UDEMY SECURITY FAQ
Enterprise-grade security to protect your data
Security is built into every aspect of how Udemy users learn and engage with Udemy’s services, while minimizing impact to usability, so that you can get the most value out of Udemy when engaging in learning initiatives via a native Web or native mobile app.
Udemy Business is trusted by 11,600+ businesses around the world
Attestations & Compliance
What data does Udemy Business require?
The Udemy Business service minimally requires employee email address and name to provision system access. Additional user data can be provided, however this is optional. (e.g. employee ID or Department). Udemy does not collect or process sensitive or special category personal data.
How is my data protected?
Udemy’s security strategy is governed by a controls framework. The framework consists of consolidated requirements from regulatory bodies, critical security controls, and industry standards. Udemy’s senior leadership, Legal and Information Security teams guide alignment with industry standard security frameworks.
The baseline for Udemy’s security framework is derived from:
Data Encryption
Udemy uses industry-standard encryption methods designed to encrypt communications between Udemy systems and user browsers (e.g., RSA Asymmetric-Key Algorithms). All data transmitted between customers and the Udemy Business service uses industry standard protocols such as TLS 1.2 (or greater) for data in transit, and 256-bit ciphers for data at rest. Access to Udemy’s production network and infrastructure is restricted from open, public networks (i.e., the Internet). Only Udemy-controlled application services are allowed access to Udemy’s production infrastructure.
Data Location
The Udemy Business site (SaaS cloud hosted Web Application) is hosted in a shared infrastructure with logical separation of customer (tenant) data. Each customer, and user, can only access the data that they have entitlements to. Access to the data is logically restricted to each customer and their authorized users via authentication and authorization (see Identity Management below). Udemy data center vendors are located in the United States. Our data center vendors are industry-leading service providers, with state-of-the-art physical protection.
Identity Management
Securing access to your data begins with identity controls that align with your company’s policies. Udemy allows each customer to deploy federated Single Sign-On to manage access (and revocation) to your Udemy Business Web application environment. This enables you to centrally manage the authentication and authorization of users so that only authorized users and admins are granted permissions from a central identity system.
Identity Controls
Udemy and the EU General Data Protection Regulation (GDPR)
The Udemy Business service minimally requires employee email address and name to provision system access. Additional user data can be provided, however this is optional. (e.g. employee ID or Department). Udemy does not collect or process sensitive or special category personal data.