Most providers claim “maximum security” and “GDPR-compliant” on their websites – and you just have to take their word for it. You can’t verify it. I want to do things differently. On this page, I’ll explain how I’ve built this learning platform and why I made the choices I did for each individual component. You won’t need every single detail. But I want you to be able to look behind the words – because trust isn’t built on promises, but on transparency.
I train companies in data protection and cyber security. It would be hardly credible if I didn’t build my own platform to the exact standards I recommend to others. This page is my way of demonstrating that.
First, a guiding principle: as little access as necessary
Behind everything you read here lies a single guiding principle: any access that doesn’t exist cannot be misused. When making every decision, I don’t ask ‘Who could make use of all this?’, but rather ‘Who really needs this – and everyone else stays out.’ That sounds inconvenient, and sometimes it is. But it is the most effective protection there is: data minimisation not as a tiresome obligation, but as a design principle.
Your data stays in Germany
The entire learning platform runs on a German hosting partner certified to ISO 27001 – with data centres in Germany. This isn’t just a Marketing slogan, but a conscious, fundamental decision against the convenient alternative that many choose: a large international cloud, where ultimately no one can say exactly where the data is actually stored or who has legal access to it. Your data and that of your staff remain within the European legal framework. This is verifiable, and it’s important enough to me to forego some convenience for it.
Woody – an AI that never leaves the country
My learning tutor, Woody, is an artificial intelligence that guides your staff through the training and answers their questions. With AI in particular, the obvious solution is to send enquiries to a large provider somewhere in the world. I have deliberately chosen not to do this. Woody runs on an AI infrastructure in Germany. Whatever your employees ask Woody stays within the country and is not used to train third-party models. A confidential question on a compliance issue remains confidential – for a learning tool that’s meant to handle sensitive queries, this isn’t a minor detail, but the very essence of the service.
Every customer learns in their own private space
Many companies use my platform – but none can see the others. Every customer has their own, secure area. No one can tell which other companies are using the platform; no one can see the participants, the progress made or the company-specific content of another organisation. This separation isn’t an afterthought, but is built into the structure from the outset. For you, this means: your training data belongs solely to you, and it remains within your organisation.
Who works on the content
I work with selected freelancers on the general training texts – for specialist translations, for example. This enhances the quality of these texts. Crucially, however, these freelancers do not have access to the platform and do not see any client data. They work exclusively on text files, never on the systems where your training courses and your employees’ data are stored. I implement everything that is client-specific myself. This ensures that the group of people who could potentially come into contact with your data remains as small as possible – in any case, it’s just me.
You protect what is most valuable most rigorously
Not all data requires the same level of protection, and not all needs to be equally accessible. That is why my systems are tiered according to their security requirements. What must be publicly accessible – the learning platform itself – is carefully secured and stands on its own. What only I need is separated from the outside world. And the most sensitive information is deliberately stored where it is best protected: separate from the rest of the system. I do not treat everything with the same medium level of protection, but apply the strongest security measures to what needs them most urgently. I’d be happy to discuss the specifics of this tiered approach in confidence – the architecture itself is part of the protection.
Tools that belong to me
Wherever it makes sense to do so, I rely on European and open-source software rather than closed systems from major providers. Open-source means: the programme code is visible and verifiable; I am not at the mercy of anyone; and I retain control over my own infrastructure. This involves more effort than simply buying into a ready-made, all-in-one package. But it means independence – and independence is the prerequisite for me to be able to promise you honestly where your data is stored and who has access to it.
What I deliberately do not disclose publicly
You will not find any technical details on this page – no version numbers, no configurations, no precise description of exactly what everything is built with or how it is built in detail. This is deliberate, and it’s part of the same care that this page is all about. Such details would be of no use to anyone except someone looking for a vulnerability. I apply exactly the same principle of data minimisation to the information about my own system as I do to your data. If, as a serious prospective client, you’d like to look into this in more depth – for example, for an audit by your own IT department or data protection officer – I’d be happy to discuss the details with you personally and in confidence. The fact that I don’t reveal them to the whole world is not a lack of transparency, but the best proof that I take my own principles seriously.
Let’s talk about it
If you’d like to know exactly how this platform works for your business, or if your IT department has security questions that go beyond what’s covered on this page, please get in touch. I’ll explain openly whatever you’d like to know – and tell you honestly where, for good reason, I keep the door closed. It is precisely this balance of openness and care that I owe to you and your employees’ data.
