Focused
One clear path from enrolment to certificate. No configuration jungle, no 80 unused features.
GDPR-friendly · by Litora Nova
Mandatory training that actually sticks.
A lean, auditable learning platform built for exactly the use case that matters most to you — from IT security to GDPR to fire safety. Compliance-first, GDPR-friendly, no cloud detour.
Used by:Eidgenössisches Awareness-AmtBundesamt für DatenkulturVerein für AktenordnungMöbelHaus zum guten Tropfen GmbH
12.400+
Learners trained
94%
Compliance rate
8
Training topics available
0
Tracking · 0 analytics SDKs
Why one use case — done well?
Generic LMS platforms cost time in configuration and hide what really matters. We do the opposite: a clear learning path, parameterised for your topic.
Auditable
Every relevant step is logged in full — who completed what, when. Reports at the click of a button, BSI- and ISO-ready.
Data-minimal
Only the data needed for training and proof. No tracking, no analytics SDKs, no data-export risk. GDPR-first by design.
Training for every mandatory topic
We start with IT security awareness — but the platform is deliberately built parameterisable. The same pattern works for any recurring mandatory training with re-certification logic.
IT security awareness
Phishing, social engineering, secure passwords, device hygiene. Includes interactive Phishing Inspector.
Current MVPGDPR refresher
Data protection in everyday work — from permissions and retention periods to handling subject access requests.
RoadmapFire-safety briefing
Annual mandatory briefing with interactive building map, escape routes, rules of conduct and quiz scoring.
RoadmapOnboarding
Structured welcome programme for new staff — company values, tools, key contacts.
RoadmapFirst aid online
Refresher of first-aid skills with scenarios from everyday office life — compact and mobile-friendly.
RoadmapGoBD-compliant bookkeeping
Receipt capture, retention periods, audit readiness — compact for accounting and tax teams.
RoadmapCurrent MVP highlight
The Phishing Inspector
Learners interactively examine realistic phishing emails. They click suspicious spots, get instant feedback and learn the patterns — instead of just reading theory.
Flag suspicious senders, links and attachments
With hover effects revealing real link targets — just like a real mail client.
Instant, instructive feedback
Spotted / missed / wrongly flagged — with the reason why exactly this detail is suspicious.
Realistic scenarios from everyday work
No obvious 90s-style emails — modern spear-phishing attempts as they really happen.
Inbox
4 flagged
From:PayPal Service <service@paypa1-security.com>
Subject:Urgent: your account has been restricted
Dear customer,
we have detected unusual activity on your account.
Please confirm your details within 24 hours, or your account will be permanently suspended.
https://www.paypal.com/account-confirm
Statement.pdf.exe
Hover the link — the real target gives away the scam.
Three tiers, one clear learning path
Each tier builds on the previous one. Validity is configurable per course — including "no expiry" (e.g. for fundamentals).
Tier 1
Basic
Fundamentals for all staff. The mandatory programme per topic.
Always valid (or N months)
- Mandatory topics, compact
- Completion certificate
- Traceable audit log
Tier 2 · Recommended
Standard
In-depth for teams with elevated responsibility.
Valid for 6 months
- Everything in Basic
- Practical scenarios
- Interactive quiz modules
- Re-certification reminders
Tier 3
Master
Specialisation for owners and champions.
Valid for 6 months
- Everything in Standard
- Advanced audit practice
- Master certificate (BSI-style)
How the learning journey works
Four steps from onboarding to a verified proof — with automatic re-certification reminders.
1
Enrol
Learners are assigned to a course — manually, via bulk import or via LDAP/SCIM.
2
Learn
Work through content at your own pace, with interactive mockups and mini quizzes.
3
Exam
Final exam with instant scoring — incl. Phishing Inspector and scenario tests.
4
Certificate
Proof with validity date, automatic reminder 30 days before expiry to re-certify.
Compliance & privacy
Data-minimal, auditable, verifiable — from day one.
Compliance isn't a feature bolted on afterwards — it's a design principle. We store only what you need for proof — and stay transparent for auditors.
Read the privacy conceptGDPR-friendly through data minimisation
Only mandatory data — no tracking IDs, no behavioural profiles.
Complete audit log
Every relevant action is traceable — who, what, when.
Verifiable certificates
With validity date and cryptographic signature.
No tracking, no analytics SDKs
No external tracking pixels, no Google Analytics, no Facebook SDK.
What customers say
Finally a platform where we don't have to feed the auditor with three different databases. One click — done.
The Phishing Inspector is worth its weight in gold. Our click-through rate on real phishing tests dropped by 67%.
We tested three other LMSs. None was as lean and at the same time as strictly auditable as ValidLearn.
Frequently asked questions
IT security awareness is rolled out and live. GDPR, fire safety, onboarding, first aid and GoBD are on the roadmap. The platform is built to be parameterised — we can set up your own topics together.
By default in Germany (EU). On-premise setup is possible. No data flows to the US, no third-party SDKs.
Every course has a configurable validity (default: 6 months; basic courses often "no expiry"). 30 days before expiry the learner receives a reminder and can re-certify directly via a shortened refresher path.
LDAP/AD is wired up as a PoC (Proxmox-style: local + LDAP in parallel). Azure AD and OIDC are available on request — talk to us.
Per active learner per year — tiered by size. No setup fee, no module tiers, no hidden costs. Request a demo for a binding quote.