Security

We take the security of your data seriously. Here's how we protect your information and keep your studio management secure.

Last Updated: December 30, 2025

Our Security Commitment

Lesson Console is built with security at its core. We understand that you trust us with sensitive information about your students and your business, and we take that responsibility seriously.

Encryption

Data in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections and use HSTS headers.

Data at Rest

All data stored in our databases is encrypted using AES-256 encryption. This includes your personal information, student records, and any uploaded files.

Password Security

Passwords are never stored in plain text. We use bcrypt hashing with strong work factors to protect your credentials.

Secure Communications

All automated emails are sent via authenticated SMTP over TLS. We sign outgoing emails with SPF, DKIM, and DMARC.

Infrastructure Security

Data Centers

Our infrastructure is hosted in secure, SOC 2 compliant data centers in the United States. These facilities provide:

  • 24/7 physical security with biometric access controls
  • Video surveillance and security personnel
  • Redundant power and cooling systems
  • Fire detection and suppression systems
  • Environmental monitoring

Network Security

  • Enterprise-grade firewalls and intrusion detection systems
  • DDoS protection and mitigation
  • Network segmentation to isolate sensitive systems
  • Regular vulnerability scanning and penetration testing

Authentication and Access Controls

Secure Authentication

We support secure password requirements and session management with automatic timeout for inactive sessions.

Access Logging

All access to your account is logged, allowing you to review login history and detect unauthorized access.

Role-Based Access

For studios with multiple users, we provide role-based access controls to ensure people only see what they need.

Session Security

Sessions are securely managed with HTTP-only cookies and automatic expiration.

Security Monitoring

We continuously monitor our systems for security threats:

  • Real-Time Monitoring: 24/7 monitoring of system health and security events
  • Anomaly Detection: Automated systems to detect unusual patterns or potential attacks
  • Log Analysis: Centralized logging with automated analysis for security events
  • Alerting: Immediate alerts to our security team for potential incidents

Incident Response

We have a documented incident response plan that includes:

  • Defined roles and responsibilities for incident handling
  • Procedures for containment, eradication, and recovery
  • Communication protocols for notifying affected users
  • Post-incident review and lessons learned process

In the event of a data breach affecting your information, we will notify you within 72 hours as required by applicable law.

Data Backups

Your data is protected against loss through:

  • Automated daily backups with point-in-time recovery
  • Geographically distributed backup storage
  • Encrypted backups using the same AES-256 encryption as production data
  • Regular backup restoration testing

Employee Security

Our team follows strict security practices:

  • Background checks for all employees with access to production systems
  • Security awareness training for all team members
  • Principle of least privilege for system access
  • Mandatory use of strong passwords and multi-factor authentication
  • Secure development practices and code review

Vulnerability Disclosure

We appreciate the work of security researchers who help us keep Lesson Console secure. If you discover a security vulnerability, please report it to us responsibly:

Security Reports

Email: [SECURITY_EMAIL]

Responsible Disclosure Guidelines

  • Provide details of the vulnerability, including steps to reproduce
  • Allow reasonable time for us to address the issue before public disclosure
  • Do not access, modify, or delete data belonging to others
  • Do not perform actions that could harm our systems or users

We commit to:

  • Acknowledging receipt of your report within 48 hours
  • Providing regular updates on our progress
  • Not pursuing legal action against researchers acting in good faith
  • Crediting researchers who report valid vulnerabilities (with permission)

Security Best Practices for Users

Help us keep your account secure by following these recommendations:

  • Use a strong, unique password for your Lesson Console account
  • Don't share your password or account access with others
  • Log out from shared or public computers
  • Keep your devices and browsers updated
  • Be cautious of phishing emails claiming to be from us
  • Report any suspicious activity immediately

Contact Us

For security-related questions or concerns:

Security Team

Email: [SECURITY_EMAIL]

General Support

Email: [SUPPORT_EMAIL]

Related Policies