The privacy of our customers and users is important to us.
We’ve broken down the basics of our data privacy and security practices here, so you can be better informed about them.
Our Commitment
At Rosetta Stone, we are committed to safeguarding our customers' privacy while providing a personalized and valuable service. As reflected in our privacy policies, we use personal data of our customers and users to provide support and continually improve our language and literacy products and services, and to inform our customers and users about those products and services. We are committed to protecting the privacy and security of the personal data of our customers and users, and to working with service provider partners that are similarly committed to the protection and privacy of personal data they process on our behalf.
Information Technology and Security Practices and Protection
A robust information security program is integral to any company-wide commitment to data privacy. Our information security program is designed to reflect our commitment to safeguarding the personal information we receive in an appropriate manner while providing tailored and valuable services. We review our information security program at least annually, with the goal of continually updating or modifying our policies, procedures, and/or the security measures within our information security program to enable us to continue to improve the overall security of our products, services, information systems and operations.
Our information security program is designed to incorporate and address physical, administrative, and technical and organizational security measures in a manner appropriate to the size and complexity of our company, the nature and scope of our services and activities, and the sensitivity of the personal data we process. Under our program, technical and organizational measures for protecting data within our systems include: (i) firewalls and threat detections systems to identify malicious connection attempts to block spam, viruses and unauthorized intrusion: (ii) physical networking technology designed to resist attacks by malicious users or malicious code;and (iii) encryption of data while in transit over public networks using industry standard protocols.
As part of our information security program, we undergo various annual corporate audits and reviews (e.g., PCI-DSS certifications, Sarbanes–Oxley (SOX) audits, etc.), and our overall information security program and our technical and organizational security measures are SOC 2 audited annually to assess and confirm the design and implementation of our information security program. A report detailing the results of our SOC 2 audit is available
here. In addition, we continually monitor for compliance and conduct additional internal reviews to identify potential gaps or areas of improvement to protect against reasonably foreseeable internal and external threats to the security, confidentiality, and integrity of the personal data that could result in the loss, misuse, unauthorized access, disclosure, alteration, or destruction of the personal data and/or Rosetta Stone's hardware or software on which such personal data resides.
We require the data center, colocation and cloud hosting providers that we utilize to deliver and support our products and services to our customers and users to maintain ISO 27000 series certification and/or undergo SOC 2 or successor standard information security audits annually, confirming their implementation of appropriate solutions and approaches to providing layered security and monitoring, including policies, procedures, and physical and logical controls to protect the security, integrity and availability of data.
Training
To ensure that data privacy and security remain a top priority, all employees receive mandatory data privacy and security awareness training annually, with additional targeted data privacy and security training provided to specific practice groups and individuals throughout the year.
Oversight
To help enhance and ensure oversight and accountability within our organization, we’ve appointed a Data Protection Officer responsible for the oversight of data privacy and security awareness and leading our compliance efforts. Our Data Protection Officer reports directly to the Rosetta Stone executive management team, where information security is regularly discussed and reported to the Board of Directors and Audit Committee.