Platform privacy and security FAQ
From compliance to AI and database questions, find out all the backend information you need on the CYPHER Learning platform

Security and privacy
CYPHER Learning handles regulatory and compliance monitoring through a combination of internal controls, third-party audits, and continuous system monitoring:
- Certifications: SOC 2 Type 2 certified and TX-RAMP Level 1 (conditional) Fast Track accepted.
- Data protection: Compliant with GDPR, CCPA, FERPA, HIPAA, PCI-DSS and other major regulations.
- Monitoring: Uses AWS GuardDuty, DataDog, and internal audit logs for continuous compliance oversight.
- Accessibility: WCAG 2.1 AA compliance is in place, with WCAG 2.2 AA and EAA compliance is in progress.
- Policies: Maintains strict internal policies for data access, encryption, and incident response.
- Support: Compliance requests (e.g., data subject rights, audit inquiries) are managed through dedicated support channels.
CYPHER Learning proactively monitors regulatory changes through dedicated compliance and legal teams. When new laws arise:
- Impact assessments are conducted to evaluate platform and policy changes.
- Product updates are implemented to meet new data handling or privacy requirements (e.g., new user rights, consent flows).
- Policies and documentation are updated accordingly (e.g., DPA, Privacy Policy).
- Customer communication and support is provided to guide organizations through necessary actions.
- Continuous monitoring tools and third-party audits ensure ongoing compliance.
Yes, CYPHER Learning is fully compliant with EU restrictions and requirements on the storage, maintenance, and usage of employee data. We ensure compliance with the following:
- Data Sovereignty: We host data in regional AWS data centers (e.g., Frankfurt for the EU, Virginia for the US, Sydney for APAC), ensuring data is stored within the designated jurisdictions as required.
- GDPR Compliance: We fully align with GDPR regulations, which govern the processing and storage of personal data for individuals within the EU. This includes adhering to data subject rights such as access, correction, and deletion.
- Data Processing Agreement (DPA): We have a robust DPA in place, ensuring proper safeguards for personal data in line with GDPR and other relevant laws.
- EU-US Privacy Shield: CYPHER Learning complies with the EU-US Privacy Shield framework, which ensures that personal data transferred from the EU to the United States is handled with adequate protection and privacy safeguards.
- SOC 2 Controls: We maintain SOC 2 compliance, which includes strong security, availability, and confidentiality practices for managing customer data.
In addition, we cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to investigate unresolved complaints, further ensuring compliance with EU data protection regulations.
CYPHER Learning adheres to leading privacy, risk management, and cybersecurity frameworks, including:
- SOC 2 Type 2
- GDPR, CCPA, FERPA, PCI-DSS, and HIPAA (as applicable)
- TX-RAMP Level 1 (Conditional Acceptance)
Data is hosted regionally (U.S., EU, APAC), and cross-border data transfers are handled using Standard Contractual Clauses (SCCs) and other recognized safeguards. All data is encrypted, access is role-based, and continuous monitoring ensures secure, compliant operations globally.
Yes. CYPHER Learning complies with applicable domestic and international regulations. While EU Safe Harbor has been replaced by Privacy Shield, CYPHER aligns with current cross-border data transfer frameworks and privacy laws.
CYPHER Learning provides granular auditing capabilities that include:
- User activity logs: Login attempts, course enrollments, assignment submissions, etc.
- Admin actions: Changes to settings, user roles, and custom fields
- Content changes: Course edits, deletions, and versioning
- SSO and API usage logs: Authentication events and API access tracking
CYPHER Learning uses automated security scanning tools to check for vulnerabilities in both custom code and third-party components:
- Static Application Security Testing tools scan code for common vulnerabilities
- Dependency scanners
- AWS Inspectors are used for vulnerability assessment and threat detection
- DataDog monitors runtime behaviors for anomalies
CYPHER Learning uses vetted third-party service providers (e.g., AWS for hosting). Controls in place include:
- Vendor due diligence and screening before engagement
- Data Processing Agreements (DPAs) with strict privacy and security terms
- Access controls and role restrictions, ensuring least-privilege access
- Regular audits and monitoring of third-party activities
- SOC 2 controls and TX-RAMP compliance for secure vendor management
Data in the CYPHER Learning platform is backed up automatically:
- Daily full database snapshots with a 7-day rolling window
- Redundant storage across multiple availability zones (Multi-AZ) for high availability
- Point-in-time recovery supported via AWS RDS with records maintained for up to 1 year
- File storage (e.g., uploads) is backed up using versioned and replicated S3 buckets
CYPHER Learning classifies sensitive data based on standard privacy and security frameworks such as GDPR, CCPA, PCI-DSS, and SOC 2. The classifications include:
- Personally Identifiable Information (PII): Names, emails, usernames, IP addresses
- Educational Records: Score, assessments, and course enrollments (FERPA-protected)
- Authentication Data: Passwords, SSO tokens
- Financial Data (if applicable): Payment details for e-commerce features
Sensitive data is identified through schema-level tagging, field-level access controls, and automated monitoring tools. These are tracked via audit logs, database schemas, and compliance reporting tools to ensure appropriate handling and visibility.
Yes. All data is handled according to the same high-security standards and compliance, however if a customer requires additional security for certain data points, additional protections can be added at the tenant level.
In the CYPHER Learning platform, sensitive data is not transferred to test environments by default. When test environments require real data, data anonymization and scrambling techniques are applied, such as:
- Replacing user names and emails with dummy values
- Masking or hashing personally identifiable information (PII)
- Obfuscating content and comments to preserve format but remove meaning
CYPHER Learning implements multiple safeguards against abuse and malicious actors, including:
- Rate limiting on APIs to prevent abuse
- Multi-factor authentication (MFA) and strong password policies, including support for authenticator applications
- Role-based access controls (RBAC) for data and feature permissions
- IP whitelisting and VPN isolation for system access
- Regular vulnerability scans, penetration testing, and malware scanning
- Security incident response plan and real-time threat detection via AWS GuardDuty and other tools
Data can be exchanged through multiple secure interface methods:
- RESTful APIs: Primary method for data exchange; supports user, course, enrollment, grade, and report data. Secured via HTTPS, API keys, and rate limiting.
- Webhooks: For real-time event-based data sharing (e.g., new user or enrollment).
- CSV Imports/Exports: For bulk data operations (e.g., user uploads), via secure admin access.
- SSO/SAML Attributes: Used for identity-related data exchange during authentication.
- Integration platforms (Zapier, Workato): Enables connection with third-party apps via secure automation flows.
No SOAP APIs are currently exposed. All interfaces are secured with TLS encryption, RBAC, and monitored for integrity.
CYPHER Learning has no special firewall or network constraints beyond standard internet access. Communication to, from, and within the platform is secured through:
- HTTPS (TLS encryption) for all data in transit
- Firewall protections and network isolation within AWS using VPCs and security groups
- Role-based access controls (RBAC) and IP whitelisting (optional)
- Monitoring tools like AWS GuardDuty and CloudWatch to detect and respond to suspicious activity
CYPHER Learning takes a comprehensive, defense-in-depth approach to data encryption and security across all layers of our infrastructure.
Data in Transit is secured using TLS 1.2 or higher, ensuring end-to-end encryption as information moves between systems. This includes communications between users and the application, API traffic, and internal system connections—safeguarding sensitive information from interception or tampering.
Data at Rest is encrypted using AES encryption standards, fully compliant with FIPS 140-2 requirements. This protects stored data across application servers, job servers, and storage layers. Each disk is encrypted and hosted behind firewalls that restrict traffic to essential services only. Our platform’s architecture is distributed across multiple availability zones, adding resiliency and continuity even in the case of localized outages.
Edge-level security is enhanced through the use of content delivery networks like AWS CloudFront and Azure FrontDoor, enabling secure and optimized access to global users. These services enforce HTTPS at the edge with custom SSL certificates per customer.
Encryption key management is handled via AWS Secrets Manager and Azure Key Vault, ensuring secure storage and strict access controls for encryption keys, passwords, and credentials. Keys are rotated according to cloud provider best practices and can be managed on demand. No credentials are stored in source code.
Our architecture also includes:
- Containerized deployment (moving toward Kubernetes) for better isolation and control.
- Encrypted background job processing distributed across availability zones.
- Use of MySQL 8 with Multi-AZ and read replicas for high performance and secure availability.
- Secure object storage with AWS S3 and Azure Blob Storage for uploaded and generated files.
- Encrypted search indexing via AWS ElasticSearch and Azure Search Service.
- Centralized, monitored email delivery through AWS SES with optional custom SMTP support.
This holistic encryption and infrastructure strategy ensures that customer data is always protected—whether it’s being transferred, stored, processed, or cached—giving enterprise clients full confidence in our platform’s security and resilience.
CYPHER Learning ensures secure handling of credentials, updates, and deployments by following best practices for security and efficiency.
Credential Handling: All credentials to access internal infrastructure, including passwords, API keys, SSH keys, and other sensitive information, are securely stored in AWS Secrets Manager or Azure Key Vault. This approach prevents any credentials from being stored in source code, reducing the risk of unauthorized access.
Credential Updates: We automate credential rotation within AWS Secrets Manager and Azure Key Vault, ensuring that keys are regularly updated without manual intervention. Once updated, credentials are securely propagated to the relevant systems, and all changes are logged for audit and compliance purposes.
Deployment Process: CYPHER Learning utilizes a secure and automated deployment process through Capistrano for application deployment, with GitHub managing the codebase. We have containerized our application and, as of June 2023, are migrating to Kubernetes with a full CI/CD pipeline for continuous deployment. This pipeline ensures that credentials are securely injected at runtime, without exposing them during the deployment process.
Security of Application Servers and Services:
- Application Servers: Our application servers, distributed across multiple availability zones, are protected by firewalls restricting traffic to essential services. Each server's disk is encrypted for added security.
- Job Servers: Background jobs are processed by encrypted job servers distributed across availability zones, with access restricted to necessary services.
Data Storage and Security:
- Redis Cache: We utilize Amazon ElastiCache for cached data storage, enhancing performance and maintaining high availability.
- MySQL Database Cluster: MySQL 8 powers our database, with Multi-AZ and Read Replica configurations to ensure high performance and availability.
- File Storage: AWS S3 and Azure Blob Storage are used for securely storing user-uploaded files, with additional security provided by serverless Lambda processes.
Search and Content Delivery:
- Search: AWS ElasticSearch and Azure Search Service are employed to quickly index and retrieve data, reducing the load on primary databases.
- Content Delivery: AWS CloudFront and Azure FrontDoor manage global content delivery, ensuring users receive content from the fastest data center, secured with custom SSL certificates.
DNS and Email Services:
- DNS: Amazon Route 53 and Azure DNS ensure highly available and geographically distributed DNS hosting for fast and reliable domain resolution.
- Email Delivery: AWS SES is used to manage email delivery, providing centralized monitoring and compliance features, with options for custom SMTP configurations.
CYPHER Learning data centers are hosted on AWS, which provides enterprise-grade physical and operational security. Key measures include:
- Staff Screening & Access: AWS data center personnel undergo rigorous background checks, and physical access is restricted via biometric and badge-based controls.
- Monitoring: Both proactive (real-time threat detection via AWS GuardDuty) and reactive monitoring are in place. Infrastructure is also monitored using DataDog and AWS CloudWatch.
- Bulk Restrictions: IP whitelisting and access control policies prevent unauthorized bulk access.
- Intrusion Detection & Alerting: Automated threat detection tools (e.g., GuardDuty, Inspector) trigger alerts and log incidents for review and response.
Yes. The security and monitoring systems for CYPHER Learning's data centers are primarily provided by third-party services, notably AWS, which handles physical security, threat detection, and infrastructure monitoring.
CYPHER Learning relies on AWS data centers, which maintain Tier 3+ physical and environmental controls, including:
- 24/7 surveillance, biometric access, and mantraps
- Fire detection and suppression systems
- Redundant power (UPS, generators) and cooling systems
- Geographic diversity with regional hosting in North Virginia (USA), Frankfurt (EU), and Sydney (AU)
These controls meet global compliance standards like SOC 2, ISO 27001, and FIPS 140-2. All physical infrastructure is managed exclusively by AWS.
CYPHER Learning employs robust auditing and penetration testing practices:
- Penetration Testing: Conducted by third-party experts at least annually, covering application, API, and infrastructure layers.
- Log Monitoring: Logs include system events, user activity, API calls, authentication events, and error logs. These are reviewed via AWS CloudWatch, DataDog.
- Review Frequency: Security logs are monitored in real-time with periodic review by the security team, and alerts are triggered on anomalies.
- Audit & Remediation: Our last SOC 2 Type 2 audit (Sept–Nov 2023) identified minor issues (e.g., access control logging), which were promptly remediated through tightened RBAC policies and updated logging configurations.
Security reviews and audits are part of our continuous compliance and risk management strategy.
Clients using CYPHER Learning have the ability to:
- Inspect and monitor user activity via reporting logs (e.g., logins, course activity, admin actions)
- Export reports for compliance tracking and historical reviews
- Integrate via API
- Customize role-based access to limit or expand visibility into system actions
- Request audit logs or access reports through support or data request channels
No. CYPHER Learning has not experienced any known security breaches within the last 5 years. The company maintains rigorous security practices, including SOC 2 Type 2 compliance, regular penetration testing, continuous monitoring, and incident response protocols to prevent and detect potential threats proactively.
In the event of a security breach, CYPHER Learning follows a formal Incident Response Plan, which includes:
- Immediate containment and assessment of the breach
- Customer notification within 72 hours of confirmed breach discovery, per GDPR and industry best practices
- Direct communication via email and account representatives
- Ongoing updates as investigation and remediation progress
CYPHER Learning enforces data quality through:
- Field validations for formats and required inputs (e.g., email, names)
- Dropdowns and pick lists to standardize entries
- CSV/API upload checks to ensure data integrity before importing
- API schema validation for data type and structure
- Role-based permissions to limit who can modify key data
- AI Crosscheck during course creation to ensure content accuracy and flag inconsistencies
- xAPI Dictionary standardization customizable by administrator to standardize data usage
CYPHER Learning proactively monitors regulatory changes through dedicated compliance and legal teams. When new laws arise:
- Impact assessments are conducted to evaluate platform and policy changes.
The platform is fully web-based and designed to be compatible with modern, standards-compliant browsers to ensure optimal performance and security. CYPHER Learning supports and is certified against the following browser versions:
- Google Chrome (latest two stable versions)
- Mozilla Firefox (latest two stable versions)
- Microsoft Edge (latest two stable versions)
- Apple Safari (latest two stable versions on macOS)
CYPHER Learning follows a structured certification process for new browser versions:
- Monitoring Releases: New browser version releases are tracked for major browsers (Chrome, Firefox, Edge, Safari)
- Automated Testing: Core platform functionality is tested using automated test suites on the latest browser versions
- Manual QA: Key workflows (e.g., login, course access, admin tasks) are validated manually in staging environments
- Issue Resolution: Any incompatibilities or UI issues are resolved before certification
- Approval & Support: Once verified, the browser version is added to the supported list and monitored for ongoing performance
Yes. CYPHER Learning provides limited backward compatibility with older browser versions, focusing on maintaining functionality for the last two stable versions of major browsers (Chrome, Firefox, Edge, Safari). While basic access may still work on older versions, full functionality and support are not guaranteed, and users are encouraged to use up-to-date browsers for optimal performance and security. Additional versions may be supported for longer periods to support transitions when required.
Yes. The CYPHER Learning platform operates over HTTPS on port 443 for all browser and API communications.
Yes. JavaScript must be enabled to use the CYPHER Learning platform. JavaScript is essential for core functionality, including navigation, interactive elements, and dynamic content rendering across the user interface. Additionally, xAPI content that is played requires JavaScript as part of the content package requirements.
Customers connect to the CYPHER Learning platform via a secure web browser or mobile application over HTTPS. Access is provided through a unique or branded URL. Authentication is handled via standard login, SSO (e.g., SAML, LDAP, Google, Microsoft), or integrated identity providers.
CYPHER Learning implements Role-Based Access Control (RBAC), assigning users roles like admin, instructor, or learner, each with specific permissions. Roles define what users can see and do within the platform. Admins can also create custom roles with fine-grained control, ensuring users only access what they’re authorized to.
Auditability by user ID is managed internally by CYPHER Learning DevOps and Support teams. Detailed logs track user actions and are tied to specific user IDs, but these logs are not directly accessible by clients. Clients can request access to relevant audit data through support channels for compliance or investigation purposes.
Yes. CYPHER Learning allows local system administrators to create, copy, edit, and delete custom role types directly within the platform — independent of any HR system. However, periodic recertification and approval workflows are not built-in and would need to be managed externally or through organizational policy.
Yes. CYPHER Learning can automatically assign or reassign roles in bulk using employee or organizational data via:
- CSV imports
- API calls
- SSO attribute mapping (e.g., from Okta or Azure AD)
Artificial intelligence
The architecture of the CYPHER GenAI solution leverages multiple third-party large language models (LLMs), including OpenAI and Anthropic models, to power its AI capabilities, with the ability to add additional models as they become available. CYPHER AI is designed to support the platform’s various learning features, such as skills development, personalized learning, and adaptive content recommendations.
Key components of the CYPHER AI architecture include:
- Third-Party LLM Integration: CYPHER utilizes premium third-party LLMs for natural language processing (NLP) and generative capabilities. These premium models are trained on publicly available and licensed datasets. Customer data is not used to train or fine-tune these models, ensuring privacy and minimizing intellectual property risks.
- Prompt Engineering: To ensure predictable and structured AI outputs, the system uses template-driven prompts that guide the LLMs. This approach increases the reliability of AI-generated content and helps reduce issues like hallucinations or bias.
- CYPHER AI Crosscheck: A multi-layer review process that cross-verifies AI-generated content via another AI model. It flags inaccuracies and hallucinations, suggests improvements, and allows users to verify and refine the output. This additional layer helps maintain content accuracy and reliability, ensuring that the AI-generated results meet high-quality standards.
- User Control and Transparency: CYPHER’s AI tools are assistive, not autonomous. Users have full control over AI-generated content, allowing them to review, edit, and make decisions on the content. This ensures human oversight in the learning process.
Overall, the architecture of CYPHER AI focuses on providing intelligent, personalized learning experiences while maintaining transparency, accuracy, and privacy.
Yes. While CYPHER AI utilizes specific AI models as part of its core functionality, the architecture is intentionally modular, allowing individual models to be replaced based on changes in technology as well as clients needs. An individual AI model may be replaced with another at any time based on architectural or client needs.
Yes. The GenAI architecture supports both multi-language and multi-modal capabilities. It can generate and translate content in over 52 languages and handle various content formats, including text, audio, and interactive elements.
CYPHER Agent is powered by multiple advanced large language models integrated securely into the platform. These models are not open-source and are accessed through vetted, enterprise-grade APIs, avoiding any training of outside models on learning content and activities. The platform is designed with flexibility to evolve its model strategy as needed for compliance, performance, or customer-specific requirements.
CYPHER Agent leverages a streamlined LLMOps process tailored for secure, scalable, and high-quality GenAI service delivery:
- Model Operations: We use managed, enterprise-grade API-based LLMs, removing the need for in-house model deployment or maintenance.
- Prompt Engineering: CYPHER continuously tunes prompts to align responses with context, user roles, and platform objectives.
- Monitoring & Guardrails: Real-time logs, usage tracking, and content filters ensure safety, relevance, and compliance.
- Feedback Loop: User ratings and comments feed into prompt refinement and product updates.
- Integration Framework: The Agent is embedded into the CYPHER platform via secure APIs and role-based logic, enabling controlled access and response tailoring.
CYPHER Learning overlays guardrails to prevent responses to inappropriate questions, ensuring responsible and ethical AI behavior. These guardrails are customizable by the client to restrict topics that are not related to specific job responsibilities and adjust the tone and personality of the AI.
CYPHER Agent does not use fine-tuned models based on customer data. All proprietary data stored in a RAG is associated with the tenant and is deleted upon contract termination. If the contract ends or a better model becomes available, CYPHER can seamlessly switch to an alternative foundational model without impacting customer data or platform functionality.
Use of CYPHER Agent is governed by the existing CYPHER Learning Master Subscription Agreement (MSA). Key license terms include:
- The customer retains ownership of all inputs and outputs generated through CYPHER Agent.
- CYPHER does not use customer data for model training or external purposes.
- Customers have full access to the GenAI features and use of the features is credit-based.
Security and RBAC for CYPHER Agent are enforced through the same robust framework used across the CYPHER Learning platform:
- User roles and permissions determine who can access CYPHER Agent and which features they can use (e.g., admins vs. learners).
- Response visibility is scoped by user context, ensuring only appropriate content is served to the right audience.
- Guardrails and content boundaries prevent exposure to sensitive or inappropriate information.
- Unauthorized access is prevented via platform-level controls including authentication (SSO/MFA), session management, and strict role hierarchies.
Users can submit feedback on model responses in CYPHER Learning through:
- Built-in feedback forms within courses or after completing activities (if enabled by admins)
- Surveys or quizzes configured to gather user insights
- Messaging or forum tools for open-ended input
- Support tickets or contact forms for direct feedback to admins or instructors
User feedback is incorporated through a continuous improvement loop:
- Feedback collection
- Quality review
- Model Fine-Tuning: Feedback is used to refine prompts, update knowledge sources, and retrain models when necessary.
- AI Crosscheck: For prompt-based models, refinements are made to improve context awareness and response relevance.
- Release Updates: Improvements are deployed in regular updates to enhance future Agent interactions.
CYPHER Agent’s performance, accuracy, and bias are measured and monitored through a multi-layered framework:
- Accuracy and AI Crosscheck
- Bias Monitoring: Guardrails filter inappropriate or biased content, and ongoing audits help detect patterns requiring adjustment.
- Performance: Metrics like response time, usage volume, and token consumption are continuously logged and analyzed.
- Other metrics we monitor include:
- Engagement rates (how often users interact with CYPHER Agent)
- Resolution rates (how often AI resolves the user query without escalation)
- Topic/domain alignment (to ensure relevance)
- Flag rates (how often users or admins report problematic content)
Testing for CYPHER Agent involves a structured, multi-phase process to ensure quality, accuracy, and safety:
- Pre-Deployment Testing:
- Prompt validation: Ensures consistent, relevant, and safe outputs across use cases.
- Scenario-based testing: Simulates real-world queries for each user role and feature.
- Guardrail checks: Validates content filters and ensures inappropriate or restricted topics are blocked.
- Controlled Rollout:
- Released in test environments or to limited user groups for real-time feedback.
- Monitors response quality, user satisfaction, and interaction success.
- Ongoing Monitoring:
- Continuous logging and review of outputs.
- User feedback collected and analyzed for improvements.
- Iterative Updates:
- Adjustments made to prompts, rules, or logic based on testing insights.
- Guardrails are refined as needed for evolving use cases.
CYPHER Agent mitigates hallucinations using our proprietary AI Crosscheck, which uses multiple LLMs to validate content that is created. This approach not only checks for hallucinations, but also checks for small factual errors and flags these for an administrator or learner.
CYPHER Agent does not require in-house model retraining, as it leverages foundational models maintained and updated by our AI providers. These updates are handled externally, typically on a regular cadence (e.g., quarterly or biannually), and come at no additional retraining cost to the customer.
Instead of retraining, CYPHER focuses on prompt tuning, response filtering, and user feedback loops to continuously improve performance within our use case.
No. Training does not happen inside your tenant, nor is your data shipped out for training. CYPHER Agent does not use customer data to train or fine-tune models. All interactions are processed via secure, enterprise-grade APIs, and user data is kept private, isolated, and never stored or reused for model training purposes.
CYPHER Agent does not perform custom training within customer environments. Instead, it leverages pre-trained foundational models that use a technique called transformer-based deep learning. These models are trained on large, diverse datasets by the provider using supervised and reinforcement learning methods. Proprietary data is handled via Retrieval Augmented Generation (RAG) approaches that isolate client data from the LLMs.
We chose this approach because it ensures:
- High performance and accuracy out of the box
- Reduced risk and cost, since customer data isn’t used for training
- Fast deployment and iteration, using prompt tuning and guardrails rather than complex model retraining
CYPHER Agent can generate explanations that simulate reasoning, but it does not have true awareness or cognition. When prompted, it can provide context or justification based on patterns in its training data and the structure of the prompt.
This capability is useful for:
- Explaining course content or answers
- Describing why a recommendation was made
- Offering step-by-step reasoning in structured tasks
However, these explanations are generated text and should not be interpreted as verifiable logic or factual justification. Guardrails help ensure responses stay within appropriate and accurate bounds.
In CYPHER Agent’s architecture, model versioning is managed externally by our foundational model provider. However, within our platform context, we support prompt versioning and behavior tracking, allowing us to:
- Archive different prompt configurations and response patterns tied to specific timeframes
- Compare output quality, engagement, and feedback metrics across versions
- Roll back or A/B test versions to evaluate performance before broader rollout
Although we don’t host or train custom models in-house, this version tracking ensures we can evaluate and optimize GenAI behavior over time with transparency and control.
CYPHER Agent prevents prompt injection through a layered security approach:
- Input Sanitization: User inputs are sanitized to remove or escape characters and patterns commonly used in injection attempts.
- Scoped Prompt Design: Prompts are carefully constructed to isolate user input from system instructions, reducing the risk of user input overriding intended behavior.
- Guardrails: Filters and validation logic detect and block suspicious or manipulative input patterns.
- Role-Based Context: Prompts are contextualized based on user roles, which limits the exposure of sensitive functions to unauthorized users.
- Monitoring and Alerts: Real-time monitoring flags unusual inputs or model behaviors for review and immediate action.
Database
CYPHER Learning uses a multi-tenant, cloud-based architecture hosted on AWS, designed for scalability, security, and isolation. Here's how it works:
- Tenant Isolation: Each tenant (organization) operates within a logically isolated space in the shared environment. Data is segmented at the database level using unique tenant IDs.
- Scalability: The platform uses autoscaling application servers, Redis for caching, and MySQL clusters with read replicas to handle demand efficiently.
- Availability: Deployed across multiple AWS availability zones (Multi-AZ) to ensure high uptime and redundancy.
- Security: Each tenant's data is securely partitioned, with strict access controls and encryption in transit and at rest.
CYPHER Learning supports alternate site recovery through robust cloud-based infrastructure and disaster recovery strategies:
- Multi-AZ Deployment: The platform is hosted on AWS across multiple availability zones, ensuring automatic failover in the event of a regional disruption.
- Daily Backups: Databases are backed up daily with a 7-day rolling retention and point-in-time recovery.
- Redundancy: Key services, such as application servers, databases, and storage, are replicated and load-balanced.
- Disaster Recovery Plan (DRP): A formal DRP is in place, to restore services swiftly in case of major outages.
- Remote Workforce: In the event of office unavailability, staff operate from alternate, secure locations without service interruption.
CYPHER Learning maintains a comprehensive Business Continuity and Disaster Recovery (BC/DR) plan to ensure resilience and rapid recovery from extended service outages. The plan is led by the VP of Engineering and applies to all business-critical systems. In the event of a disaster, roles and responsibilities across leadership, engineering, and support teams are clearly defined to maintain service continuity.
Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are aligned with the SLAs of our vendor-hosted SaaS platforms (e.g., AWS, Google Workspace, Microsoft 365), ensuring minimal data loss and rapid restoration.
The BC/DR plan is tested at least once per year to validate preparedness and response effectiveness. Following any incident, a formal post-incident review is conducted to drive improvements and maintain compliance with evolving standards.
Replication and redundancy in the CYPHER Learning platform are implemented as follows:
- Database Layer:
- MySQL clusters are deployed in Multi-AZ (Availability Zones) on AWS.
- Automatic replication between primary and standby instances ensures high availability.
- Read replicas are used to distribute load and improve performance.
- Application Layer:
- Hosted on autoscaling EC2 instances across multiple availability zones.
- Load balancers (ELB) distribute traffic and reroute it in case of instance failure.
- Application components are stateless, allowing seamless failover and horizontal scaling.
CYPHER Learning uses full daily backups of the database, retained on a 7-day rolling window. These are supplemented by point-in-time recovery (PITR) capabilities, which rely on transaction logs (delta-based) to restore data to any moment within the backup window.
Backups are taken daily, with a 7-day rolling retention period. In addition to daily full snapshots, transaction logs are continuously recorded, enabling point-in-time recovery within the backup window.
The CYPHER Learning application and infrastructure scale through a combination of horizontal and vertical scaling strategies on AWS:
- Horizontal Scaling: EC2 application servers auto-scale based on demand, adding or removing instances to maintain performance.
- Database Scaling: MySQL clusters use read replicas and multi-AZ setups to handle increased load and ensure availability.
- Caching: Redis is used to reduce load on databases and speed up data access.
- Content Delivery: Static assets are distributed via AWS CloudFront for global performance optimization.
Provisioning and deprovisioning in the CYPHER Learning platform are automated and proactive:
- Automatic Provisioning: New tenants are provisioned via a scripted, monitored process, including setup of environments, user roles, and integrations.
- Deprovisioning: Triggered based on contract status, usage, or admin request—ensuring secure and timely data offboarding.
- Proactive Scaling: The platform uses autoscaling and resource monitoring (via AWS CloudWatch, DataDog) to anticipate demand and adjust resources before bottlenecks occur.
Monitoring is continuous, and while specific SLAs may vary by plan, CYPHER typically supports a 99.9% uptime SLA, with provisioning/deprovisioning aligned to internal response and execution benchmarks (e.g., 24–72 hours for full provisioning).
CYPHER Learning uses a multi-tenant architecture with strict logical data separation. Each customer (tenant) has a unique site ID and data partitions, enforced at the application and database levels.
Role-based access controls and tenant-specific configurations ensure no cross-visibility or access between customer data sets.
CYPHER Learning uses AWS Elastic Load Balancers (ELB) to distribute traffic across application servers in multiple availability zones, ensuring smooth performance across varying customer loads.
Load Balancing & Concurrency:
- Elastic Load Balancing automatically routes users to the healthiest, least-loaded servers.
- No hard concurrency limits are imposed per tenant; the platform is designed to elastically scale based on real-time demand.
- Peak loads in production environments have exceeded tens of thousands of concurrent users globally without degradation.
- Redis caching and read replicas ensure backend performance even during peak concurrency.
Geographic Reach:
- The platform is hosted in AWS regions including North America, Europe, and Asia-Pacific, with CDN support via CloudFront for global performance.
- Users are routed to the nearest edge location for static content and optimized server regions for dynamic content.
Overall, the infrastructure is built to handle enterprise-scale concurrency with minimal to no impact on performance.
The CYPHER Learning platform is designed for high availability with redundancy across key components. While critical elements like the primary database node and application load balancer could act as single points of failure, these are mitigated through Multi-AZ MySQL clustering, read replicas, and stateless, autoscaling application servers. Authentication dependencies (e.g., SSO) and centralized storage (for example S3) are also monitored and managed with failover and recovery strategies to ensure platform resilience.
CYPHER Learning mitigates potential performance bottlenecks such as database load, API spikes, and media delivery delays through optimized architecture including read replicas, Redis caching, autoscaling EC2 instances, and CloudFront CDN. The platform features proactive alerting via AWS CloudWatch, DataDog, and internal monitors to detect and respond to threshold exceptions and system anomalies before they impact users.
CYPHER Learning imposes no storage limits per account. All account types have unlimited storage for course delivery materials and user data. The only constraint is on individual file upload size: students can upload files up to 200MB, while teachers and administrators can upload up to 2GB. Supported file types include standard documents, images, audio, and video formats.
- Supported file types: Common formats such as PDF, DOCX, PPTX, XLSX, MP4, MP3, and images (JPG, PNG, GIF).
- Content retention: Files remain accessible unless manually deleted or removed by adminpolicies.
For non-course delivery files, such as source files, CYPHER allows up to 1TB of storage included, with an overage charge for additional files.
CYPHER Learning uses a hybrid mobile architecture built with React Native, enabling us to deliver high-quality mobile experiences across both iOS and Android platforms from a single codebase. This approach allows for rapid development while still leveraging native modules when needed for performance or device-level access.
Key features include:
- Cross-platform codebase using React Native, with selective use of native modules for optimized performance
- Low-latency and responsive UI using native components and performance-tuned rendering
- Secure authentication, including token-based authentication, biometric support (Face ID/Touch ID), and encrypted local storage
- End-to-end secure communication over HTTPS with SSL pinning for added protection
- Modular architecture with reusable components and scalable state management (e.g., Context or Zustand)
- Offline capabilities, background sync, and push notifications using platform-native services
- CI/CD integration for automated testing, builds, and deployments (e.g., using Bitrise, Fastlane)
This architecture gives us the flexibility and speed of hybrid development while ensuring a native-like user experience and robust security.