A note from the founder of the Brightspace Platform and the CEO of D2L
Since our very beginning in 1999, we have been steadfast in our mission to improve the way people learn because we believe learning is transformational – inspiring social and technological change. We wanted D2L to provide the kind of technology that allowed our users to focus on what matters most – learning – without having to worry about the safety and privacy of their data. No compromises.
Twenty years later, I’m proud of how D2Lers have embraced this mission and made it central to our commitment to you. We know that some companies have blurred the lines on what they do with your data. But for us, even twenty years later, when it comes to your learning experience and the safety and privacy of your data, our mission remains clear.
At D2L, we believe that the data you entrust to us is always your data and you should get to choose what we can and cannot do with your data. It’s just not our data; it’s yours.
So, I personally thank you for trusting us to be different. Here’s to another 20 years of transforming learning – together.John Baker, President and CEO, D2L
We keep your data secure.With Brightspace you own your data – we keep it secure. Our approach puts your security and data confidentiality, availability and integrity first. Our process works, demonstrated by a track record of delivering reliable security that is continuously being improved.
We use your data for learning only, not for advertising.There are no ads in the Brightspace platform and we do not collect, track, target, use, or sell learner data for advertising purposes or to create advertising profiles. It’s that simple.
Privacy by Design
We design the Brightspace platform with privacy in mind.We have a long-standing practice of proactively incorporating privacy features into our products and practices. Privacy by Design is how we develop our solutions and helps maintain the trust of our learners.
We create safe channels for your data, no matter where it travels.Data transfer protocol are multifaced – typically hosting in region, although not always a regulator requirement. Not only do we rely on regional hosting procedure, we also rely on our EU adequacy decision, our privacy shield certification, and model clauses.
We’re accountable to you, even for our vendors.They are only allowed to use personal information to provide their services and nothing else. Vendor contracts are reviewed to align with our data transfer protocol.
- GDPR (The General Data Protection Regulation 2016/679)
- FERPA (Family Educational Rights and Privacy Act)
- COPPA (Children’s Online Privacy Protection Act of 1998)
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- ISO 27001, 27017, 27018, SOC 1 Type 2 and SOC 2 Type 2, Cloud Security Alliance (CSA), Security, Trust and Assurance Registry (STAR)
- We are EU-U.S. Privacy Shield certified, and are a proud signatory of the Privacy Pledge.
At D2L, we take security seriously.
We believe that privacy and security must be core to the development process – not an afterthought. So we develop and test the Brightspace platform based on the principles set out in the Open Web Application Security Project (OWASP) Top Ten framework. We have also achieved several security and privacy certifications, which are audited annually, of our operational practices based on industry leading standards such as ISO27001, SOC 1, SOC 2, and ISO27018.
We aim to give our customers a world class experience, by leveraging industry-leading AWS to deploy our platform within a highly reliable and secure architecture. When our customers are in the D2L Cloud, they can rest easy knowing that we doubled down on security. While AWS is certified and secure, we go further with independent third- party audits to make sure our data protection practices meet and exceed industry standards.
While certifications are an important step in making sure we’re doing the right things, we know that training our people is just as important. We use the Brightspace platform ourselves to train our employees on privacy and security best practices and to confirm their compliance with our internal security policies. And we run regular “table top” (fire drills) exercises to be certain that our employees are prepared to respond and protect your data in any situation.