// Trust & Security Report

    CENTURY Tech logo

    CENTURY Tech

    CENTURY is an AI-powered adaptive learning platform for schools and colleges, covering English, Maths, and Science across Primary, Secondary, and Further Education levels. Core algorithm uses machine learning to personalize student learning pathways based on individual performance patterns.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    CENTURY complies with all relevant GDPR and data protection regulations both in terms of data processing and our internal processes.

    Verify on support.century.tech
    Microsoft 365 App Certification (Attested)
    HELD

    Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

    Verify on learn.microsoft.com
    > Show 8 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    Has the organization achieved a Service Organization Controls (SOC 2) Certification? No

    source: learn.microsoft.com
    SOC 2 Type 2
    NOT CONFIRMED

    Has the organization achieved a Service Organization Controls (SOC 2) Certification? No

    source: learn.microsoft.com
    ISO 27001
    NOT CONFIRMED

    Is the app International Organization for Standardization (ISO 27001) certified? No

    source: learn.microsoft.com
    ISO 27017
    NOT CONFIRMED

    Does the app comply with International Organization for Standardization (ISO 27017)? N/A - no public evidence of certification

    source: learn.microsoft.com
    ISO 27018
    NOT CONFIRMED

    Does the app comply with International Organization for Standardization (ISO 27018)? N/A - no public evidence of certification

    source: learn.microsoft.com
    HIPAA
    NOT CONFIRMED

    Does the app comply with the Health Insurance Portability and Accounting Act (HIPAA)? N/A - not applicable to education platform

    source: learn.microsoft.com
    FedRAMP
    NOT CONFIRMED

    Is the app Federal Risk and Authorization Management Program (FedRAMP) compliant? No

    source: learn.microsoft.com
    CSA STAR
    NOT CONFIRMED

    Has the app been Cloud Security Alliance (CSA Star) certified? No

    source: learn.microsoft.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    EU/UK for European customers; AWS hosting (multiple regions including EU)

    CENTURY uses anonymized data generated through platform usage to improve recommendation algorithms for personalized learning pathways. The platform does NOT sell or monetize personal data. Data is anonymized before algorithm training use. Policy states parental consent is obtained for data collection from minors (under 16).

    // Security controls

    Encryption in transit

    No explicit statement found on public pages

    century.tech

    Encryption at rest

    No explicit statement found on public pages

    century.tech

    Annual Penetration Testing

    Yes

    learn.microsoft.com

    Quarterly Vulnerability Scanning

    Yes

    learn.microsoft.com

    Multi-Factor Authentication (MFA)

    Enabled for code repositories, DNS management, and credential stores

    learn.microsoft.com

    Firewall Protection

    Yes, firewall installed on external network boundary

    learn.microsoft.com

    Intrusion Detection/Prevention (IDPS)

    Yes, deployed at network perimeter

    learn.microsoft.com

    Disaster Recovery Plan

    Yes, documented with backup and restore strategy

    learn.microsoft.com

    Change Management Process

    Yes, formal process in place; additional person reviews/approves all code changes before production deployment

    learn.microsoft.com

    Secure Coding Practices

    Yes, OWASP Top 10 principles followed

    learn.microsoft.com

    Event Logging

    Yes, all system components supporting app have event logging

    learn.microsoft.com

    Regular Log Review

    No - logs are NOT reviewed on a regular cadence by human or automated tooling

    learn.microsoft.com

    Security Incident Response Process

    No formal process documented - alerts sent to employees for triage, but no formal documented incident response process

    learn.microsoft.com

    Information Security Risk Management

    Yes, formal process established

    learn.microsoft.com

    Employee Account Provisioning

    Yes, formal process for provisioning, modification, and deletion

    learn.microsoft.com

    Anti-malware and Application Controls

    Yes, both traditional anti-malware protection and application controls deployed

    learn.microsoft.com

    Patch Management

    Yes, policy governs SLA for patch application; activities carried out according to policy

    learn.microsoft.com

    Unsupported OS/Software

    No unsupported operating systems or software in environment

    learn.microsoft.com

    Automated Security Alerts

    Yes, alerts sent automatically to employee for triage when security events detected

    learn.microsoft.com

    // Products & data scope

    CENTURY Platform - StandardAI-Powered Adaptive Learning Platform

    data: Student learning data, performance records, interaction logs; Teacher dashboards and performance analytics

    Core product for schools and colleges. Covers English, Maths, Science for Primary, Secondary, and Further Education. Uses AI algorithms trained on anonymized aggregate data to personalize learning pathways.

    CENTURY Platform - Tutoring BusinessesAI-Powered Adaptive Learning Platform

    data: Student learning data for tutoring contexts

    Variant of platform for individual tutoring businesses; same underlying data handling practices

    // What to watch

    • NO_SOC2_ISO27001: Century Tech does NOT hold SOC 2 or ISO 27001 certifications despite being a vendor handling sensitive K-12 student data. This is a significant gap for an EdTech vendor processing educational records of minors.
    • NO_FORMAL_INCIDENT_RESPONSE: No formal documented security incident response process, only automated alerts to employees. This is a security maturity gap.
    • LOG_REVIEW_GAP: Logs are NOT regularly reviewed by human or automated tooling. This limits visibility into potential security events.
    • NO_TRUST_CENTER: No public trust center or dedicated security documentation page. Compliance details are only available via Microsoft 365 attestation.
    • AI_TRAINING_POSTURE: Uses student performance and interaction data (anonymized) to train and improve personalization algorithms. While anonymized, schools and parents should be explicitly informed this data feeds model training.
    • AI_FUNCTIONALITY_CONTRADICTION: Microsoft form states 'Is AI functionality part of core features?' = No, but CENTURY is explicitly marketed as 'AI-powered' platform. This suggests possible misunderstanding in attestation or different interpretation of 'core feature' vs 'core product'.
    • PARENTAL_CONSENT_MINORS: Collects data from minors under 16 with parental consent obtained. Verify schools are obtaining proper consent as intermediaries.
    • DATA_PROCESSING_AGREEMENT: DPA existence confirmed via GDPR posture, but full DPA terms not publicly accessible. Recommend verification with vendor before deployment.
    • BACKUP_VERIFICATION: Disaster recovery plan documented, but no evidence of regular testing or verification of restore capability.

    // At a glance

    Pricing model

    Subscription-based (details not publicly available; contact required)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on CENTURY Tech's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    century.tech

    > Browse all vendor trust reports