How We Keep Your Data Safe

    Your courses, your students' information, and your business data deserve serious protection. Here's how Ruzuku keeps everything secure.

    Encryption Everywhere

    All data is encrypted in transit with TLS/SSL and at rest. Your course content and student information stay protected at every step.

    Strict Access Controls

    Only authorized team members can access systems, and only when there's a genuine business need. We follow the principle of least privilege.

    Reliable Backups

    Automated backups run regularly, stored separately from production systems. Your courses and data can be recovered if anything goes wrong.

    Privacy by Design

    We collect only what we need, never sell your personal information, and give you control over your data. GDPR principles guide our approach.

    Data Encryption

    Every connection to Ruzuku is encrypted using TLS/SSL — the same technology banks use to protect online transactions. Whether you're building a course, uploading content, or your students are logging in, the data moving between their browser and our servers is encrypted in transit.

    Data stored on our servers is also encrypted at rest. This means that even in the unlikely event of unauthorized physical access to our infrastructure, your information remains unreadable without the proper encryption keys.

    Payment Security

    When your students make a purchase, their payment is processed securely by Stripe or PayPal — industry-leading payment processors with PCI DSS Level 1 certification (the highest level of payment security).

    Ruzuku never stores credit card numbers, CVVs, or other sensitive payment card data on our servers. Card information goes directly to the payment processor and never touches our systems.

    Access Control

    Access to Ruzuku's production systems is restricted to authorized team members who need it for their specific role. We follow the principle of least privilege — people only get access to the systems and data they need to do their jobs, nothing more.

    Multi-factor authentication is required for infrastructure access. All team members undergo background checks, and access rights are reviewed regularly to ensure they remain appropriate.

    Infrastructure & Hosting

    Ruzuku runs on professional cloud infrastructure with physical security controls including restricted facility access, environmental protections, and 24/7 monitoring. Our hosting providers maintain industry-standard certifications for their data centers.

    Network-level protections include firewalls, intrusion detection systems, and continuous monitoring for unusual activity. Production, development, and testing environments are kept completely separate to prevent any accidental exposure of live data.

    Backups & Disaster Recovery

    Your courses and data are backed up automatically on a regular schedule. Backups are stored in a separate environment from production, so even a major infrastructure issue wouldn't affect both your live data and its backups simultaneously.

    We maintain documented disaster recovery procedures and test them to ensure we can restore service promptly. Our goal is to make sure your courses and student data are always recoverable.

    Privacy & GDPR

    We follow data minimization principles — we only collect personal information that's necessary to provide our service. We never sell your data or your students' data to third parties.

    Ruzuku complies with GDPR requirements for data protection. This includes respecting data subject rights: you and your students can request access to personal data, ask for corrections, or request deletion. For full details, see our Privacy Policy.

    Incident Response

    We maintain a formal incident response plan that outlines clear responsibilities, escalation procedures, and communication protocols. If a security event occurs, our team follows established procedures to contain, investigate, and resolve the issue as quickly as possible.

    We also monitor for incidents and analyze any that occur to improve our defenses. If a security incident ever affects your data, we'll notify you promptly with clear information about what happened and what steps we're taking.

    Development Practices

    All code changes go through a formal change control process that includes testing and review before reaching production. We maintain separate development, testing, and production environments so that new code is thoroughly vetted before it goes live.

    Our development practices include version control, code review, vulnerability scanning, and management approval for deployments. Test data is kept separate from production data, and sensitive information is scrubbed from test environments.

    FAQ

    Common Security Questions

    Answers to the most common questions about how Ruzuku protects your data.

    Ready to Create Your Course?

    Build and sell your online course on a platform that takes security as seriously as you take your teaching.

    Start Free Today

    No credit card required · 0% transaction fees