This article outlines basic information on Teachable security practices and procedures.
Content security and piracy
When you upload a file to a Teachable course, you have the option to enable or disable that file for student downloading. If you do not want students to be able to download your content onto their computers or devices, you can turn off the Enable Download toggle for each file within your lectures. This way students will only be able to view your lecture content within Teachable.
Users will only be able to access and view your course content if they enroll in the course, unless you have the lecture set to free preview. Free previews are available to all visitors. If a lecture is set to free preview, lecture comments will also be publicly available.
Videos you add to your school and courses are stored by our video host, Wistia. Wistia’s files are not crawled by search engines and video URLs contain random text so they are difficult to find without access to the course.
NOTE: Crawling is when a search engine, such as Google, discovers new content on the web. If a file is not crawled, it should not display in search engine results.
You can learn more about how Wistia keeps videos secure in their article on Wistia Security.
It’s important to note that even with these security precautions, it is impossible to completely stop content theft, sharing, and piracy. Any piece of content that’s accessible online can be copied, either with software or as a direct recording—this is true for all online content, including content on Teachable.
Teachable uses Amazon Web Services (AWS) for data storage and infrastructure.
We apply a range of safeguards to customer data that we may process, handle, and store. We protect personal data using appropriate physical, technical, and organizational security measures.
Teachable takes all reasonable steps to protect data we receive from our users from loss, misuse or unauthorized access, disclosure, alteration and/or destruction. We give additional attention and care to personally identifiable information and sensitive personal data, and respect all laws and regulations governing personal data, as applicable.
For more information on the technical, administrative, and physical security measures we employ at Teachable, please review our securities disclosure documentation.
Downtime and incident management
Teachable strives for and generally exceeds an average of 99.99% uptime—which refers to the time the platform is up and available for both you and your students.
Teachable has an incident response plan and associated procedures in case of a service or security incident. The Incident Response Plan defines the responsibilities of key personnel and identifies processes and procedures for notification. The execution of the Incident Response Plan is tested periodically. An incident response team is responsible for providing an incident handling capability for incidents that includes preparation, detection and analysis, remediation, and recovery.
For any major performance, outage issues and incidents, our engineers will post an update on the Teachable status page.
GDPR, CCPA, and other data regulation procedures
As part of our commitment to data privacy, including The General Data Protection Regulation, or GDPR, is a law that sets guidelines for the collection and processing of personal information for individuals who live in the European Union.GDPR and The California Consumer Privacy Act, or CCPA, is a data privacy law that regulates how businesses are allowed to handle the personal data of California residents.CCPA compliance, any Teachable user can request that Teachable give them access to or delete their personal data by contacting firstname.lastname@example.org.
Teachable maintains a change management process to ensure that all changes made to the platform and production environment are applied in a deliberate manner. Changes to the platform infrastructure, and other system components are monitored and controlled through a change control process. Changes are reviewed, approved, tested and monitored post-implementation to ensure that the expected changes are operating as intended.
Teachable has procedures to mandate encrypted transmission and storage of sensitive information. Teachable continually works to develop products that support the latest recommended secure protocols to encrypt traffic while in transit. This means that when transmitting electronic data, the messages are encrypted so that only the sender and intended recipient can view the contents.
We monitor industry best practices and work to upgrade our products when new weaknesses are discovered and implement best practices as they evolve.
Protection against security vulnerabilities
Teachable is committed to ensuring the safety and security of all of our users. We assess our applications against the OWASP Top 10 to ensure we minimize any security risks. The OWASP Top 10 is a standard awareness framework for developers and web application security. It represents a broad consensus among the security community about the most critical security risks to web applications. We also perform an annual A third-party penetration test is when an outside company attempts to breach or hack your platform's security, with the intention of identifying any weak points that need to be improved.third-party penetration test to improve existing security procedures.
Teachable also automatically provides SSL certificates for all schools on our platform, which is a standard security protocol that encrypts any data shared between a web browser and web server.
We believe in having continuous engagement with the security community in order to keep Teachable as secure as possible with the latest safeguards. If you believe you have identified a potential security vulnerability, please follow our Responsible Disclosure Policy.