Security Statement

Security Statement

Last updated: December 26, 2025

This Security Statement provides an overview of how Learning-Focused protects information when delivering its website, Learning-Focused Online, and the Spark suite of apps. It is intended to support transparency for educators, schools, districts, and partners.

This statement is informational and should be read alongside our Privacy Policy and Subprocessors & Data Flow page.

1) Security Overview

Learning-Focused delivers its Services using reputable, industry-standard platforms and follows a shared responsibility model for security. We design our products to minimize data collection, avoid unnecessary student information, and rely on established providers for infrastructure security.

Our Services are built primarily for K–12 educators, schools, and districts.

2) Platform-Hosted Infrastructure

Learning-Focused does not operate its own data centers. Instead, our Services are hosted by trusted third-party platforms:

  • Shopify hosts learningfocused.com and our online store and processes certain payments.
  • Thinkific hosts learningfocusedonline.thinkific.com and delivers Learning-Focused Online courses, memberships, and resources, and processes certain payments.
  • Pickaxe provides the application layer for Spark apps.
  • OpenAI (API) processes AI prompts and generates outputs for Spark apps.
  • Google (Google Sheets) stores educator-created planning information from Spark apps.

Learning-Focused does not store full payment card numbers. Payment information is handled directly by Shopify, Thinkific, and their payment partners.

For a current list of subprocessors and data flows, see:
https://learningfocused.com/pages/subprocessors

3) Data Minimization and Student Data

  • Spark apps are designed to function without student names or direct student identifiers.
  • Educators are instructed not to enter student personal information into Spark tools.
  • We collect and store only the information reasonably necessary to provide the Services.

This approach reduces risk and supports K–12 privacy expectations.

4) Encryption and Transmission Security

  • Data in transit is protected using HTTPS/TLS encryption as provided by our platform vendors.
  • Data at rest is protected using platform-managed encryption provided by Shopify, Thinkific, Pickaxe, OpenAI, and Google.
  • Learning-Focused does not manage or access raw encryption keys used by these platforms.

5) Access Controls

  • Administrative access to platforms is limited to authorized Learning-Focused personnel.
  • Access is granted based on role and job responsibility.
  • Account credentials must be kept confidential by users.

We do not currently offer single sign-on (SSO).

6) Application and AI Security

  • Spark apps include safeguards designed to prevent misuse.
  • AI features are assistive only and require human review.
  • Users are prohibited from attempting to bypass safeguards or use Spark apps for harmful or unlawful purposes.

AI requests are routed through Pickaxe and processed by OpenAI via API. Inputs and outputs are used only to provide the requested functionality.

7) Monitoring and Incident Response

  • We monitor platform status notifications and security advisories from our providers.
  • If Learning-Focused becomes aware of a confirmed security incident that materially affects user data, we will take reasonable steps to notify affected customers without undue delay, consistent with applicable law.
  • We coordinate incident response activities with our platform providers as appropriate.

8) Data Retention and Deletion

  • Personal information is retained only as long as reasonably necessary to provide the Services and meet legal or operational requirements.
  • Users may request deletion of their information as described in our Privacy Policy, subject to legal and technical limitations.

9) Subprocessors

A current list of subprocessors and a description of data flows is available here:

https://learningfocused.com/pages/subprocessors

10) Customer Responsibilities

Security is a shared responsibility. Users and organizations should:

  • Use strong passwords and keep credentials confidential.
  • Limit account access to authorized users.
  • Avoid entering sensitive or prohibited data into Spark apps.

11) Updates to This Statement

We may update this Security Statement from time to time to reflect changes in our Services or practices. Updates will be posted on this page with a revised “Last updated” date.

12) Contact

Questions about this Security Statement or security-related concerns may be directed to:

Learning-Focused
Email: support@learningfocused.com
Address: 200 District Drive, Suite 001, Asheville, NC 28803, USA