Security & Data Practices

Effective: [09/10/2025] · This page explains how [Computer Software Training.com] safeguards purchaser and attendee information for live, instructor-led classes.

Approach

We follow practical safeguards aligned with industry best practices. While we do not claim a formal SOC 2 certification, our controls are “SOC-2-style” and focus on confidentiality, integrity, and availability.

Administrative & Access Controls

  • Role-based access: Only staff who need order or roster data can access it.
  • Least privilege & reviews: Access is limited and reviewed at least quarterly.
  • Multi-factor authentication: Required for administrative systems.

Data Handling & Storage

  • Encryption in transit (TLS): All pages and APIs use HTTPS.
  • Encryption at rest: Applied where supported by our infrastructure.
  • Environment separation: No test data in production and vice-versa.
  • Data minimization: We collect only what’s needed to deliver your class.
  • Roster uploads: CSVs are validated and stored securely.

Vendor & Sub-processor Management

  • Payments: Billjean processes orders and billing (we do not store card/bank numbers).
  • Meetings: Microsoft Teams for session access and calendar invites.
  • Email delivery: e.g., SendGrid/Mailgun for transactional messages.
  • Due diligence: We review vendors’ public security documentation and limit shared data to what’s necessary.

Logging & Monitoring

  • Administrative actions and key events (invite sends, bounces, attendance) are logged.
  • Delivery failures trigger purchaser notifications to correct addresses when applicable.

Incident Response

  • We investigate suspected incidents promptly.
  • If personal data is impacted, we will notify affected customers in accordance with applicable law—typically within 72 hours of confirmation.

Privacy by Design

  • Attendee emails are used only for invites, reminders, materials, and class operations.
  • Marketing emails are opt-in and can be unsubscribed at any time.

Retention

  • Attendee rosters and operational correspondence are typically retained for 12 months.
  • Transaction records are retained longer to meet finance, tax, and audit requirements.
  • We delete or anonymize data when no longer needed.

Your Security Questions

Email [support@computersoftwaretraining.com] with security or privacy questions. We respond to good-faith requests promptly.

Related Policies

© [2025] [Computer Software Training.com]. All rights reserved.