// Trust & Security Report
Big Nerd Software, LLC (dba ScreenPal, formerly Screencast-O-Matic)
Screen recording and video editing SaaS: consumer/free screen & webcam recorder and editor, ScreenPal AI (auto captions, transcripts, translation, text-to-speech), Team/Business video hosting and collaboration (SSO/SAML), Enterprise site licensing, ScreenPal for Education/Schools (student data handling), and a Solution Builder / API for developers embedding screen recording into their own products.
Certifications held
5
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on screenpal.com“"ScreenPal complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF)" and "Our products are fully compliant with GDPR, PIPEDA, and all consumer privacy and data regulations."”
Verify on screenpal.com“Privacy policy contains a dedicated California section confirming "right to know, right to deletion, right to opt-out of sale, right to non-discrimination."”
Verify on screenpal.com“"ScreenPal is COPPA and FERPA-compliant and protects student data and privacy." COPPA Safe Harbor badge (iKeepSafe) displayed on the education page.”
Verify on screenpal.com“FERPA certification badge (iKeepSafe) displayed and referenced on ScreenPal's education page, linking to iKeepSafe's verification page for the ScreenPal product.”
Verify on screenpal.com“CSPC certification badge (iKeepSafe) displayed on ScreenPal's education page.”
> Show 8 unconfirmed / not-held certifications
source: screenpal.comNo public evidence. Not mentioned on screenpal.com privacy policy, terms of service, or plans pages. Note: web search results for 'ScreenPal SOC 2' surface SOC 2 Type II claims for 'ScreenApp' (screenapp.io) -- a different, similarly-named company. That certification does not belong to ScreenPal (screenpal.com / Big Nerd Software, LLC) and must not be attributed to it.
source: screenpal.comNo public evidence of ISO 27001 certification found on screenpal.com privacy policy, terms of service, or education/business pages.
source: screenpal.comNo public evidence. ScreenPal publishes an 'AI Feature Terms' supplement to its ToS but does not claim ISO/IEC 42001 certification anywhere on its domain.
source: screenpal.comNo public evidence; ScreenPal does not market to US federal agencies.
source: screenpal.comNo public evidence of a PCI DSS attestation held directly by ScreenPal; payment processing is not described on vendor pages reviewed.
source: screenpal.comNo BAA or HIPAA-compliance offering found on screenpal.com. The only HIPAA-related content on the site ('HIPAA Ready Overview', 'Enable HIPAA Compliant Zoom link in Canvas Course') documents third-party Zoom HIPAA configuration inside a Canvas LMS workflow, not a ScreenPal HIPAA/BAA product.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Hosted in the United States. International transfers (EEA/UK/Switzerland) covered by the EU-U.S. Data Privacy Framework (DPF) and standard contractual clauses (SCCs) per the privacy policy.
Vendor states: "Where applicable, we limit third parties' use of personal information. And when your data is sent to these partners it is not used to train their models." This statement is scoped to ScreenPal's third-party AI partners; it does not explicitly state whether ScreenPal itself uses customer content to improve its own first-party AI features, so treat as a partial answer, not a full guarantee.
// Security controls
Encryption in transit and at rest
"Personal Information is encrypted in transit and at rest in accordance with applicable law"; recording backups use AES-256 encryption.
screenpal.comSSO / SAML
SAML-based SSO available on Team Business and Enterprise plans, alongside admin user management and account analytics.
screenpal.comGeneral technical/organizational controls
Vendor states it "implements and maintains physical, technical and administrative security measures" including password protection, need-based access, firewalls, and employee training; no independent audit report cited.
screenpal.comDefault content privacy
Content uploaded/stored is unlisted by default and not searchable by search engines unless the user changes sharing settings.
screenpal.comSubprocessor disclosure
Vendor maintains a subprocessor list referenced from the privacy policy (screenpal.com/privacy/subprocessors).
screenpal.com// Products & data scope
data: Individual user's screen/webcam recordings and edited videos; free-tier account data.
Downloadable app for Windows/Mac/Chromebook plus iOS/Android; no account required to record locally.
data: Video/audio content sent to AI processing for captions, transcripts, translation, text-to-speech, summarization.
Subject to supplemental 'ScreenPal AI Feature Terms'; vendor states data sent to AI partners is not used to train partner models, but ScreenPal's own use of content to improve first-party features is not explicitly addressed.
data: Organization-wide video library, team member accounts, usage analytics, branding assets.
$8/user/month (paid annually, 3+ user minimum); adds SSO/SAML, LTI 1.3 integration, custom branding, advanced analytics.
data: Organization-wide deployment; same data classes as Team/Business at larger scale.
Custom pricing, dedicated Customer Success Manager, custom onboarding; contact-sales only, no public security addendum located.
data: Student-generated video content and, where applicable, student PII processed as a FERPA 'School Official'.
Holds iKeepSafe COPPA Safe Harbor, FERPA, and CSPC certifications; schools must execute a Data Processing Addendum for student data.
data: Third-party application data flowing through an embedded ScreenPal recording integration.
Marketed for E2E screen recording integration into other products; no separate API security documentation found on vendor domain.
// What to watch
- Identity-conflation risk: public search results for 'ScreenPal SOC 2' surface SOC 2 Type II claims that actually belong to 'ScreenApp' (screenapp.io), a different company. ScreenPal (screenpal.com, Big Nerd Software LLC) has no SOC 2 evidence on its own domain -- do not merge these listings.
- No SOC 2, ISO 27001, HIPAA, or PCI DSS certification evidence on vendor's own domain; enterprise/regulated buyers should request documentation directly from ScreenPal sales before committing.
- AI-training statement ('data sent to these partners is not used to train their models') is scoped to third-party AI partners only; it does not explicitly rule out ScreenPal itself using customer content to improve its own first-party AI features -- treat as a partial disclosure.
- Site contains 'HIPAA Ready' / 'HIPAA Compliant Zoom' tutorial content that is about a Zoom-in-Canvas integration, not a ScreenPal HIPAA/BAA offering; this could mislead a quick skim into believing ScreenPal is HIPAA-ready.
// At a glance
Pricing model
Freemium (free individual tier) plus per-user subscription for Team/Business (from $8/user/month, annual, 3+ users) and custom-quoted Enterprise site licensing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Big Nerd Software, LLC (dba ScreenPal, formerly Screencast-O-Matic)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
screenpal.com