SECURITY & DATA

Your training data, handled the way your security team expects.

Encryption in transit and at rest, role-scoped access and isolated tenants, SSO and SCIM from your identity provider, and a tamper-evident audit log of every action. The documents your procurement team needs are in the Trust Center.

Request security documentation → Visit the Trust Center →
ENCRYPTED · ROLE-SCOPED · SSO & SCIM · AUDIT-LOGGED
What the security review covers
1
Where it lives
Hosting & data residency
Encrypted in transit and at rest, with regional data residency available on request.
2
Who can touch it
Role-scoped access, isolated tenants
Every person sees only what their role grants; every entity and partner sits in its own tenant.
3
How identity works
SSO & SCIM from your IdP
Your directory drives access. When someone leaves, de-provisioning closes it.
4
What was done
Tamper-evident audit log
Actor, action, category and timestamp on every event — with integrity you can verify.
Built for procurement · the documents live in the Trust Center
Encryption at rest & in transit GDPR / PIPEDA / CASL (aligned) WCAG 2.1 AA SOC 2 (in progress)
For IT, Security & Compliance

Everything procurement asks, in one place.

Where the data lives, who can reach it, how identity is wired to your provider, and how every action is logged — laid out the way a security questionnaire walks through it. For the specifics under NDA, the Trust Center holds the documents.

01Where your data lives

Hosting and data residency.

Your training content and learner records are hosted on managed cloud infrastructure, encrypted in transit and at rest. For organizations with residency requirements, regional data residency is available on request — tell us where your data must stay and we’ll confirm the options on the security call.

  • Managed cloud hosting. Your data sits on managed cloud infrastructure, not on machines under a desk.
  • Encrypted everywhere. In transit and at rest — the same posture stated on every page of the site.
  • Regional data residency, on request. Have a requirement about where data must live? Raise it and we’ll confirm the available regions.
  • Logical separation by tenant. Each customer’s data is isolated in its own tenant, walled off from every other.
WHERE YOUR DATA LIVES · ENCRYPTED IN TRANSIT & AT REST YOUR PEOPLE Browser & app on any device 🔒 TLS in transit MANAGED CLOUD · YOUR REGION RESIDENCY ON REQUEST Learner records encrypted at rest Source material & courses encrypted at rest ● ISOLATED PER TENANT · ENCRYPTED END TO END tell us your residency requirement and we’ll confirm the region
02Access control & portals

Role-scoped access, isolated tenants.

Nobody reaches across a boundary they weren’t given. Each entity, partner and subcontractor lives in its own tenant — isolated by default — and inside a tenant a role decides what each person can see.

  • Three core roles. Super admin across the account, tenant admin within an entity, and learner scoped to their own courses and certificates.
  • Strict per-tenant isolation. Every entity and partner is walled off by default — one tenant never sees another’s people or data.
  • Scoped subcontractor portals. A subcontractor’s crew trains in your environment and sees only their own records — never your internal staff.
  • Access reviewed, not assumed. Owners are prompted to recertify who can see what, and every change is logged.

See the full access-control model →

ACCESS CONTROL · ROLES & ISOLATED TENANTS Super admin across the whole account · every tenant rolls up ALL TENANTS Main Division ⊘ OTHERS INVISIBLE Tenant admin manages this entity Learner own courses only Ironside Welding ⊘ SUBCONTRACTOR PORTAL Tenant admin their crew only Learner no staff data Partner Co. ⊘ WALLED TENANT Tenant admin own catalog Learner own courses only ● ISOLATED BY DEFAULT · ROLE DECIDES THE SCREENS · IMPERSONATION LOGGED
03Identity: SSO & provisioning

Your identity provider drives access.

You don’t maintain a second user list. Single sign-on lets your people authenticate through your own identity provider, and SCIM provisioning creates and updates accounts from your directory. When someone leaves and your directory de-provisions them, their access to TalentED closes with it — no orphaned logins to chase.

  • SSO over SAML 2.0 or OIDC. Your people sign in through your provider — one set of credentials, your policies.
  • SCIM 2.0 provisioning. Accounts are created and kept current from your directory, not by hand.
  • De-provision closes access. When your directory removes someone, their access to TalentED ends with it.
  • Works with the major IdPs. Okta, Azure AD, Google Workspace and JumpCloud.

More on identity & access →

IDENTITY · SSO & SCIM FROM YOUR PROVIDER YOUR IDENTITY PROVIDER Okta Azure AD Google Workspace JumpCloud DIRECTORY = SOURCE OF TRUTH joiner → provisioned role change → updated leaver → de-provisioned SSO · SAML/OIDC SCIM 2.0 DE-PROVISION TalentED Account created from your directory ✓ Sign in via SSO no separate password Role applied scoped to their data Departure access closed one directory in · accounts, sign-in and removal follow it
04Data handling & encryption

What we hold, and how we protect it.

The data you put into TalentED is the source material you bring and the records your people generate as they train. It’s encrypted in transit and at rest, and you decide how long it’s kept.

Encryption

In transit and at rest. Connections are encrypted in transit, and stored data is encrypted at rest.

Retention

You set the window. Retention is configurable to match your policy, and records can be exported or removed on the terms set in your agreement.

Data processed

Source material and learner records. The documents and media you upload to build training, and the completions, scores and certificates your people earn — processed to run the platform, nothing sold on.

DATA HANDLING · ENCRYPTION · RETENTION · DATA PROCESSED ENCRYPTION In transit TLS · encrypted At rest encrypted storage RETENTION · YOU SET THE WINDOW Records kept to your policy configurable · exportable · removable per your agreement EXPORT PURGE DATA PROCESSED Source material SOPs · documents · video you upload to build training YOUR CONTENT · YOURS Learner records completions · scores certificates · renewals TO RUN THE PLATFORM exact standards on request — the Trust Center holds the detail
05Audit & compliance posture

A tamper-evident log of every action.

Every action writes a record — who did it, what they did, the category, and exactly when. The ledger can be hash-chained so each entry links to the one before it: a changed or deleted record breaks the chain, and a “Verify Integrity” check confirms the trail is intact. When an auditor asks, compliance exports in a single click.

  • Actor, action, category, timestamp. Every event is captured with who, what, which category and when.
  • Tamper-evident, hash-chained. Each record links to the last; edit one and the chain breaks. “Verify Integrity” proves it’s intact.
  • Compliance export in one click. Hand an auditor a tenant-wide report by date range on the spot.
  • Aligned with GDPR, PIPEDA and CASL. With SOC 2 in progress — the documents route through the Trust Center.

See the compliance toolkit →

AUDIT LOG · ACTOR · ACTION · CATEGORY · TIMESTAMP TAMPER-EVIDENT · HASH-CHAINED ✓ VERIFY INTEGRITY ACTOR ACTION CATEGORY TIMESTAMP H. Bennett Completed course training 2026-06-01 09:14 hash 9f3a… ← prev 00a1… T. Russo Certificate issued compliance 2026-06-01 11:02 hash 4c7e… ← prev 9f3a… Admin · A. Cole Viewed as learner access 2026-06-02 08:41 hash 1b90… ← prev 4c7e… ✓ ● CHAIN VALID · edit one record → chain breaks ⤓ EXPORT COMPLIANCE · 1 CLICK GDPR PIPEDA CASL SOC 2 · IN PROGRESS — documents in the Trust Center
AI handling & disclosure

The AI answers from your content — not the open internet.

Security teams ask where the AI gets its answers and whether synthetic media is labelled. Here it is, head-on.

Grounded answers

From your own content only

The AI copilot answers from your organization’s own courses and knowledge base — not the open internet. It draws on the material you put in, so people get your procedures, not a guess from the web. BETA

Disclosed media

AI translation and production, labelled

Where AI is used to dub or produce training media, that use is disclosed rather than hidden — so your people and your auditors know what was AI-assisted.

On the record

Read the AI Disclosure

How TalentED uses AI — voice-cloning consent, the content it draws on, review, and model providers — is written up on its own page. Read the AI Disclosure →

Sub-processors & documents

The documents your procurement team needs.

These route through the Trust Center. Request access — the ones that warrant it are released under NDA.

Sub-processor list
Who processes data on our behalf
Request access
Data Processing Agreement (DPA)
Terms for processing your data
View
SOC 2 report
In progress · available when complete
Request access
Penetration-test summary
Released under NDA
Request access
Security overview
How we protect your training data
View
AI Disclosure
How TalentED uses AI
View

Bring your security questionnaire. We’ll answer it.

“Excellence is teachable.”

Send us the questionnaire your team uses to clear a vendor. We’ll walk it line by line — where the data lives, who can reach it, how identity is wired, and how every action is logged — and route the documents through the Trust Center.

Request security documentation →