// Trust & Security Report

    Teachable, Inc. logo

    Teachable, Inc.

    Online course platform with support for courses, coaching, memberships, and digital downloads. Part of Hotmart Company parent organization. Serves 150,000+ creators and 100M+ students globally.

    Certifications held

    1

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Teachable has successfully completed a SOC 2 audit... Teachable undergoes a SOC 2 Type II audit annually, ensuring continuous validation of our security practices and internal controls.

    Verify on teachable.com
    > Show 3 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    Teachable evaluates additional frameworks (such as ISO 27001) based on customer demand and strategic roadmap needs. Currently, Teachable is focused on SOC 2 Type II rather than ISO 27001 certification.

    source: support.teachable.com
    HIPAA
    NOT CONFIRMED

    No public evidence found in Teachable's security documentation, privacy policy, or compliance statements. HIPAA compliance is not mentioned as supported.

    source: teachable.com
    PCI DSS
    NOT CONFIRMED

    All our gateways are PCI SAQ A Level 3 compliant. (SAQ Level 3 indicates Teachable uses third-party payment processors; this is gateway-level compliance, not full organizational PCI DSS certification.)

    source: teachable.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    International with processing in USA (New York, NY), Brazil (Belo Horizonte), and EU (Amsterdam, Netherlands). Standard Contractual Clauses used for transfers outside origin country.

    Teachable offers AI-powered features (course starter, quiz generator, auto-subtitles/translation) but does not publicly disclose whether these train on customer course content or use anonymized/third-party data. No explicit AI training opt-out policy found.

    // Security controls

    Encryption in Transit

    SSL/TLS mandatory; encrypted traffic protocols between browsers and servers

    support.teachable.com

    Encryption at Rest

    Mandatory encrypted transmission and storage of sensitive data

    support.teachable.com

    Infrastructure

    AWS (Amazon Web Services)

    support.teachable.com

    Uptime SLA

    99.99% average uptime

    support.teachable.com

    Penetration Testing

    Annual third-party penetration testing conducted

    support.teachable.com

    Vulnerability Assessment

    Evaluates applications against OWASP Top 10 security standards

    support.teachable.com

    Incident Response

    Formal incident response plan with defined responsibilities and periodic testing; major incidents posted on status page

    support.teachable.com

    Responsible Disclosure

    Maintains policy for security researchers to report vulnerabilities

    support.teachable.com

    // Products & data scope

    Online CoursesLearning Management

    data: Course content, student enrollments, progress, quiz results, certificates

    Primary product; supports video, text, quizzes, drip content, mobile access

    CoachingLearning Management

    data: Coaching session data, scheduling, payment records

    One-on-one or group session management with integrated scheduling and payments

    MembershipsSubscription Management

    data: Member accounts, subscription status, payment history

    Recurring revenue model with flexible subscription options

    Digital DownloadsDigital Goods

    data: Download metadata, purchase records

    Instant access to templates, guides, resources

    // What to watch

    • Teachable is a subsidiary of Hotmart Company (Brazil). Privacy policy references Hotmart Company as a controller; ensure clarity in data processing relationships.
    • AI training posture unclear: Teachable offers AI-powered features (course starter, quiz generator, auto-translate) but does not publicly disclose whether these train on customer course content. Recommend asking vendor directly or reviewing Data Processing Agreement for AI clauses.
    • PCI DSS compliance is SAQ Level 3 (gateway compliance via third-party processors), not full organizational PCI DSS certification. This is appropriate for Teachable's business model but should be accurately represented.
    • ISO 27001 is not pursued; vendor explicitly states SOC 2 Type II is their primary focus.

    // At a glance

    Pricing model

    Tiered SaaS (Starter, Builder, Growth, Custom/Enterprise). 0% transaction fees on Builder+ plans using Teachable Pay or Monthly Payment Gateway; 7.5% on Starter plan.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Teachable, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    teachable.com

    > Browse all vendor trust reports