Security and Compliance

Your privacy is our priority. We follow the highest standards in protecting your data and use the safest solutions on the market. We store data in cutting edge AWS data centers, process payments through a PCI compliant service — Braintree, and we are GDPR compliant.

Secure Infrastructure with AWS

We store data in AWS data centers and their standards are confirmed by security certificates such as SOC1, SOC2, SOC3, ISO 27018, ISO 27017, ISO 27001, among others.

Encryption

All transmitted data between our web services and user devices is encrypted with the TLS 1.2 cryptographic protocol.

Logging

We log all access and changes made inside our infrastructure with AWS CloudTrail.

Procedures

All web services are monitored to assure relevant updates and patches, including security patches with the help of Security Scorecard Audit and AWS tools such as Amazon Inspector.

Learn more about AWS security

GDPR Compliant

You own your data and have control over it. We make collection, storage, transfer or use of your data transparent. Even if you’re not a EU citizen.

Data Access

You always have access to your personal data and can export, or request we remove it. We don’t share, copy, or access it without your permission.

Security Policy

Our Security Policy defines procedures applied when we process personal data along with Risk Assessment. All Data Processing Agreements are reviewed against it.

Privacy by default. Privacy by design.

All safety procedures apply to every Explain Everything user with no additional settings. We secure processing personal data at every point.

Personnel

Only trained Explain Everything’s employees who signed the GDPR declaration can access personal data and only when asked for support in solving issues affecting the customer.

Secure payments through Braintree

We don’t store payment details. All payments go through our PCI-compliant partner, Braintree.

Level 1 PCI compliance

Your payment details are safe with a validated Level 1 PCI DSS compliant service provider.

Recognized and approved

Braintree is on both Visa’s Global Compliant Provider and Mastercard’s SDP List.

Highest standards

Braintree doesn’t store raw magnetic stripe, card validation code, or PIN block data. It manages cardholder data in Braintree Vault using multiple encryption keys with split knowledge and dual control.

Learn more about Braintree

Audits and Scorecards

We have automated external audits monitored by Security Scorecard

See Scorecard report

Explain Everything received an A+ score on Qualys’ SSL Labs SSL Server test.

See Qualys report

We conduct regular security audit made by the independent auditor company Test Army

Learn more about Test Army

We’re certified by Security Metrics in maintaining rigorous data security standards.

See the certificate

Security FAQ – Frequently Asked Questions

Where does Explain Everything store the data?

Data is stored in the secured AWS SOC2 certified data center in North Virginia.

Who can access data used by Explain Everything?

Personal data can be accessed only by trained Explain Everything’s employees with a signed GDPR declaration when asked for support in solving some issues affecting the customer. The only exceptions are if there is suspected abuse or an urgent security reason. Additionally, all Explain Everything’s employees sign non-disclosure agreements and are introduced to the security policies as a part of the onboarding procedure. Information and procedures regarding personal data are introduced as a part of the GDPR training for the employees before they get any access to personal data needed to fulfill their work duties.

Is Explain Everything FERPA Compliant?

FERPA applies to any public and charter school and some private or parochial as well. Basically, a school should comply with FERPA and in this way you can be sure that student data is protected.

If your school complies with FERPA and uses Explain Everything Services, you can be reassured it works entirely in accordance with FERPA regulations. We don’t collect nor store any personally-identifiable or directory information without consents and permissions.

Also, as an Administrator of a Group Account, you don’t have to provide your Members’ emails or names.

Is Explain Everything COPPA Compliant?

We make sure that pupils, especially those who are under 13, are protected when using Explain Everything.

We won’t collect even limited Children’s Personal Information unless it’s been contracted with a school, district and/or teacher and it’s only for the use and benefit of the learning environment.

All students under 13 are not allowed to create accounts without parental permission (according to our Privacy Policy).

An Admin of a Group EDU Account has multiple options to not share any student email or name.

Members of your Group Account may use the offline-mode application and never connect to any cloud, so their work is not accessible.

You have the right to withdraw any consent you have given at any time.

Is Explain Everything SOPPA Compliant?

As an operator of online services designed also for school purposes, we are SOPPA-compliant and we ensure our Illinois-based partners that we will fulfill all needed requirements.

We are keen to contract with schools, we make a commitment to notify schools in case of a breach of students’ personal data and we provide schools with a list of any third parties or affiliates to whom we disclose personal data.

Is Explain Everything HIPAA Compliant?

Health Insurance Portability and Accountability Act was incorporated 1996 and is the basic law regulation protecting personal data of patients and insured. We are not compliant with HIPAA and probably we never will be.

Some Explain Everything users create their content with only local and offline projects and then share it via HIPAA-compliant services like PRIMR or use it as their whiteboard while on a HIPAA-compliant conferencing. This way Explain Everything doesn’t transmit health information in electronic form. Please remember this is not legal advice and doesn’t cover all circumstances that may occur in your institution. Please consult your HIPAA Privacy Officer for more information.

More about security and compliance

Learn more about our
Security Policies

Data Processing Agreements requests?
Get in touch

More questions about security? 🔐

We will be happy to answer your questions.