// Trust & Security Report

    Thinkific Labs Inc. logo

    Thinkific Labs Inc.

    Online course platform for creating, marketing, and selling learning experiences. Includes courses, communities, memberships, digital downloads, live cohorts, AI-assisted course generation, branded mobile apps, payment processing, and B2B invoicing.

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 1
    HELD

    Thinkific Labs Inc. announced that it obtained SOC 2 Type 1 cybersecurity compliance certification through the successful completion of the Service Organization Control (SOC) 2 Type 1 audit 'with no findings.' The audit was conducted by BDO Canada LLP

    Verify on prnewswire.com
    GDPR
    HELD

    Thinkific's platform complies with the GDPR and CCPA and provides a high level of protection for course creator and learner personal data. Thinkific collects and uses personal data in accordance with its Privacy Policy, and offers course creators a Data Processing Addendum that complies with the GDPR.

    Verify on thinkific.com
    CCPA
    HELD

    Thinkific's platform complies with the GDPR and CCPA

    Verify on thinkific.com
    PCI DSS
    HELD

    Thinkific securely processes credit card information in accordance with PCI-DSS standards. If you provide credit card information, it is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption, and Thinkific follows all PCI-DSS requirements

    Verify on thinkific.com
    > Show 4 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence of SOC 2 Type 2 certification; only Type 1 was announced in May 2023

    source: thinkific.com
    ISO 27001
    NOT CONFIRMED

    Thinkific is not ISO 27001 certified and does not expect to pursue certification in the immediate future. However, Thinkific follows industry best practices for the security of its platform and its security team monitors the health and security of the platform 24/7.

    source: support.thinkific.com
    HIPAA
    NOT CONFIRMED

    Thinkific is not currently HIPAA compliant as its focus is on providing a place for course creators to share their knowledge and training resources. However, protected health information cannot be submitted to the AI Features unless you have executed a Business Associate Agreement (BAA) with Thinkific.

    source: support.thinkific.com
    ISO 27701 (Privacy)
    NOT CONFIRMED

    No public evidence of ISO 27701 certification on vendor domain

    source: thinkific.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Global; Canadian company that processes data worldwide. Uses Standard Contractual Clauses for UK/EEA data transfers.

    Thinkific explicitly prohibits using customer data for model training. The AI addendum states: 'Inputs and Outputs are not used to train Thinkific's AI Features or third-party AI models and are not shared or combined with data from other customers.' Data is contractually required to not be retained by third-party AI providers.

    // Security controls

    Encryption in transit

    SSL (Secure Socket Layer) encryption for payment data

    thinkific.com

    Encryption at rest

    AES-256 encryption for stored payment card information

    thinkific.com

    Infrastructure hosting

    Amazon Web Services (AWS) and Google Cloud Platform (GCP)

    thinkific.com

    Incident response

    Managed by Security Incident Response Team; affected customers notified via email; procedures tested and updated at least annually

    thinkific.com

    Security monitoring

    24/7 security team monitoring platform health and security

    support.thinkific.com

    Sub-processor agreements

    Customer data only shared with third parties that contractually agree to protect confidentiality and privacy; subprocessors required to adhere to confidentiality commitments

    thinkific.com

    // Products & data scope

    Thinkific Standard (Self-Serve)LMS / Course Platform

    data: Student enrollments, course data, user profiles, quiz/assignment responses

    Drag-and-drop course builder, SCORM/video/slide imports, quizzes, assignments, certificates, learning paths, mobile app

    Thinkific PlusLMS / Course Platform (Enterprise)

    data: All standard plus: live cohorts, advanced communities, B2B invoicing, advanced analytics, API access, custom integrations, 1:1 onboarding

    SOC 2 Type 1 certified offering; launched in 2023 with enterprise security focus; supports 30-day launch with onboarding support

    CommunitiesCommunity Platform

    data: Member profiles, discussion posts, direct messages, course progress tracking, reactions

    Course-gated access, lesson-level discussions, moderation tools, branded mobile app with push notifications

    Memberships & SubscriptionsPayment / Commerce

    data: Subscription data, payment methods, billing cycles

    Recurring revenue model, dunning management, failed payment recovery, multi-currency support

    Thinker AIAI-Assisted Authoring

    data: Prompt inputs and outputs; NOT used for training

    AI-powered course generation, AI teaching assistant features; explicit no-training policy; requires no BAA for standard use but BAA required for PHI

    // At a glance

    Pricing model

    Freemium (basic courses free) + paid tiers; self-serve or plus (enterprise); pay-as-you-go or subscription

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Thinkific Labs Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    thinkific.com

    > Browse all vendor trust reports