Security

Stand: Februar 2026

At Alphabees, the security of your data is our top priority. We use a multi-layer security architecture to ensure confidentiality, integrity, and availability at all times. This page provides an overview of our security measures.

1. Our security promise

As a provider of an AI tutoring platform that works with sensitive learning and business data, we are aware of our responsibility. Security is not an afterthought but an integral part of our culture and product development. We follow a security by design approach, embedding security considerations into every development process from the start.

2. Technical security measures

We have implemented extensive technical measures to ensure the highest level of security:

2.1 Encryption

Encryption is a cornerstone of our security strategy. We use industry-leading standards to protect your data both in transit and at rest.

Data transfer
TLS 1.3
All communication between your browser and our platform is via encrypted HTTPS connections.
Data storage
AES-256
All data at rest, including uploaded files and database entries, is encrypted using the industry standard AES-256.
Key management
Dedizierte KMS
Our encryption keys are managed in dedicated key management systems and rotated regularly.

2.2 Access controls

We follow the principle of least privilege. Access to production systems is strictly regulated and limited to a minimum number of authorized staff.

Role-based access control (RBAC)
Users receive only the permissions required for their specific role.
Multi-factor authentication (MFA)
MFA is mandatory for administrative access to our systems.
Logging
All access is logged and monitored to detect unusual activity.

2.3 Network security

Our network infrastructure is designed to repel attacks and ensure service availability.

Web Application Firewall (WAF)
Protection against common attacks such as SQL injection and cross-site scripting (XSS).
DDoS protection
We use dedicated DDoS mitigation services to ensure platform availability even during attacks.
Intrusion Detection/Prevention (IDS/IPS)
Continuous monitoring of network traffic for suspicious activity.

3. Organizational security measures

Technical measures alone are not enough. We also implemented comprehensive organizational measures:

3.1 Getrennte Umgebungen

Our development, testing, and production environments are fully separated. This prevents test data or dev errors from impacting production security.

3.2 Sichere Softwareentwicklung

Security is deeply integrated into our software development lifecycle (SDLC). Our developers are regularly trained in secure coding practices. We use automated code analysis tools (SAST/DAST) to detect vulnerabilities during development.

3.3 Regular security audits

Our systems are regularly reviewed for vulnerabilities by internal and external security experts. We run continuous penetration tests and code reviews to proactively identify and close potential security gaps.

4. Physical security and hosting

Our infrastructure is hosted with carefully selected, certified data center providers in Germany. These partners meet the highest industry standards for physical security and privacy.

Location
Data centers exclusively in Germany (Munich and Frankfurt)
Physical security
Multi-level access controls, 24/7 video surveillance, fire protection systems
Redundancy
Redundant power and climate control, uninterruptible power supply (UPS)

5. Data security in AI processing

We understand that AI systems raise special security concerns. That's why we have implemented specific measures:

Temporary processing
Your chat interactions with our AI tutors are processed only temporarily for the session and are deleted at most 15 minutes after inactivity.
No training with customer data
We do not use your data to train AI models. Your content remains confidential.
Pseudonymisierung
Data is pseudonymized before being sent to AI models to protect your privacy.

6. Backup and disaster recovery

We have comprehensive backup and disaster recovery strategies to ensure availability and integrity of your data:

Daily backups
Automatic, encrypted backups of all critical data
Geo‑redundant storage
Backups are stored in geographically separate locations
Regular testing
Restore tests to ensure backups work properly
Definierte RTOs/RPOs
Clear targets for Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

7. Reporting security incidents

If you discover a security vulnerability or potential issue in our services, please report it to us promptly and responsibly. We take every report seriously and will investigate immediately.

Contact for security reports:security@alphabees.de

We commit to treating all reported security issues confidentially and keeping you informed about our investigation progress.

Contact:

Alphabees UG (beschränkte Haftung)

Kolonnenstraße 8

10827 Berlin

E-Mail: security@alphabees.de

Questions & Answers

Here you’ll find more information about the Alphabees AI Tutor and our services.

An AI tutor supports learners right in the course — with instant answers, summaries, examples, personalized practice, and clear explanations. It uses your course content (and any sources you add) as its knowledge base, so responses stay aligned with your e‑learning and drive progress. Learners get the help they need without ever leaving the platform.
Try the Alphabees AI Tutor for free and launch it instantly in your LMS. Plans start at €99/month for up to 20 AI tutors, around 10,000 chat replies, and 100 learners. For larger needs, the Professional plan includes 50 AI tutors, around 25,000 chat replies, and 250 learners for €249/month. Both plans include unlimited courses, the Moodle block plugin, the Alphabees Analytics Portal, and email support.
Alphabees gives you access to top AI providers and the latest high‑performance models. Choose between open‑source and closed‑source options. Currently available: OpenAI, Anthropic, Google, Meta, Mistral, Groq, DeepSeek. Pick your preferred provider — no separate contract required. If you want to bring your own model or a self‑hosted open‑weight model like LLaMA 3, just reach out. We’ll help you connect your API key.
No. Alphabees gives you access to top AI providers and the latest high‑performance models. Just choose a provider in the Alphabees portal when you set up your tutor. All AI usage costs are already included in your plan.
Yes. Our AI tutors integrate into common LMS platforms, so they fit seamlessly into your existing learning flow. For Moodle we even built a dedicated plugin — easy to set up with no technical knowledge.
All data is securely hosted on our servers in Germany, ensuring GDPR compliance.
Yes. The Alphabees AI Tutor is GDPR‑compliant and built to meet EU AI Act requirements. We store no personal data and don’t use your data to train models. A GDPR‑compliant data processing agreement (DPA) exists between Alphabees and each AI provider, and we sign a DPA with every customer as well. In line with the EU AI Act, the tutor is used as a supportive learning tool, clearly labeled as AI via a disclaimer banner, and does not make automated decisions with legal or performance consequences.
Yes. Alphabees is the only AI tutor that also works inside the Moodle Mobile App. With our dedicated plugin, learners can use the full AI assistance on the go, right inside their Moodle courses.

Still have questions?

Got more questions about Alphabees or the AI tutor? Our AI support bot is trained on all our knowledge — it can likely answer right away.

AI-Customer Support Live