CriticalThink HR
Security First

Trust & Security

Your data security and privacy are foundational to everything we build. We employ enterprise-grade security measures to protect your information and ensure a safe governance training environment.

Privacy PolicyContact Security Team

Short Answer

CriticalThink HR protects SHRM-CP and SHRM-SCP learners with layered security: encrypted connections, provider-managed encryption at rest, secure authentication, Row-Level Security policies, role-based permissions, monitoring, and user data-rights workflows. The goal is to keep account, billing, practice, readiness, and progress data protected while still letting learners export, correct, or delete personal data when appropriate.

What is protected?

Account details, subscription status, study progress, readiness analytics, and platform activity tied to your preparation.

How is access controlled?

Authentication, scoped permissions, secure sessions, and database policies limit access to the right user or administrative role.

What can users request?

Users can request access, correction, export, or deletion, subject to verification and legal retention requirements.

Our Security Pillars

Multiple layers of protection work together to keep your data safe. Our content coverage is mapped across the complete SHRM BASK structure, ensuring no competency or domain is omitted.

Data Encryption

All data is encrypted both in transit and at rest using industry-standard protocols.

  • TLS encryption in transit
  • Encryption at rest (provider-managed)
  • Secure key management

Multi-Factor Authentication

MFA is supported and available to add an extra layer of security to your account.

  • TOTP authenticator app support
  • Email verification codes
  • Recovery code backup

Data Isolation

Your data is logically isolated using Row-Level Security policies at the database level.

  • Row-Level Security (RLS) policies
  • User-scoped data access
  • Audit logging

Secure Infrastructure

Our infrastructure is hosted on enterprise-grade cloud platforms with built-in security.

  • Security-audited cloud hosting providers
  • Automatic security updates
  • High-availability architecture

Access Control

Role-based access control ensures users only access what they need.

  • Role-based permissions
  • Secure session management
  • Automatic session timeout

Security Monitoring

Continuous monitoring and regular audits help us identify and respond to threats.

  • 24/7 security monitoring
  • Regular security audits
  • Vulnerability scanning

Compliance & Privacy

We adhere to industry standards and regulations to protect your privacy.

GDPR Support

Support for GDPR-aligned data rights requests and privacy principles for EU users.

CCPA Support

Support for CCPA-aligned data rights requests and transparency for California residents.

Data Control

You have complete control over your data. Export or delete your information at any time.

Your Data Rights

Right to Access

Request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to Rectification

Request correction of any inaccurate or incomplete personal data. You can update most information directly in your profile settings.

Right to Erasure

Request deletion of your personal data. We will process your request within 30 days, subject to legal retention requirements.

Right to Data Portability

Export your data in a machine-readable format. Your training history and progress data can be exported at any time.

Security Questions

How does CriticalThink HR protect user data?

CriticalThink HR protects user data with TLS encryption in transit, provider-managed encryption at rest, secure authentication, role-based access, Row-Level Security policies, monitoring, and account-level controls.

What personal data does the trust page focus on?

The trust page focuses on account, subscription, training progress, readiness, and platform-use data created while preparing for SHRM-CP or SHRM-SCP.

Can users access, correct, export, or delete their data?

Yes. Users can request access, correction, portability, or deletion of personal data, subject to account verification and any legal retention requirements.

Who should contact CriticalThink HR about security?

Contact CriticalThink HR if you need help with account security, privacy requests, data-rights questions, or a potential security concern involving the platform.

Security Questions?

If you have any questions about our security practices or need to report a security concern, our team is here to help.

Contact UsView Privacy Policy

Built on the CriticalThink Advantage™ methodology

Trust and Security | CriticalThink HR