Physical security of our server clusters is the responsibility of our hosting vendors. We utilize a combination of industry leading cloud hosting by Amazon Web Services and Linode to support all of our installations and related tooling and services. The physical server cluster is located in Northern Virginia and Dallas, TX respectively. No data is transferred and/or stored outside of these vendors or their locations.
Electronic security is a shared responsibility between our platform and our hosting vendors. We employ a variety of anti-hacking technologies to support our strict security measures as well as transferring all system traffic and data across SSL-secured (TLS 1.2, SHA256) connections. We maintain an A+ security rating as evaluated by Qualys SSL Labs, the full report of which can be found here.
Further, we are not in favor of using of technologies and protocols that add risk by introducing opportunities for security compromises. An example of this is our focus on single sign-on and Learning Tools Interoperability integration for authentication to eliminate the need for internal storage and handling of passwords.