This page summarises how we think about securing rushmind.co.uk and what you can do to protect your account. It supplements our Privacy policy and Terms & conditions.
1. Our approach
Rush Minda Hub uses industry-standard controls appropriate to our size and risk: encrypted transport (HTTPS), access controls on production systems, separation of environments where practicable, dependency and patch processes, and logging for security monitoring. Specific vendors (for example hosting and payment processors) maintain their own certifications and security programmes.
2. Account security
- Use a unique, strong password for rushmind.co.uk — not reused from other sites.
- Where we offer it, enable multi-factor authentication.
- Sign out on shared devices; do not share your login with others.
- Be cautious of phishing: we will not ask for your password by email. Official communications come from rushmind.co.uk addresses we publish on this Site.
3. Payments
Card and wallet payments are typically processed by certified partners (for example Stripe). Rush Minda Hub does not store full card numbers on our servers. Always check the browser shows a secure connection to rushmind.co.uk or our payment provider’s hosted pages.
4. Content & learning materials
Course media may be protected by technical measures and licence terms. Attempting to bypass those measures violates our Terms & conditions and may violate law.
Narrative content learners contribute — comments, community posts, chat messages, lesson notes, structured lesson HTML/copy where configured — plus catalogue blurbs and cover-art references stored alongside programmes can be held encrypted at rest using application encryption (secured by your deployed APP_KEY). Programme catalogue keyword search therefore aligns with titles rather than encrypted description fields.
Lesson playback URLs, embed links, and file pointers are also treated as sensitive strings at rest. Large binary assets (still frames, renditions) should be stored with HTTPS transfer and, where you use Amazon S3, optional SSE (AWS_SERVER_SIDE_ENCRYPTION) so the cloud provider encrypts objects on disk.
5. Responsible disclosure
If you believe you have found a security vulnerability affecting rushmind.co.uk or our users, please report it to security@rushmind.co.uk with enough detail for us to reproduce the issue. Do not exploit vulnerabilities beyond what is necessary to demonstrate them. We appreciate coordinated disclosure and will work with you in good faith; we do not promise a public bounty unless we expressly publish one.
6. Incident response
If we become aware of a breach that affects your personal data, we will assess impact and notify regulators and affected users where required by applicable law (including UK GDPR where applicable).
7. Contact
Security reports: security@rushmind.co.uk
General support: support@rushmind.co.uk
Last updated: 4 June 2026