I've never taught before. Is this program too advanced for me?

This program was specifically designed for people exactly like you. About 60% of our students have never formally taught before. We start from the fundamentals and build up.

Will this actually help me pass CELTA?

Everything in this program is CELTA-specific. We don't teach 'good teaching' — we teach 'what CELTA assessors look for.' 94% of our students pass on their first attempt.

Do you offer payment plans?

Yes. For the Full Program and VIP tiers, we can split payment into 2 installments. Contact us via WhatsApp to discuss payment options.

CELTA Prep Morocco

Security one-pager

Last reviewed April 2026

Security posture at a glance

Name: CELTA Prep Morocco - Full Prep Program
Brand: CELTA Prep Morocco
Price: 80 USD
Availability: InStock
Rating: 4.9 (47 reviews)

Multi-tenant SaaS for CELTA / DELTA training centres. SOC 2 Type II readiness program in flight. Aligned to Moroccan Law 09-08 (CNDP) and GDPR practice. Not yet attested.

Architecture & encryption

Hosting: Vercel (US/EU edge), Supabase Postgres + pgvector (EU), Upstash Redis (EU), LiveKit Cloud (US/EU), OpenRouter routing to Anthropic / OpenAI under no-training inference terms.

Tenant isolation: every row carries an org_id; retrieval RPCs filter at the database layer; cache keys are tenant-prefixed. A leaked anonymous key cannot reach another tenant’s data.

Encryption: TLS 1.2+ in transit, DTLS-SRTP for voice media, AES-256 at rest in the managed database, object storage, and cache layers. Backups inherit the same posture.

Operating controls

Control	Status today
SOC 2 Type II	Readiness program — audit on roadmap, not certified
Two-factor auth on production consoles	Required, SSO-backed
Row-Level Security (Postgres)	On by default; service-role-only writes
Per-request usage logging	12 months retention, billing & forensics
Quarterly access review	Production access reconfirmed every quarter
Incident notification SLA	24 hours from confirmation
No customer data used for model training	Enforced via OpenRouter routing config

Subprocessors

Vendor	Purpose	Region	Safeguard
Vercel	Application hosting / edge runtime	US, EU	DPA + SCCs
Supabase	Postgres + pgvector (tenant data, ledger)	EU (Frankfurt)	DPA, AES-256, RLS
Upstash	Redis (rate limit, L1 cache)	EU primary	DPA, TLS, encrypted at rest
LiveKit Cloud	Real-time voice (DTLS-SRTP)	US, EU	DPA, no media retention
OpenRouter	Inference gateway	US	No-training terms, SCCs
Anthropic (via OpenRouter)	LLM provider — voice tutor / doctor	US	No-training, DPA, SCCs
OpenAI (via OpenRouter)	LLM provider — fallback	US	No-training, DPA, SCCs
Resend	Transactional email	US, EU	DPA, TLS, SCCs
Google Analytics 4	Marketing-site analytics only	US	IP anonymisation, SCCs

Full per-vendor data flow, retention, and safeguards: celtaprepmorocco.com/data-handling

Data & retention

Account data: contract life + 24 months.
Voice transcripts & learning activity: 12 months default, configurable per tenant.
Voice media: not retained — DTLS streams dropped at egress.
Operational telemetry: 12 months per-request; aggregates indefinite.
Backups: 30 days, encrypted; unrecoverable thereafter.
On termination: return or delete within 30 days at customer election.

Procurement deliverables

SIG-Lite responses available on request.
SOC 2 readiness narrative available on request.
Negotiable Word DPA mailed to procurement (legal@celtaprepmorocco.com).
Subprocessor change notice: 30 days written notice to tenant administrator.
Right to object to a new subprocessor preserved in the DPA.
Audit: annual document audit, on-site only where law requires.

Contact: security@celtaprepmorocco.com (incidents) · privacy@celtaprepmorocco.com (data subjects) · legal@celtaprepmorocco.com (DPA, procurement) · trust@celtaprepmorocco.com (everything else).