// Trust & Security Report
EDpuzzle Inc.
Interactive video and lesson platform for K-12 education
Certifications held
13
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.edpuzzle.com“We're proud to announce that Edpuzzle has achieved ISO 27001 certification, the international gold standard for information security management. This certification validates that our security controls, risk management processes, and data protection practices meet the highest global standards.”
Verify on trust.edpuzzle.com“For the fourth consecutive year, we've renewed this globally recognized certification, proving our systems are secure, reliable, and always available.”
Verify on trust.edpuzzle.com“We've also earned the National Security Scheme (ENS) certification, meeting the toughest security standards set by Spanish public administrations.”
Verify on trust.edpuzzle.com“UK Cyber Essentials [listed under Compliance on the Edpuzzle Trust Center, in the row 'ISO 27001:2022 SOC 2 Type II ENS Categoria Media UK Cyber Essentials GDPR CCPA COMPLIANT CCPA PCI DSS - SAQ A FERPA COPPA CSPC ST4S 2022.1'; UK Cyber Essentials certificate downloadable under Resources]”
Verify on trust.edpuzzle.com“GDPR [listed under Compliance on the Edpuzzle Trust Center, in the row 'ENS Categoria Media UK Cyber Essentials GDPR CCPA COMPLIANT CCPA PCI DSS - SAQ A FERPA COPPA'; Edpuzzle DPA (EU/EEA - UK - CH), which uses EU Standard Contractual Clauses (July 2024), is downloadable under Privacy resources]”
Verify on trust.edpuzzle.com“CCPA COMPLIANT [listed under Compliance on the Edpuzzle Trust Center, in the row 'GDPR CCPA COMPLIANT CCPA PCI DSS - SAQ A FERPA COPPA']”
Verify on trust.edpuzzle.com“PCI DSS - SAQ A [listed under Compliance on the Edpuzzle Trust Center, in the row 'CCPA COMPLIANT CCPA PCI DSS - SAQ A FERPA COPPA CSPC ST4S 2022.1'. SAQ A is a self-assessment questionnaire for limited card-not-present scenarios, not a full PCI DSS QSA audit]”
Verify on trust.edpuzzle.com“FERPA [listed under Compliance on the Edpuzzle Trust Center, in the row 'PCI DSS - SAQ A FERPA COPPA CSPC ST4S 2022.1']”
Verify on trust.edpuzzle.com“COPPA listed in the Compliance section; COPPA Direct Notice to Educational Institutions (USA) available as a downloadable privacy resource on the trust center.”
Verify on trust.edpuzzle.com“CSPC [listed under Compliance on the Edpuzzle Trust Center, in the row 'FERPA COPPA CSPC ST4S 2022.1'. CSPC is the iKeepSafe California Student Privacy Certification covering US federal and state student privacy laws]”
Verify on trust.edpuzzle.com“ST4S 2022.1 [listed under Compliance on the Edpuzzle Trust Center, in the row 'COPPA CSPC ST4S 2022.1'. ST4S (Safer Technologies 4 Schools) is a schools-sector initiative assessing edtech products against K-12 privacy and security standards]”
Verify on trust.edpuzzle.com“A4L / SDPC Alliance State Badges (USA) [listed under Privacy on the Edpuzzle Trust Center, alongside 'Edpuzzle DPA (EU/EEA - UK - CH)' and '93% Common Sense privacy evaluation'; reflects signed standard Data Privacy Agreements with SDPC member districts]”
Verify on trust.edpuzzle.com“93% on Common Sense Privacy Rating... we're thrilled to maintain our high standards for student privacy, with a 93% privacy rating score from Common Sense in its most recent Edpuzzle evaluation.”
> Show 6 unconfirmed / not-held certifications
source: trust.edpuzzle.comNo HIPAA listing anywhere on trust.edpuzzle.com. Edpuzzle is a K-12 edtech platform; HIPAA is not applicable to its core use case and is not claimed by the vendor.
source: trust.edpuzzle.comNo public evidence of ISO 27017 certification on trust.edpuzzle.com or any other vendor-domain page reviewed.
source: trust.edpuzzle.comNo public evidence of ISO 27018 certification on trust.edpuzzle.com or any other vendor-domain page reviewed.
source: trust.edpuzzle.comNo public evidence of ISO 42001 or CSA STAR AI certification on trust.edpuzzle.com despite Edpuzzle offering AI features (Teacher Assist).
source: trust.edpuzzle.comNo public evidence of CSA STAR certification on trust.edpuzzle.com or any other vendor-domain page reviewed.
source: trust.edpuzzle.comNo public evidence of FedRAMP authorization on trust.edpuzzle.com or any other vendor-domain page reviewed.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
USA (primary infrastructure on AWS and MongoDB Atlas, both US-hosted). EU/EEA/UK/Swiss data transfers governed by Standard Contractual Clauses (SCCs) in the July 2024 DPA.
Vendor states: 'Edpuzzle will not share your information or permit others to use such information to train machine learning models of third parties.' (source: blog.edpuzzle.com, confirmed in terms). This explicitly prohibits third-party AI training. First-party model training on customer data is not explicitly addressed in available public documentation, but COPPA, FERPA, and CSPC obligations effectively prohibit using student PII for model training. Common Sense Privacy evaluation (93%) confirms personal information is not sold or shared for third-party marketing and is not collected by third parties for their own purposes.
// Security controls
Encryption in transit
HTTPS with TLS (per DPA and trust center controls listing 'data encryption utilized')
libs.edpuzzle.comPenetration testing
Performed (listed in Product security controls on trust center)
trust.edpuzzle.comBusiness continuity and DR
Continuity and Disaster Recovery plans established and tested (listed in Internal security procedures on trust center)
trust.edpuzzle.comCybersecurity insurance
Maintained (listed in Internal security procedures on trust center)
trust.edpuzzle.comBackground checks
Employee background checks performed (listed in Organizational security controls on trust center)
trust.edpuzzle.comAnti-malware
Anti-malware technology utilized (listed in Organizational security controls on trust center)
trust.edpuzzle.comData deletion
Customer data deleted upon leaving; data retention procedures established (listed in Data and privacy controls on trust center)
trust.edpuzzle.comInfrastructure
Hosted on Amazon Web Services (USA). MongoDB Atlas for data storage (USA). Datadog for monitoring. Unique production database authentication enforced.
trust.edpuzzle.com// Products & data scope
data: Teacher account data, student assignment responses, video interaction data. Free tier always available for teachers.
Basic video lesson creation and student assignment features. FERPA and COPPA protections apply across all tiers.
data: Same as Free plus access to full content library and AI tools (Teacher Assist for question generation and autograding).
Adds AI-powered features. AI training policy (no third-party model training) applies. Subscription pricing.
data: School-wide teacher and student data, admin analytics, LMS integration data (Google Classroom, Canvas, Schoology, etc.).
Includes Admin Panel, School Channel, and Edpuzzle Professional PD. District-level DPA typically signed via A4L/SDPC. ENS and ISO 27001 coverage applies. Highest compliance posture.
// What to watch
- PCI DSS is limited to SAQ-A self-assessment only: Edpuzzle does not process full payment card data on-platform; this is a narrow scope and not a full PCI DSS QSA audit.
- AI training policy explicitly prohibits third-party model training ('will not share your information or permit others to use such information to train machine learning models of third parties') but does not explicitly address whether Edpuzzle itself trains first-party models on user content. COPPA and FERPA obligations constrain this in practice.
- No ISO 27017, ISO 27018, or ISO 27701 certifications held despite cloud-based infrastructure handling minors' PII at scale.
- No ISO 42001 or CSA STAR AI certification despite offering AI-powered Teacher Assist features.
- Primary infrastructure is US-based (AWS, MongoDB). EU customers relying on SCCs should verify adequacy of cross-border transfer mechanisms under post-Schrems II standards.
- ISO 27001 certification is recent (announced June 3, 2026); this is the first certification cycle; surveillance audits have not yet been completed.
- SOC 2 Type II report is not publicly downloadable without a trust center access request (standard NDA-gated disclosure).
// At a glance
Pricing model
Freemium: free base tier for teachers, paid Pro for individuals, and institutional licensing for schools and districts
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on EDpuzzle Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.edpuzzle.com