Your data is protected. Your trust is earned.
Coursebox is built on enterprise-grade security. From how we handle your AI data to where we host your platform, every decision is made with your privacy in mind.
Certified GDPR compliant (Certificate #17412, June 2025)
Azure OpenAI — your data never trains public AI models
Hosted on ISO 27001-certified infrastructure
TLS encryption in transit, encrypted at rest
Security built into every layer
We don't bolt security on as an afterthought. It's engineered into how Coursebox works — from the AI models we use to the infrastructure we run on.
GDPR Certified
Coursebox Pty Ltd is formally assessed and certified for GDPR compliance by AQSR (accredited by USAC). Certificate #17412, valid through June 2026. All personal data is handled lawfully, fairly, and transparently.
Your data stays yours
Your course content, learner data, and proprietary materials are never used to train public AI models — not by Coursebox, and not by any of our AI providers. This is contractually assured.
Enterprise-grade hosting
Every Coursebox portal is hosted on OVH France — ISO 27001-certified data centres with redundant infrastructure, daily backups (14-day retention), and full GDPR compliance. Enterprise clients can add Google Cloud hosting.
Powered by Azure OpenAI — not the public API
In June 2024, Coursebox moved all AI features to Microsoft's Azure OpenAI Service — a private, enterprise-grade environment. Unlike the public OpenAI API, Azure OpenAI means:
Your data is not used to retrain any models
Built-in protections against data leakage and unauthorised access
GDPR-aligned data storage and handling
Backed by Microsoft's global datacentres with high uptime and resilience
Options for organisations to set boundaries around AI usage
Responsible AI, by design
We think carefully about how AI is used in Coursebox — and we are transparent about it.
Human-in-the-loop publishing
All AI-generated course content is reviewed and edited by course admins before any learner sees it. You stay in control of what gets published — AI is your assistant, not the decision maker.
No AI training on your data
Coursebox's policy: customer content and learner data are never used to train or fine-tune AI models unless explicitly agreed in writing. All AI providers we use are held to the same standard.
EU AI Act compliant (from Aug 2026)
From 2 August 2026, Coursebox will enable AI disclosure notes for interactive AI features (AI Tutor, grading), machine-readable markers for AI-generated content, and contextualised notes for AI-generated video.
Our AI providers and their data commitments
Every AI provider Coursebox uses is evaluated for security posture, data handling, and enterprise compliance before integration.
Microsoft Azure OpenAI — AI writing, tutoring, and content generation. Microsoft confirms Azure OpenAI does not use customer data to retrain models.
Google Gemini Pro — AI image generation. Image prompts and responses are not used to train Google's models.
Microsoft Azure Neural TTS — AI voiceovers. Processed within Microsoft's secure cloud. Data is not used to retrain public models.
HeyGen — AI avatar video. HeyGen confirmed in writing (26 Feb 2026) that Coursebox's Enterprise API account is fully opted out of model training and removed from all data training pipelines.
Chatbase — Support chatbot. Customer data is not used to train public foundation models. Data is processed only to provide responses within your environment.
Mistral — Document image extraction. Processing is performed via secure API. Extracted content stays within your Coursebox environment and is not used to train external models.
Hosting built for compliance
Every Coursebox portal runs on infrastructure designed to meet the highest standards of security and data protection.
OVH France (default — all plans)
ISO 27001-certified European cloud hosting. Meets GDPR and EU data protection regulations. Redundant infrastructure with daily backups retained for 14 days. High availability and scalable performance.
Google Cloud (Business & Enterprise add-on)
Need hosting closer to your learners or aligned with existing enterprise infrastructure? Business and Enterprise clients can select Google Cloud hosting in regions outside France.
Data transfer safeguards
Where personal data is transferred outside the EU/EEA, Coursebox ensures adequate protections through Standard Contractual Clauses (SCCs) and GDPR-compliant cloud providers.
Security questions, answered
No. Coursebox's policy is that customer content and learner data are never used to train or fine-tune AI models unless explicitly agreed in writing. This applies to Coursebox and all our AI providers, including Microsoft Azure OpenAI, Google Gemini Pro, and HeyGen.
By default, all Coursebox portals are hosted on OVH France — an ISO 27001-certified European cloud provider that meets GDPR requirements. Business and Enterprise clients can add Google Cloud hosting in other global regions.
Yes. Coursebox Pty Ltd is formally certified for GDPR compliance by AQSR, accredited by the United States Accreditation Council. Certificate Number: 17412, valid through June 2026. You can verify this at www.aqsrworld.com.
All data transmitted between users and Coursebox is encrypted using TLS. Data stored on Coursebox infrastructure is encrypted at rest.
We transitioned in June 2024 to give clients greater assurance over data privacy. Azure OpenAI runs within Microsoft's private enterprise cloud — your data never passes through shared public infrastructure and is contractually confirmed to not be used for model retraining.
HeyGen has formally confirmed in writing (26 February 2026) that Coursebox's Enterprise API account is fully opted out of model training and removed from all data training pipelines.
From 2 August 2026, Coursebox will comply with EU AI Act Article 50 requirements — enabling AI notes for interactive features, machine-readable markers for AI-generated content, and disclosures for AI-generated video. For SCORM, LTI, or iframe deployments, the course publisher is responsible for learner-facing disclosures.
Yes. Visit www.aqsrworld.com and search using Certificate Number 17412 to independently verify Coursebox's GDPR compliance certification.
Have security questions?
Contact our team at support@coursebox.ai or read our full Privacy and Data Protection documentation.
Full privacy documentation
Read our complete Privacy and Security policy — including platform architecture, GDPR compliance, responsible AI practices, and third-party provider data commitments.
Annual GDPR assessments
Our GDPR certification is subject to annual assessment by AQSR to ensure ongoing compliance as regulations and AI capabilities evolve.
Enterprise security reviews
Need a security questionnaire, Data Processing Agreement, or procurement documentation? Contact your Coursebox Account Manager or reach out at support@coursebox.ai.