Security & Data Privacy in Opigno Enterprise and a Privacy-by-Design Architecture

Q: How secure is Opigno Enterprise and is it GDPR compliant?

Opigno Enterprise is compliant with ISO 27001 and SOC 2 Type 2, and GDPR. The platform is built on a privacy-by-design architecture: all learner personal data is stored locally within each tenant environment — never in the central platform layer — and users are referenced centrally only by anonymized UUIDs. This structural approach means sensitive data is isolated at the architecture level, not managed through policy controls alone. Security features include role-based access control (RBAC), TLS encryption in transit, AES-256 encryption at rest, SAML 2.0 / OAuth 2.0 SSO, MFA support, and comprehensive audit logging. Full security documentation is available at trust.connect-i.ch.

Q: Where is learner data stored in Opigno Enterprise?

Learner personal data in Opigno Enterprise is stored locally within each tenant environment — not in a shared central database. The central backoffice, which manages platform configuration, content publishing, and analytics, stores zero user personal data. Users are referenced centrally only by anonymized UUIDs. Tenant environments (learner platforms) can be hosted on the customer's own cloud infrastructure (AWS, Azure, GCP), in a dedicated private cloud environment hosted in the customer's required geographic region, or fully on-premises — giving organizations complete control over data location and residency.

Q: Does Opigno Enterprise use customer data to train AI models?

No. Opigno Enterprise does not use customer learning data — learner profiles, course content, assessment results, or interaction data — to train external AI models. All AI processing operates within the customer's data environment and is governed by the same access controls and audit logging as the rest of the platform. Organizations with strict data sovereignty requirements can additionally configure the platform to use on-premises or private cloud LLM deployments, ensuring that no learning data is transmitted to third-party AI infrastructure at any point.

Opigno Enterprise is built on a privacy-by-design architecture that makes data protection a structural guarantee, not a configuration option. User data is stored locally within each tenant environment and identified only by anonymized UUIDs at the backoffice level. This means sensitive learner information is architecturally isolated from the moment it enters the system.

The platform is fully compliant with ISO 27001 (information security management), SOC 2 Type 2 (operational data protection), and GDPR. For organizations in regulated industries — pharmaceutical, healthcare, finance, manufacturing — Opigno Enterprise provides the security posture and compliance documentation required to pass enterprise procurement and third-party security audits.

AI features in Opigno Enterprise operate under the same data governance framework: no customer learning data is used to train external AI models, and organizations can deploy with on-premises LLMs to ensure all data remains within their own infrastructure perimeter.

Request a demo

Local Data Storage & Data Residency

In Opigno Enterprise, all learner personal data is stored locally within the tenant environment (learner platform), not in a shared central database. Each tenant operates as a fully isolated data scope, meaning data from one organization or business unit is never co-mingled with another at the storage level.

Hosting options for the tenant environments include:

Customer-managed cloud: Deploy on your own Cloud infrastructure with full control over data location, backup policies, and network access rules
Private cloud: Dedicated cloud environment managed by Opigno's team, hosted in your required geographic region to satisfy data residency requirements
On-premises: On-premises deployment for organizations with strict infrastructure control requirements

Zero User Data in the Central Layer: How Opigno's UUID Architecture Works

Most SaaS LMS platforms store all user data — names, emails, roles, learning history — in a central database shared across the platform. This creates a single point of risk: a breach at the central layer exposes every customer's user data simultaneously.

Opigno Enterprise's architecture inverts this model. The central backoffice — which manages content publishing, tenant configuration, platform analytics, and administrative functions — stores zero user personal data. Users are referenced at the central level only by anonymized Universally Unique Identifiers (UUIDs). The actual user profile, credentials, and learning history exist exclusively within the local tenant environment, under the customer's direct control.

What this means in practice:

A security incident at the central platform layer cannot expose learner personal data — there is none to expose
Opigno's operations team cannot access individual learner data during platform maintenance or support operations
Cross-tenant data correlation at the user level is architecturally impossible
GDPR data subject obligations are fulfilled entirely within the tenant environment

This UUID-based separation architecture is a structural privacy guarantee making Opigno Enterprise a genuinely privacy-by-design platform.

Security Certifications: What ISO 27001 and SOC 2 Type 2 Mean for Your Organization

Opigno Enterprise is compliant with the two most widely required enterprise security certifications for SaaS platform procurement:

ISO 27001

The international standard for Information Security Management Systems (ISMS). Certification requires independent audit of security policies, risk management processes, access controls, incident response procedures, and continuous improvement frameworks.

SOC 2 Type 2

An AICPA attestation that verifies a platform's operational security controls have been consistently applied over a defined audit period (typically 6–12 months).

Regulatory Compliance by Design

Opigno Enterprise's architecture is validated against the major data privacy and security regulations affecting global enterprise training programs.

Opigno Enterprise’s high privacy systems are not just about security—they’re about enabling compliance and scalability for large organizations. By storing data locally in each tenant and using UUIDs in the backoffice, our platform aligns with global privacy regulations, making it ideal for industries with stringent requirements.

The platform's multi-tenant architecture scales compliance horizontally: as new subsidiaries or regions are added, each new tenant environment inherits the same privacy architecture and compliance controls automatically — without additional configuration or security review for each deployment.

Explore our FAQs

Find quick answers to commonly asked questions about Opigno Enterprise

How secure is Opigno Enterprise and is it GDPR compliant?

Where is learner data stored in Opigno Enterprise?

Does Opigno Enterprise use customer data to train AI models?