Security, Privacy, and Compliance

We do the right things to protect our client's data.

At LRN, we prioritize the security of our client's confidential data by implementing effective controls. As a result, over 2,800 clients worldwide trust us to store their sensitive information on the LRN Catalyst platform. Our commitment to safeguarding our clients is unwavering, and we continuously review and update our security controls to ensure they remain effective against evolving threats.



We are SOC 2 Type 2 compliant. Our product meets the most stringent standards for security, availability, and confidentiality, as stipulated by the AICPA.

ISO 27001:2022

We have implemented the control requirements suggested by ISO/IEC 27001:2022 and perform continuous monitoring of the implementation.


We comply with GDPR regulations, including Schrems II (new SCCs), by implementing robust technical and organizational measures for cross-border data transfers. Our clients can host data in the EU or US based on their regulatory requirements. 
data and encryption

Data & Encryption

Our client data is logically segregated. LRN uses industry-standard encryption protocols to protect PII at rest and in transit between systems, providing clients and users with peace of mind. 
privacy and training

Privacy & Training

Our employees are trained and certified periodically on policies and best practices related to data security and privacy. 

High Availability & Resiliency

High Availability & Resiliency

Our product utilizes industry-leading edge computing, auto-scaling, auto-healing, and resilient architecture to provide high availability to clients. We continuously monitor and maintain our platform, minimizing downtime and ensuring a robust and reliable experience.