Welcome to D2L's Privacy Center

This Privacy Center provides an overview of our Data Protection Program and our approach to data privacy within the Brightspace platform.

A note from the founder of the Brightspace Platform and the CEO of D2L

Since our very beginning in 1999, we have been steadfast in our mission to improve the way people learn because we believe learning is transformational – inspiring social and technological change. We wanted D2L to provide the kind of technology that allowed our users to focus on what matters most – learning – without having to worry about the safety and privacy of their data. No compromises.

Twenty years later, I’m proud of how D2Lers have embraced this mission and made it central to our commitment to you. We know that some companies have blurred the lines on what they do with your data. But for us, even twenty years later, when it comes to your learning experience and the safety and privacy of your data, our mission remains clear.

At D2L, we believe that the data you entrust to us is always your data and you should get to choose what we can and cannot do with your data. It’s just not our data; it’s yours.

So, I personally thank you for trusting us to be different. Here’s to another 20 years of transforming learning – together.

John Baker, President and CEO, D2L

Data Security

We keep your data secure.

With Brightspace you own your data – we keep it secure. Our approach puts your security and data confidentiality, availability and integrity first. Our process works, demonstrated by a track record of delivering reliable security that is continuously being improved.

Ad-Free

We use your data for learning only, not for advertising.

There are no ads in the Brightspace platform and we do not collect, track, target, use, or sell learner data for advertising purposes or to create advertising profiles. It’s that simple.

Privacy by Design

We design the Brightspace platform with privacy in mind.

We have a long-standing practice of proactively incorporating privacy features into our products and practices. Privacy by Design is how we develop our solutions and helps maintain the trust of our learners.

Data Transfers

We create safe channels for your data, no matter where it travels.

Data transfer protocols are multifaceted – typically hosting in region, although not always a regulator requirement. Not only do we rely on regional hosting procedure, we also rely on our EU adequacy decision, our privacy shield certification, and model clauses.

Our Vendors

We’re accountable to you, even for our vendors.

They are only allowed to use personal information to provide their services and nothing else. Vendor contracts are reviewed to align with our data transfer protocol.

Regulatory Compliance

We understand the importance of regulatory compliance with respect to the security, and privacy of information. Our services support compliance with your privacy and security requirements. We have invested significant engineering, process and security efforts into our offerings to help our clients address user data privacy under relevant privacy laws. The Brightspace platform supports compliance with rigorous standards.
  • GDPR (The General Data Protection Regulation 2016/679)
  • FERPA (Family Educational Rights and Privacy Act)
  • COPPA (Children’s Online Privacy Protection Act of 1998)
  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • ISO 27001, 27017, 27018, SOC 1 Type 2 and SOC 2 Type 2, Cloud Security Alliance (CSA), Security, Trust and Assurance Registry (STAR)
  • We are EU-U.S. Privacy Shield certified, and are a proud signatory of the Privacy Pledge.

Security

At D2L, we take security seriously.

We believe that privacy and security must be core to the development process – not an afterthought. So we develop and test the Brightspace platform based on the principles set out in the Open Web Application Security Project (OWASP) Top Ten framework. We have also achieved several security and privacy certifications, which are audited annually, of our operational practices based on industry leading standards such as ISO27001, SOC 1, SOC 2, and ISO27018.

Moreover, unlike some software providers, we do not just rely on our cloud provider’s security controls, because that would fail to give you confidence that our own processes meet the rigorous standards. Instead, we are independently audited by third parties to ensure our data protection practices meets and exceeds industry standards.

While certifications are an important step in making sure we’re doing the right things, we know that training our people is just as important. We use the Brightspace platform ourselves to train our employees on privacy and security best practices and to confirm their compliance with our internal security policies. And we run regular “table top” (fire drills) exercises to be certain that our employees are prepared to respond and protect your data in any situation.

Our Privacy and Security Leaders

Anna Forgione

Privacy Officer, General Counsel
Anna brings twenty years of experience in corporate leadership, technology advocacy, business development, negotiations, and strategic planning. She oversees all legal and regulatory matters for D2L worldwide.

Dan Cira

Privacy Counsel
As Privacy Counsel for D2L, Dan’s role is to boil the current legislative and compliance objectives down into practical, implementable strategies to protect your information. Dan is a member of International Association of Privacy Professionals (IAPP) and a member of the Canadian Advisory Committee on GDPR (CAC-GDPR).

Nick Oddson

Chief Technology Officer
Nick brings over twenty years of design and enterprise-level software experience to his role with D2L. He’s responsible for guiding our product team as they continue to scale and develop the company’s industry-leading learning solutions.

Contact Us

If you have questions about our privacy or security practices, we’d love to hear from you.

Please complete this required field.
Phone number must be a valid number.
Thank you for submitting this form.

Helpful Resources