Join the Dynamic Pricing Community, our exclusive community of over 250 retail pricing experts.
At 7Learnings, security and data protection are foundational to our AI-powered retail optimization platform. We recognize that our customers trust us with business-critical data that directly impacts pricing, revenue, and profitability. We design our systems, processes, and governance to exceed the highest enterprise standards.
We maintain a “trust-but-verify” approach to security. Our controls are independently audited to ensure they are well-designed and consistently operated.
Confirms our commitment to security, availability, and internal governance over time.
Validates our international standard for information security management systems.
We use Vanta, a live trust management platform, to monitor our security posture 24/7 and provide real-time visibility into control effectiveness.
We perform annual penetration tests of our SaaS and Cloud services to identify and mitigate potential vulnerabilities.
Unlike multi-tenant providers, we employ strict client separation to prevent cross-contamination of data.
Project Isolation: Each client is deployed within a dedicated GCP project.
Component-Specific Security: We maintain customer-specific isolation across the Data Layer, Frontend, Backend, Optimizer, and Onboarding tools.
Network & Service Isolation: We operate VPC Service Controls to ensure data remains within client projects and cannot be exfiltrated to unauthorized networks.
Your data remains your property at all times. We protect it using the following protocols:
Encryption Everywhere: All data is encrypted in transit and at rest using industry-standard protocols.
Customer-Managed Keys: We utilize customer-managed encryption keys, allowing clients the ability to immediately delete keys to render data unreadable if necessary.
Data Minimization: We apply strict data minimization principles in accordance with GDPR and other applicable privacy laws.
Access is granted based on specific job responsibilities and "need-to-know" principles.
Only authorized data scientists and cloud admins can access project data.
We support Single Sign-On (SSO) and enforce Multi-Factor Authentication (MFA) where applicable.
We audit resources, permissions, and data access every three months.
All infrastructure changes are deployed via IaC to ensure consistency and auditability.
We run daily vulnerability scans on all dependencies and container images.
We maintain defined escalation processes and business continuity plans to ensure service resilience and transparent communication.
Every 7Learnings employee receives regular security awareness training to ensure best practices are followed across the board.
We believe in full transparency regarding our security posture. Our comprehensive security documentation and certification details are available to customers and prospects upon request.
Need to know more? Here are answers to the most common questions.
We utilize a single-tenant SaaS architecture. Unlike shared environments, each client’s service is deployed into its own dedicated Google Cloud Platform (GCP) project. This ensures strict separation of frontend, backend, and data layers.
All customer data is encrypted both in transit and at rest using industry-standard protocols. Specifically, we utilize customer-managed encryption keys. This provides you with ultimate control: keys can be immediately deleted to render data unreadable if required.
In addition to standard firewalls, we operate network (VPC) and service (VPC Service Controls) isolation. This ensures that cloud services and data can only be accessed from secure networks and that sensitive information never leaves your specific client project.
We follow the principle of least privilege. Access is restricted to only the specific data scientists assigned to your project and required cloud administrators. All access rights are reviewed every three months to maintain compliance.
Our security posture is monitored 24/7 through our security provider, Vanta, which runs automated tests against our GCP setup. Furthermore, we conduct daily vulnerability scans on all dependencies and container images and perform yearly penetration tests of our SaaS and Cloud services.
Yes. We process all personal data in accordance with the General Data Protection Regulation (GDPR). We apply data minimization principles and maintain clear contractual frameworks to define data processing responsibilities.
To prevent manual errors and unauthorized configurations, all changes to our infrastructure are deployed via Infrastructure as Code (IaC). We also enforce a variety of GCP organization policies to maintain a hardened security baseline across all environments.
Book a demo with one of our experts and learn how our software can grow your profit and revenue.
