top of page

Stratified Learning – Security Policy

Last updated: November 2025

 

1. Overview

Stratified Learning Pty Ltd is committed to maintaining a secure, reliable, and trusted online environment for educators and schools. Our services, including the Stratified Learning Curriculum Planner and NavigateCR App are designed to meet or exceed industry standards for data protection, encryption, and access control.

 

2. Hosting and Infrastructure Security

  • Services operate exclusively over HTTPS using TLS 1.2 or higher (TLS 1.3 preferred).

  • Certificates are issued by Google Trust Services (GTS Root R4) with full OCSP/CRL validation.

 

3. Data Protection and Storage

  • Stratified Learning does not store personal, student, or sensitive educational data.

  • For registered teacher accounts, only name, email, and encrypted password are stored.

  • No credit card or payment data is stored on our servers. Transactions are processed securely by Stripe or PayPal under their respective PCI-DSS compliance frameworks.

  • Backups are encrypted and stored within Australia.

 

4. Access Control and Authentication

  • All user access is authenticated via secure, encrypted login.

  • Passwords are hashed and salted using strong encryption standards (bcrypt/SHA-256).

  • Session tokens are short-lived and transmitted securely over HTTPS.

  • Role-based access ensures users can only access resources appropriate to their account type.

5. Network and Application Security

  • Firewalls and intrusion detection systems protect against unauthorised access.

  • Regular vulnerability scans and dependency audits are performed across hosted environments.

  • Cross-Origin Resource Sharing (CORS) is restricted to known domains (*.stratifiedlearning.com).

  • All uploads are sanitised and validated to prevent injection or malware risks.

 

6. Data Transmission

  • All data transmitted between the user’s browser and Stratified Learning servers is encrypted using TLS 1.3 (or TLS 1.2 fallback). No unencrypted traffic is accepted or processed.

 

7. Monitoring and Incident Response

  • System activity is continuously monitored for anomalies.

  • In the event of a security incident or suspected data breach, Stratified Learning will:

  1. Immediately isolate affected systems.

  2. Investigate and assess scope and impact.

  3. Notify relevant stakeholders, including affected schools, within 48 hours.

  4. Take corrective actions and implement preventative measures.

 

8. Third-Party Services

Stratified Learning uses only reputable, security-audited services, including:
Google Cloud Platform (hosting)
Stripe / PayPal (payments)

Application layer framework
All third parties meet or exceed global standards for data encryption, privacy, and access control.

 

9. Compliance and Review

This policy aligns with the Australian Privacy Principles (APPs) and the Queensland Department of Education Information Security Policy (IS18:2018). It is reviewed annually or whenever system architecture or data handling practices change.

 

10. Contact

For security-related questions or reports, please contact:
Security Officer
Stratified Learning Pty Ltd
Email: security@stratifiedlearning.com
PO Box 111, Billinudgel NSW 2483

bottom of page