Compliance

Eartrainer is designed from the ground up to meet critical privacy and security needs for your organization. This page outlines specific elements of those compliance requirements.

Private Assignments

---

All assignments on eartrainer.io are private, viewable only by the student and associated instructors. For additional information on our privacy practices, please see our Privacy Policy.

Secure Assignment Storage

---

Eartrainer assignments are encrypted and stored in AWS RDS MySQL. AWS employs a wide breadth and depth of security measures for its servers. Eartrainer utilizes AWS's primary security infrastructures, including two-factor authentication for all users.

Data security

---

Users are authenticated at https://www.eartrainer.io using email and password credentials, or via a learning management system (ie. Canvas, Blackboard, etc.).

All Eartrainer authentication and page requests are passed to and from the user's browser via TLS/SSL, and all Eartrainer-stored data is encrypted both in transit and at rest in the database.

System data auditing capabilities include user references, creation, modification, and deletion dates which are kept for courses, feedback pages, media and other relevant data entities.

User specific data we receive from LMS integrations

Eartrainer follows the standard LTI spec. For more information on the required and recommended fields in this spec, see the IMS Global Learning Tools Interoperability® Implementation Guide. When the Eartrainer tool is integrated, Eartrainer receives the following user specific information:

• School ID (tool_consumer_instance_guid): Unique alphanumeric code sent from LMS (D2L receives the code from us)
• School Name (tool_consumer_instance_name): Name of your school
• Course ID (context_id): Unique alphanumeric code generated and sent from LMS
• Course Name (context_title): Name of your course
• Assignment ID (resource_link_id): Unique alphanumeric code generated and sent from LMS
• Assignment Name (resource_link_title): As entered during assignment set up
• Outcome Possible (lis_outcome_service_url): As entered during assignment set up (not all integrations send this in the payload)
• User Name : Full name of user
• User ID (user_id): Unique alphanumeric code generated and sent from LMS
• User Role (roles): Role in LMS course

PCI Compliance

---

eartrainer.io uses Stripe.com to process payments. Stripe.com is required to maintain current PCI compliance (Payment Card Industry Data Security Standard) in connection with processing of user credit cards.

Read about Stripe's security and Level 1 PCI compliance here https://stripe.com/docs/security/stripe

Eartrainer is owned and operated by Lion Theory, LLC. View Lion Theory's PCI compliance report here.

FERPA Compliance

---

The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to protect student identity and academic information from unauthorized disclosure to third parties. Eartrainer complies with all relevant provisions as follows:

• Student account information is private in the system, viewable only by IT administrators.
• Student grading information is viewable only to authorized instructors, reviewers, IT administrators, and to the individual student themselves.
• Authorized Eartrainer staff may access the account information solely for the purpose of providing service and support to the instructor and students. Such access is limited to authorized service and support staff only. Consent for this limited use of their account information is granted by each student user upon signup with required acceptance of the User Terms.

Accessibility

---

The system is designed to work with native accessibility tools within Windows and Mac operating systems as well as the enhanced functions included in modern web browsers.