Policies & Procedures

Security

The following policy refers to security measures taken by Grok Academy Limited and Grok Learning Pty Ltd. From this point forward any reference to “Grok” implies both Grok Academy Limited and Grok Learning Pty Ltd.

We want to make Grok a safe and secure learning environment for all. If you’ve discovered a vulnerability in Grok, we appreciate your help in disclosing it in a responsible manner.


Compliance

We’re committed to maintaining compliance with COPPA and GDPR. We’ll continue to update our compliance status as it progresses. Please see our Privacy Policy for more information about how Personal Information is managed by Grok.

Infrastructure and Data Locality

Where Grok stores Personal Information in third-party services, we ensure that this data is located in Australian data centres, encrypted at rest and in transit. Refer to our Privacy Policy for full details about how we use Personal Information.

All of Grok’s application and data is hosted on Amazon Web Services (AWS), a highly-scalable cloud computing platform with end-to-end security and privacy features built in.

All data stored by the Grok platform is located in Australia, in the Sydney AWS region. This data is encrypted at rest and encrypted in transit.

For more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

Grok synchronises Personal Information of Educators and aggregated usage data for Institutions with Microsoft Dynamics 365 for the purposes of sales, marketing, and support.

Grok’s Microsoft tenant, for all services, including Microsoft Dynamics 365 is hosted in Microsoft’s Australian data centres.

Need to report a code security issue?

We want to make Grok a safe and secure learning environment for all. If you’ve discovered a vulnerability in Grok, we appreciate your help in disclosing it in a responsible manner.

If you’ve discovered a security concern, please email us at security@groklearning.com. We’ll work with you to ensure we address the scope of the issue and fully address the concern. Any email sent to that address receives the highest priority and our full attention. Our PGP key can be found here.

We won’t take any legal action against you, or disable your account, assuming you do not deliberately exploit the issue. We understand and appreciate the work of white hat security researchers, and thank you for your help.

We’re grateful to all the vigilant programmers and users who have either audited our security or reported vulnerabilities. To all the people who have reported issues in the past, thanks for doing your part to keep Grok and the entire ecosystem safe.