Security conscious

At Valamis, protecting your data is at the heart of what we do. As a European company headquartered in Finland, we follow the highest industry standards in data security, verification, and storage of personal information. When you work with us, you can feel confident knowing that your learning data is handled with care and kept safe within trusted environments.

Compliant and certified

Cybersecurity

We are certified under ISO/IEC 27001, the leading global standard for managing information security systems. It ensures that we have the right processes in place for resilience and protection.

Data protection

We also comply with SOC 2 Type II (ISAE 3000) standards, proving that our controls safeguard customer data’s security, confidentiality, and privacy.

Information controls

To add another layer of compliance, complementing the ISO27001 certificate, Valamis has also been audited to include ISO/IEC 27017 cloud-specific controls.

Image

Your data, safe with us

For EU customers, all data is stored and processed within EU-based Microsoft Azure data centers by default. This means your learning data stays in the EU, protected under GDPR and European privacy law. For customers outside Europe, US hosting is available on request.

Our security processes are regularly audited against international standards, reinforcing our commitment to keeping your data safe. Encryption is applied both in transit and at rest, and independent verifiers continually review our safeguards.

An image for the Valamis software industry pages showing a young developer coding

Cloud-based and always up-to-date

Security and reliability are built into our infrastructure. We use a Web Application Firewall and DDoS protection through Fastly CDN to guard against cyberattacks. With automation tools like Kubernetes and virtual machine scale sets, we keep systems resilient and downtime minimal. Secure access is managed through Microsoft’s enterprise-grade identity platform.

data graphic in Valamis

Continuous monitoring and accountability

Transparency is part of our promise. Central and audit logging across all services allows continuous monitoring, so we can respond quickly to any issues. These practices ensure your data remains secure, available, and reliable at all times.

Trusted by teams at

xp-inc logo vaillant logo sverok logo too-good-to-go logo skolverket logo rogatis logo lappset logo lightsource bp logo madeiramadeira logo magyar-telekom logo motorsport uk logo mtc logo Image newsec logo lambdachialpha logo idewe logo hema logo helmes logo helsinki logo fcg logo P&G-logo enento logo department-business-trade agibank logo amadeus logo bromford logo bama gruppen logo hg-capital-logo ponsse-logo story homes logo TIAH logo KAvo logo Image Image Image Image Image Image Image Image Image Image Image Image Image

FAQ about data security

Is Valamis an EU company?

Yes, Valamis is headquartered in Finland and operates under EU law.

Where is my data stored with Valamis?

For EU customers, your data is stored in EU-based Azure regions by default. US hosting is available for customers who prefer it.

Does Valamis ever transfer data outside the EU?

Only in rare support cases, and always with legal safeguards such as the EU–US Data Privacy Framework or Standard Contractual Clauses.

Which certifications does Valamis hold?

We are certified for ISO/IEC 27001 and ISO/IEC 27017, and audited against SOC 2 Type II standards.

How is the data encrypted with Valamis?

All data is encrypted both in transit and at rest.

Will Valamis notify us in case of a data breach?

Yes, without undue delay, so you can meet GDPR’s 72-hour notification requirement.

Does Valamis support SSO and access controls?

Yes, we support single sign-on (SAML/OIDC), multi-factor authentication, and role-based access controls.

Want to talk data?

We are trusted by banks and governments alike when it comes to data. To discuss your data requirements get in touch with us.

Book a meeting