Built openly. Verified honestly.
Every claim on this page is labelled Live, In progress, or Planned. If it isn't Live, we won't pretend otherwise.
The pack is a ZIP with a one-page security fact-sheet, sub-processor register, DPA template, and full compliance dossier — everything a vendor-review team typically asks for on day one.
Every credential is signed by a real UAE company.
The Academy is operated end-to-end by ITHR Technologies Consulting LLC — a UAE-registered consulting firm. We stand behind every certificate we issue, in our own name.
What is protecting your data today.
Below is the honest picture: what is running in production right now, what we are actively working on, and what is still on the roadmap.
Where your data lives today — and where it is going.
The MVP is deployed on a managed Kubernetes cluster in a shared cloud region. That is fit for demonstration and pilot workloads, not for regulated production. The next infrastructure milestone is to migrate to a UAE-resident production environment so that customer and learner data remains within the United Arab Emirates.
Enterprise customers with strict data-residency requirements can request the migration timeline and DPA terms before onboarding.
Who we rely on to run the Academy.
We do not sell learner data, and we do not use enterprise customer data to train third-party AI models. If a sub-processor changes, this page is the source of truth.
Honest limits.
- · We are not yet SOC 2 attested. Any footer badge, brochure, or reseller deck that says otherwise is incorrect — please tell us so we can fix it.
- · We do not yet hold ISO/IEC 27001 certification.
- · We do not yet hold ISO/IEC 17024 personnel-certification-body accreditation. Our credentials are trustworthy because of our public verification registry, published rubric, and legal entity behind them — not because of an external body.
- · Data does not yet reside inside UAE borders in production. The MVP runs in a shared cloud region. UAE residency is the next infrastructure milestone.
- · Payments today use a Stripe test key. Real transactions require the live-key cutover.
We prefer to publish this candid list rather than let a procurement questionnaire discover it. When any of the above changes, this page is updated the same day.
Responsible-disclosure researchers are welcome. Please email us before public disclosure.
security@ithr.aeAccess, correction, portability, or deletion — we aim to respond within 30 calendar days.
privacy@ithr.aeThe DPA template ships inside the procurement pack. Executed DPAs are exchanged during procurement.