At LTIAAS, we take privacy and security very seriously. For information about our customer's privacy, please read our Privacy Policy. This page, on the other hand, explains the great lengths that LTIAAS has taken to ensure the privacy and security of the users that use the API hosted by LTIAAS on behalf of our customers. i.e. the teachers and students doing LTI launches through an instance of the LTIAAS API hosted on LTIAAS servers.
At LTIAAS we take pride in the following:
At LTIAAS, we rely on few third-party vendors to help provide our services. The table below outlines these vendors and their relationship to our customer's data. When necessary, LTIAAS enters into Data Processing Agreements that restrict what these vendors may use data for.
Vendor | Hosted LTIAAS Service | Access to Learning Data | Notes |
Google Cloud | x | x | Google Cloud is a SOC-2 certified cloud hosting provider that hosts all of LTIAAS's cloud infrastructure. They are given access to authenticate our customers and allow them to access their API management portals. There are strict contractual limits on what Google Cloud can do with LTIAAS data. |
Amazon Web Services | x | Amazon Web Services (AWS) is a SOC-2 certified cloud hosting provider. LTIAAS uses one product called 'API Gateway'. AWS does not store any customer or learning data, it only proxies SSL encrypted data through the gateway and on to the Google Cloud Servers. The API Gateway product enables more enhanced security such as rate-limiting, multi-site availability, and Web Application Firewall. | |
GitLab | x | GitLab is our software code repository of choice. Unlike GitHub (what some of our competitors use), GitLab's contractual agreement with LTIAAS prohibits them from accessing and using LTIAAS repository data. GitLab does not process any customer or learning data. | |
Stripe | x | Stripe is our payment processing provider. Stripe is given access a non-identifiable customer ID number, customer coarse location (Country/State), and payment method. No other personal information is shared with Stripe. Stripe does not process any learning data. | |
Google Workspace | x | LTIAAS uses Google Workspace for email (Gmail), chat (Google Meet), and office products (Google Docs, etc.). Google does not process LTIAAS customer learning data, but they do process email about or customers as needed by LTIAAS to do regular business. |
LTIAAS uses Google Cloud to host our API services. Below is a simplified architectural diagram of our infrastructure resources and data flow.
Document | Link |
Information Security Management Program | download |
Comprehensive IT Security Policy | download |
Comprehensive Security Policy | download |
Vendor Management Policy | download |
Disaster Recovery Plan | available under NDA |
Software Development Lifecycle | download |
CAIQ-Lite Questionnaire | download |
CAIQ v3.1 Full Questionnaire | download |
HECVAT Full | download |
If there are any questions regarding LTIAAS privacy and security compliance, you may contact us using the information below.
Connect your platform with a new way of teaching.
Company
Help & Support