Skip to main content

Welcome to D2L’s Privacy Center

Privacy and security are central to D2L’s mission to help make learning more personal and meaningful for everyone. We make no compromises in maintaining your data’s security.

What We Do With Data

  • You Own Your Data

    And we keep it secure. We put the security, confidentiality, availability, and integrity of your data first. We are committed to the highest security standards and best practices.

  • We Don’t Give Your Data to Advertisers

    We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.

  • Your Privacy Is Our Starting Point

    We always consider your privacy before we ever start building our products and services.

  • We Obey the Laws Where You Are

    D2L hosts data in the cloud. The laws in your country govern its use—no matter where you are located.

A Message from John Baker

Privacy comes first at D2L. It always has and it always will. Our primary goal is to provide technology that can help learners focus on learning, – without having to worry about the safety and privacy of their data. We make no compromises on that.

Your data is your data, it’s really that simple.. You control how and to whom it is disclosed and we will not sell your data to advertisers or other third parties. And D2L will always be committed to high security standards.

This is my commitment to you.

Thank you for trusting D2L,

John Baker Signature

John Baker

Our Approach to Security

We believe that privacy and security must be at the core of the development process—not an afterthought. This is why we:

Learn more about Security and Privacy
  • Develop and test D2L Brightspace based on the principles set out in the Open Web Application Security Project (OWASP) Top Ten framework.

  • Leverage industry-leading AWS to deploy our platform within a highly reliable and secure architecture.

  • Go further than AWS security certifications with independent third-party audits to ensure our own practices meet and exceed industry standards.

  • Regularly achieve several key security and privacy certifications of our operational practices—audited annually—such as: ISO27701, ISO27001, SOC 1, SOC 2, ISO27018 and ISO27017

    Learn more
  • Use Brightspace to train our employees on privacy and security to confirm their compliance with our internal security policies.

  • Run regular tests to ensure our employees are prepared to respond to and protect your data in any situation.

Regulatory Compliance

D2L values the vital importance of privacy and data security regulatory compliance. Our Brightspace platform supports compliance with rigorous standards including

  • The Privacy Act (Canada)
  • GDPR (The General Data Protection Regulation 2016/679)
  • FERPA (Family Educational Rights and Privacy Act)
  • COPPA (Children’s Online Privacy Protection Act of 1998)
  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • LGPD (Brazilian General Data Protection Law)
  • FIPPA – Freedom of Information and Protection of Privacy Act (BC Bill 22)
  • CCPA – California’s Consumer Privacy Act
  • Australian Privacy Act of 1988
  • Singapore Personal Data Protection Act (PDPA)
  • ISO 27701, ISO 27001, ISO 27018, ISO 27017 SOC 1 Type 2 and SOC 2 Type 2, Cloud Security Alliance (CSA), Security, Trust and Assurance Registry (STAR)
  • We are a proud signatory of the Student Privacy Pledge

Get to know us

  • Anna Forgione image
    Anna Forgione

    Chief Legal Officer and Corporate Secretary

  • Nick Oddson image
    Nick Oddson

    Chief Technology Officer

Helpful Resources

Have any questions about our privacy or security practices?

We’d love to hear from you.

Contact Us


Would you like to visit a page that exists in your region?

Take me there