At LTIAAS we take pride in the following:
At LTIAAS, we rely on few third-party vendors to help provide our services. The table below outlines these vendors and their relationship to our customer's data. When necessary, LTIAAS enters into Data Processing Agreements that restrict what these vendors may use data for.
|Vendor||Hosted LTIAAS Service||Access to Learning Data||Notes|
|Digital Ocean||x||x||Digital Ocean is a SOC-2 certified cloud hosting provider that hosts all of LTIAAS's cloud infrastructure. While their infrastructure has full access to data transferred through and stored at LTIAAS.com, there are strict contractual limits on what Digital Ocean can do with that data.|
|Google Cloud||x||Google Cloud is a SOC-2 certified cloud hosting provider that hosts https://portal.ltiaas.com. They are given access to authenticate our customers and allow them to access their API management portals. No learning information is stored on Google's servers, just customer authentication information such as email address and LTIAAS account number.|
|New Relic||x||New Relic is a log aggregator and security event management platform that LTIAAS subscribes to. We transfer all system logs to New Relic. These logs contain information like requests made to our system, IP address, and name of resource requested. No learning data is accessible to New Relic. This service enables an extra layer of security to LTIAAS by automatically detecting suspicious events like failed logins and unexpected state changes.|
|GitLab||x||GitLab is our software code repository of choice. Unlike GitHub (what some of our competitors use), GitLab's contractual agreement with LTIAAS prohibits them from accessing and using LTIAAS repository data. GitLab does not process any customer or learning data.|
|Stripe||x||Stripe is our payment processing provider. Stripe is given access a non-identifiable customer ID number, customer coarse location (Country/State), and payment method. No other personal information is shared with Stripe. Stripe does not process any learning data.|
|Google Workspace||x||LTIAAS uses Google Workspace for email (Gmail), chat (Google Meet), and office products (Google Docs, etc.). Google does not process LTIAAS customer learning data, by they do process email about or customers as needed by LTIAAS to do regular business.|
LTIAAS uses Digital Ocean to host our customer API instances. Below is a simplified architectural diagram of our infrastructure resources and data flow.
|Information Security Management Program||download|
|Comprehensive IT Security Policy||download|
|Comprehensive Security Policy||download|
|Vendor Management Policy||download|
|Disaster Recovery Plan||available under NDA|
|Software Development Lifecycle||download|
|CAIQ v3.1 Full Questionnaire||download|
If there are any questions regarding LTIAAS privacy and security compliance, you may contact us using the information below.