We have continuous database backups, and also maintain daily and weekly backups offsite. We use cloud hosting to ensure that we can offer the maximum uptime possible, and try to minimize any single points of failure in our system configuration.
What PII information can learners share with the platform?
They can create their own profile, and can choose what information they would like to share (the only required field is email and name). They can join a private group solely dedicated for their training(s).
They can share reflections as they learn in text or video, and can choose their own privacy settings for each response (if they want to keep it private, or share with their private group).
How do you handle data deletion?
We are GDPR-compliant. As a result, individual learners can delete their account and all of their responses and personally-identifiable data. We can also delete the entire cohort's data for clients at once in response to any data deletion requests.
We do keep some anonymized usage data to improve our system’s design and usability.