Due to high demand, TrainedTeam is operating on an invite-only program.Request yours

TrainedTeam
Security

Your training data is sensitive. Here's how we protect it.

Encryption, EU data residency, row-level security, and full audit trails - built in from day one.

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database connections are encrypted. Backups are encrypted.

EU Data Centres

Your data is stored in European Union data centres. No data is transferred outside the EU/UK unless you explicitly configure an integration that requires it.

Authentication

Support for Google and Microsoft SSO. Password authentication uses bcrypt hashing with salting. Multi-factor authentication support is on our roadmap.

Row-Level Security

Database-level security ensures users can only access data belonging to their organisation. This is enforced at the database layer, not just the application layer.

Access Control

Four role levels (Owner, Manager, Content Creator, Maker) with granular permissions. Owners control who can access what. Role changes take effect immediately.

Audit Trail

Every e-signature captures the signer's legal name, timestamp, IP address, and document version. Training completions, quiz results, and acknowledgments are permanently logged.

UK GDPR Compliance

We process data in accordance with the UK GDPR and Data Protection Act 2018. We provide data processing agreements on request for Enterprise customers.

Regular Updates

Dependencies are regularly updated. Security patches are applied promptly. We monitor for vulnerabilities and follow responsible disclosure practices.

Data retention and deletion

Training records and acknowledgment data are retained for the duration of your subscription plus 6 years, in line with UK employment law retention guidelines (Limitation Act 1980).

You can delete individual content items at any time. Account deletion removes all personal data within 30 days. Compliance records (e-signatures, acknowledgments) may be retained for the statutory period.

On request, we provide a full data export in standard formats (CSV, JSON). Enterprise customers can request a data processing agreement (DPA).

Reporting a vulnerability

If you discover a security vulnerability, please report it responsibly to security@trainedteam.com. We will acknowledge receipt within 24 hours and aim to resolve confirmed vulnerabilities promptly.

Training data you can trust

Request your invite. Encryption, audit trails, and UK GDPR compliance included on every plan.

Request invite