Your data is protected. Your trust is earned.
Coursebox is built on enterprise-grade security. From how we handle your AI data to where we host your platform, every decision is made with your privacy in mind.
Certified GDPR compliant (Certificate #17412, June 2025) · Azure OpenAI · ISO 27001-certified hosting · TLS encryption in transit and at rest
Security built into every layer
We don't bolt security on as an afterthought. It's engineered into how Coursebox works.
Coursebox Pty Ltd is formally assessed and certified for GDPR compliance by AQSR (accredited by USAC). Certificate #17412, valid through June 2026. All personal data is handled lawfully, fairly, and transparently.
Your course content, learner data, and proprietary materials are never used to train public AI models — not by Coursebox, and not by any of our AI providers. This is contractually assured.
Every Coursebox portal is hosted on OVH France — ISO 27001-certified data centres with redundant infrastructure, daily backups (14-day retention), and full GDPR compliance. Enterprise clients can add Google Cloud hosting.
Powered by Azure OpenAI — not the public API
In June 2024, Coursebox moved all AI features to Microsoft's Azure OpenAI Service — a private, enterprise-grade environment. Unlike the public OpenAI API, Azure OpenAI means:
Your data is not used to retrain any models
Built-in protections against data leakage and unauthorised access
GDPR-aligned data storage and handling
Backed by Microsoft's global datacentres with high uptime and resilience
Options for organisations to set boundaries around AI usage
Responsible AI, by design
We think carefully about how AI is used in Coursebox — and we are transparent about it.
All AI-generated course content is reviewed and edited by course admins before any learner sees it. You stay in control of what gets published — AI is your assistant, not the decision maker.
Coursebox's policy: customer content and learner data are never used to train or fine-tune AI models unless explicitly agreed in writing. All AI providers we use are held to the same standard.
From 2 August 2026, Coursebox will enable AI disclosure notes for interactive AI features (AI Tutor, grading), machine-readable markers for AI-generated content, and contextualised notes for AI-generated video.
Our AI providers and their data commitments
Every AI provider Coursebox uses is evaluated for security posture, data handling, and enterprise compliance before integration.
Microsoft Azure OpenAI — AI writing, tutoring, and content generation. Does not use customer data to retrain models.
Google Gemini Pro — AI image generation. Image prompts and responses are not used to train Google's models.
Microsoft Azure Neural TTS — AI voiceovers. Data is not used to retrain public models.
HeyGen — AI avatar video. Formally confirmed opted out of model training (26 Feb 2026).
Chatbase — Support chatbot. Customer data not used to train public foundation models.
Mistral — Document image extraction. Extracted content stays within your Coursebox environment.
Hosting built for compliance
Every Coursebox portal runs on infrastructure designed to meet the highest standards of security and data protection.
ISO 27001-certified European cloud hosting. Meets GDPR and EU data protection regulations. Redundant infrastructure with daily backups retained for 14 days.
Business and Enterprise clients can select Google Cloud hosting in regions outside France, aligned with existing enterprise infrastructure.
Where personal data is transferred outside the EU/EEA, Coursebox ensures adequate protections through Standard Contractual Clauses (SCCs) and GDPR-compliant cloud providers.
Security questions, answered
No. Coursebox's policy is that customer content and learner data are never used to train or fine-tune AI models unless explicitly agreed in writing. This applies to Coursebox and all our AI providers.
By default, all Coursebox portals are hosted on OVH France — an ISO 27001-certified European cloud provider that meets GDPR requirements. Business and Enterprise clients can add Google Cloud hosting.
Yes. Coursebox Pty Ltd is formally certified for GDPR compliance by AQSR. Certificate Number: 17412, valid through June 2026. Verify at www.aqsrworld.com.
All data transmitted between users and Coursebox is encrypted using TLS. Data stored on Coursebox infrastructure is encrypted at rest.
We transitioned in June 2024 to give clients greater assurance over data privacy. Azure OpenAI runs within Microsoft's private enterprise cloud — your data never passes through shared public infrastructure.
HeyGen has formally confirmed in writing (26 February 2026) that Coursebox's Enterprise API account is fully opted out of model training and removed from all data training pipelines.
From 2 August 2026, Coursebox will comply with EU AI Act Article 50 requirements — enabling AI notes for interactive features, machine-readable markers for AI-generated content, and disclosures for AI-generated video.
Yes. Visit www.aqsrworld.com and search using Certificate Number 17412 to independently verify Coursebox's GDPR compliance certification.
Have security questions?
Contact our team at support@coursebox.ai or read our full Privacy and Data Protection documentation.
Read our complete Privacy and Security policy — including platform architecture, GDPR compliance, responsible AI practices, and third-party provider data commitments.
Our GDPR certification is subject to annual assessment by AQSR to ensure ongoing compliance as regulations and AI capabilities evolve.
Need a security questionnaire, Data Processing Agreement, or procurement documentation? Contact your Coursebox Account Manager or reach out at support@coursebox.ai.