This Hosting & Licensing Statement (the “Statement”) outlines where and how Shiminly Inc. (“Shiminly,” “we,” “our”) hosts its self paced life skills platform, which third party providers we rely on, and the intellectual property licences that govern the content we publish. It is part of our Trust Center commitment for learners and institutions in the United States, United Arab Emirates, and India.
| Layer |
Provider |
Region(s) |
Compliance Highlights |
| Learning Management System (LMS) |
LearnWorlds |
Primary: EU (Cyprus / Frankfurt DE) |
GDPR aligned; ISO 27001 certified data centers; automated daily backups |
| Content Delivery Network (CDN) |
Cloudflare |
Global edge, incl. USA, UAE, India |
DDoS mitigation; WAF; HTTP/2; TLS 1.3 |
| Payments |
Stripe Payments LLC |
USA (primary), EU, India |
PCI DSS Level 1; 3 D Secure; SCA |
| Email & Notifications |
Postmark (ActiveCampaign) |
USA |
SOC 2 Type II |
| AI Services |
Azure OpenAI (Microsoft) |
EU (Ireland) |
SCCs; ISO 27018 |
Data Residency & Failover
- Primary storage sits in the EU (Frankfurt), chosen for its strong data protection safeguards and geo redundant backups.
- Regional caching: Static assets (images, JS, CSS) are cached at Cloudflare POPs nearest the learner for low latency in the USA, UAE (Dubai), and India (Mumbai & Chennai).
- Disaster recovery: Point in time backups retained for 30 days; warm standby in EU West 2.
- USA ↔ EU: Standard Contractual Clauses (SCC 2021/914) + supplementary encryption controls.
- UAE / India → EU: Approved contractual clauses under PDPL Art. 23 and DPDPA Sec. 16.
- No onward transfers to non adequate countries without contractual or technical safeguards.
A live registry of all third party processors (purpose, location, certification) is maintained at /subprocessors and updated at least quarterly.
| Certification / Audit |
Scope |
Status |
| ISO 27001:2013 |
LearnWorlds infrastructure |
Certified (exp. Mar 2027) |
| SOC 2 Type II |
Email & transactional messaging |
Certified (Postmark 2025 report) |
| PCI DSS v4.0 |
Cardholder data (Stripe) |
Certified (ROC 2025) |
| Penetration test |
Shiminly web app |
Last test May 2025 – no critical findings |
Copies of attestation letters are available to institutional clients under NDA.
•
© 2025 Shiminly Inc. All curriculum videos, text, assessments, and graphics are proprietary unless labelled otherwise.
• Student generated artifacts remain the intellectual property of the student; see § 4 of our Terms of Use.
• Third party assets (e.g., stock images, icon sets) are used under commercial licences from Envato Elements, Lucide React, and Noun Project.
• Open source software is incorporated under permissive licences (MIT, Apache 2.0). A full OSS attribution list is available at /open source credits.
Prohibited Uses
Except as expressly permitted under our Terms of Use, you may not reproduce, redistribute, translate, or create derivative works from Shiminly content without prior written permission. Educational institutions may request a custom licence; contact legal@shiminly.com.
• Cognia® Accreditation: Shiminly is an internationally accredited education provider (Accreditation ID # CNG LSE 0925).
• NovaTrax® and LSE Mastery™ are registered or pending trademarks of Shiminly Inc.
| Topic |
Email |
| Security or privacy incident |
security@shiminly.com |
| Licensing enquiries |
legal@shiminly.com |
| Institutional due diligence (RFP) |
partnerships@shiminly.com |
Postal mail: Shiminly Inc. 293 Boston Post Rd, Suite 301, Marlborough MA 01752, USA
| Quarter |
Milestone |
| Q4 2025 |
SOC 2 Type I report for Shiminly core app |
| Q2 2026 |
ISO 27701 privacy extension kick off |
| Q3 2026 |
Multi region data layer replication to India Central for local redundancy |
