Security Policies & Protection | D2L
IE Not suppported

Sorry, but Internet Explorer is no longer supported.

For the best experience, it's important to use a modern browser.

To view the website, please download another browser such as Google Chrome or Mozilla Firefox.

Security Policies & Protection


D2L has privacy and security-conscious policies that apply to all of its information handling practices.

Contractual Privacy Protection for Customers

  • D2L’s contracts include confidentiality provisions that prohibit D2L from disclosing customer confidential information, including customer data, except under certain defined circumstances, such as when required by law.
  • D2L agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law.

Privacy Statement

For information collected on D2L’s Web sites, D2L provides assurances around the types of information collected, how that information may be shared and how that information may be used.
D2L offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications.
D2L offers individuals the opportunity to update or change the information they provide.
View D2L’s web site privacy statement >

Code of Conduct, Confidentiality Agreements, and Information Security Policies

Every D2L employee must follow D2L’s code of conduct, sign a confidentiality and non-disclosure agreement as a condition of employment, and follow D2L’s information security policies.


D2L’s privacy and security program includes having the appropriate people in place to create, manage and drive security, privacy and policy and communicating with personnel about current issues and best practices.

Internal Training and Communications for D2L Personnel

D2L regularly communicates with personnel about its obligation to safeguard confidential information.
D2L provides online training on confidentiality, privacy, and information security for all new employees.
All D2L personnel are required to complete an annual privacy and security training and are tested on the materials presented.
D2L communicates with all personnel about privacy and information security awareness throughout the year.

Customer End User Awareness

D2L encourages all of its customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers.
D2L communicates with its customers about current issues and trends and inform customers about security issues when necessary and appropriate.


D2L has multiple resources responsible for managing security. The Director of IT and Security is responsible for D2L’s security program including people, information, product, and corporate security, enterprise risk management, and technology audit & compliance. The Chief Privacy Officer is responsible for D2L’s privacy program, including compliance with applicable privacy and data-protection laws. The Information Security Risk and Compliance Manager is responsible for ensuring policies are kept up to date, enforced and organizational risks are identified and mitigated tactically and strategically through security policies. Additionally, all D2L personnel are required to follow D2L’s confidentiality, privacy, and information security policies.

Human Resources

All D2L employees must successfully go through a security background check before they can begin working at D2L.


D2L maintains a variety of technical measures to protect the D2L Brightspace service.

Default Privacy and Security Features

Application features that protect customer data:

Connection to the D2L Brightspace service is via transport layer security (TLS), ensuring that its customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
Application logs record the creator, last updated, timestamps, and originating IP address for every record and transaction completed.
Customers passwords are not accessible by D2L personnel.

Logical separation of customer data:

Hardware and software configurations are designed to provide secure logical separation of customer data.
Multitenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.
The D2L Brightspace service supports delegated authentication.

Network security measures:

Multiple layers of external firewalls
Intrusion-detection & prevention sensors
Security information and event management system
Continuous external vulnerability scanning

Redundancy and Scalability:

The D2L Brightspace service is highly scalable and redundant, allowing for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of D2L’s design.

Disaster Recovery:

All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore the D2L Brightspace service in the case of a catastrophic loss.

Customer-Controlled Privacy and Security Settings:

Customers may determine which of their respective designees can access different categories of data.
Customers may set customizable password rules.
Customers may define log-off times for inactivity.
Back to D2L security overview