top of page
Stratified Learning – Security Policy

Last updated: March 2026

1. Overview

Stratified Learning Pty Ltd is committed to maintaining a secure, reliable, and trusted online environment for educators and schools. Our services, including the Stratified Learning Curriculum Planner and NavigateCR applications, are designed to meet or exceed recognised industry standards for data protection, encryption, and access control.

Stratified Learning platforms are designed using a multi-tenant architecture, ensuring that each school or organisation operates within an isolated data environment. Access to information is controlled through role-based permissions and database-level security policies that prevent users from accessing data belonging to other organisations.

2. Hosting and Infrastructure Security

Services operate exclusively over secure HTTPS connections using TLS 1.2 or higher, with TLS 1.3 preferred where supported.

SSL/TLS certificates are issued by trusted certificate authorities and validated through standard certificate revocation and verification mechanisms.

Stratified Learning services are hosted using secure cloud infrastructure located within Australian data centres, provided by reputable cloud service providers.

3. Data Protection and Storage

Stratified Learning is designed to minimise the storage of personal and educational data wherever possible.

Where user accounts are required, limited personal information may be stored in order to provide access to the service. This may include:

  • name

  • email address

  • encrypted authentication credentials

Some services within the Stratified Learning platform operate using session-based processing, where user inputs are not retained after the session ends.

Stratified Learning does not store credit card or payment information. Payment transactions are processed securely by third-party providers such as Stripe or PayPal under their respective PCI-DSS compliance frameworks.

Encrypted backups are maintained within Australian data centres to support system resilience and disaster recovery.

4. Access Control and Authentication

All user access to Stratified Learning services requires secure authenticated login.

Authentication systems implement the following safeguards:

  • Passwords are securely hashed using industry-standard cryptographic hashing algorithms (bcrypt) and are never stored in plain text.

  • Session tokens are short-lived and transmitted only over secure HTTPS connections.

  • Role-based access controls ensure users can access only the resources appropriate to their account type.

  • Database-level security policies enforce organisational data isolation between tenants.

5. Network and Application Security

Stratified Learning platforms are protected through multiple layers of security controls, including:

  • network firewalls and intrusion detection systems

  • restricted Cross-Origin Resource Sharing (CORS) policies

  • dependency and vulnerability scanning of application components

  • validation and sanitisation of user inputs and uploaded files

These safeguards help protect against common web security threats including injection attacks, cross-site scripting, and malicious uploads.

 

6. Data Transmission

All data transmitted between users and Stratified Learning systems is encrypted using TLS encryption (TLS 1.3 where supported, TLS 1.2 fallback).

Unencrypted HTTP connections are automatically redirected to HTTPS. No unencrypted traffic is accepted or processed by Stratified Learning systems.

7. Monitoring and Incident Response

Stratified Learning systems are continuously monitored for operational anomalies, security events, and potential unauthorised activity.

In the event of a suspected security incident or data breach, Stratified Learning will:

  • immediately isolate affected systems where required

  • investigate and assess the scope and impact of the incident

  • notify affected organisations and relevant stakeholders as appropriate

  • implement corrective and preventative measures

Where relevant, affected schools or organisations will be notified as soon as practicable following confirmation of a security incident.

8. Third-Party Services

Stratified Learning relies on a number of reputable third-party service providers to support hosting, infrastructure, and payment processing.

These providers are selected based on their security certifications, reliability, and compliance with recognised data protection standards.

Third-party services used by Stratified Learning may include:

  • secure cloud hosting infrastructure

  • payment processing services (e.g. Stripe or PayPal)

  • analytics or monitoring tools

All third-party providers are expected to maintain strong encryption, access controls, and privacy protections.

 

9. Compliance and Review

Stratified Learning security practices are designed to align with:

  • the Australian Privacy Principles (APPs) under the Privacy Act 1988

  • relevant education sector security expectations such as the Queensland Department of Education Information Security Policy (IS18:2018)

Security practices and this policy are reviewed at least annually, or whenever system architecture or data-handling practices change.

 

10. Contact

For security-related enquiries or to report a potential security issue, please contact:

Security Officer
Stratified Learning Pty Ltd

Email: security@stratifiedlearning.com

Mailing Address:
PO Box 111
Billinudgel NSW 2483
Australia

bottom of page