Security and Compliance
Your privacy is our priority. We follow the highest standards in protecting your data and use the safest solutions on the market. We store data in cutting edge AWS data centers, process payments through a PCI compliant service — Braintree, and we are GDPR compliant.
Secure Infrastructure with AWS
We store data in AWS data centers and their standards are confirmed by security certificates such as SOC1, SOC2, SOC3, ISO 27018, ISO 27017, ISO 27001, among others.
All transmitted data between our web services and user devices is encrypted with the TLS 1.2 cryptographic protocol.
We log all access and changes made inside our infrastructure with AWS CloudTrail.
All web services are monitored to assure relevant updates and patches, including security patches with the help of Security Scorecard Audit and AWS tools such as Amazon Inspector.
You own your data and have control over it. We make collection, storage, transfer or use of your data transparent. Even if you’re not a EU citizen.
You always have access to your personal data and can export, or request we remove it. We don’t share, copy, or access it without your permission.
Our Security Policy defines procedures applied when we process personal data along with Risk Assessment. All Data Processing Agreements are reviewed against it.
Privacy by default. Privacy by design.
All safety procedures apply to every Explain Everything user with no additional settings. We secure processing personal data at every point.
Only trained Explain Everything’s employees who signed the GDPR declaration can access personal data and only when asked for support in solving issues affecting the customer.
Secure payments through Braintree
We don’t store payment details. All payments go through our PCI-compliant partner, Braintree.
Level 1 PCI compliance
Your payment details are safe with a validated Level 1 PCI DSS compliant service provider.
Recognized and approved
Braintree is on both Visa’s Global Compliant Provider and Mastercard’s SDP List.
Braintree doesn’t store raw magnetic stripe, card validation code, or PIN block data. It manages cardholder data in Braintree Vault using multiple encryption keys with split knowledge and dual control.
Audits and Scorecards
We have automated external audits monitored by Security Scorecard
Explain Everything received an A+ score on Qualys’ SSL Labs SSL Server test.
We conduct regular security audit made by the independent auditor company Test Army
We’re certified by Security Metrics in maintaining rigorous data security standards.
Security FAQ – Frequently Asked Questions
Where does Explain Everything store the data?
Data is stored in the secured AWS SOC2 certified data center in North Virginia.
Who can access data used by Explain Everything?
Personal data can be accessed only by trained Explain Everything’s employees with a signed GDPR declaration when asked for support in solving some issues affecting the customer. The only exceptions are if there is suspected abuse or an urgent security reason. Additionally, all Explain Everything’s employees sign non-disclosure agreements and are introduced to the security policies as a part of the onboarding procedure. Information and procedures regarding personal data are introduced as a part of the GDPR training for the employees before they get any access to personal data needed to fulfill their work duties.
Is Explain Everything FERPA Compliant?
FERPA applies to any public and charter school and some private or parochial as well. Basically, a school should comply with FERPA and in this way you can be sure that student data is protected.
If your school complies with FERPA and uses Explain Everything Services, you can be reassured it works entirely in accordance with FERPA regulations. We don’t collect nor store any personally-identifiable or directory information without consents and permissions.
Also, as an Administrator of a Group Account, you don’t have to provide your Members’ emails or names.
Is Explain Everything COPPA Compliant?
We make sure that pupils, especially those who are under 13, are protected when using Explain Everything.
We won’t collect even limited Children’s Personal Information unless it’s been contracted with a school, district and/or teacher and it’s only for the use and benefit of the learning environment.
An Admin of a Group EDU Account has multiple options to not share any student email or name.
Members of your Group Account may use the offline-mode application and never connect to any cloud, so their work is not accessible.
You have the right to withdraw any consent you have given at any time.
Is Explain Everything SOPPA Compliant?
As an operator of online services designed also for school purposes, we are SOPPA-compliant and we ensure our Illinois-based partners that we will fulfill all needed requirements.
We are keen to contract with schools, we make a commitment to notify schools in case of a breach of students’ personal data and we provide schools with a list of any third parties or affiliates to whom we disclose personal data.
Is Explain Everything HIPAA Compliant?
Health Insurance Portability and Accountability Act was incorporated 1996 and is the basic law regulation protecting personal data of patients and insured. We are not compliant with HIPAA and probably we never will be.
Some Explain Everything users create their content with only local and offline projects and then share it via HIPAA-compliant services like PRIMR or use it as their whiteboard while on a HIPAA-compliant conferencing. This way Explain Everything doesn’t transmit health information in electronic form. Please remember this is not legal advice and doesn’t cover all circumstances that may occur in your institution. Please consult your HIPAA Privacy Officer for more information.