Security at Kuizzo

Your data matters. Protecting it is a first priority.

We use physical, procedural, and technical safeguards together with enterprise cloud providers to help preserve the integrity, availability, and confidentiality of your information.

Best practices

Your teaching and learning data deserves the same rigor we apply to our own. We combine provider security capabilities with operational discipline.

  • Hosted on enterprise clouds with strong third-party assurance (including SOC 2 Type II for our primary providers).
  • Network isolation, access restrictions, and least-privilege practices across our systems.
  • Encryption in transit for web and API traffic using modern TLS; encryption at rest where supported by our data and object stores.
  • Resilient architecture with backup and recovery aligned to our cloud providers’ capabilities.
Defense in depth
Layered controls across people, process, and technology

System security

Our production stack runs on actively maintained cloud services. We rely on providers that patch underlying infrastructure and expose security configuration so we can harden accounts, networks, and application endpoints.

  • Public Kuizzo traffic is served over HTTPS with current TLS versions to protect against eavesdropping and tampering.
  • We use reputable certificate authorities and modern cipher configurations consistent with industry practice.
HTTPS everywhere
Strong TLS on public endpoints

Infrastructure

Kuizzo is cloud-native: we do not operate our own physical data centers for the product you use at kuizzo.com.

  • Backend services, databases, storage, and compute run on Amazon Web Services (AWS) with VPCs and provider controls to separate environments.
  • The site and serverless edge capabilities run on Vercel, with its own network and platform protections.
  • We follow provider-recommended practices for secrets, keys, and separation between production and non-production.
AWS · Vercel
Enterprise-grade cloud foundations

Data transfer

Every hop over the public internet should assume hostile networks. We design accordingly.

  • Data sent to or from Kuizzo over the internet is protected using TLS.
  • API and web endpoints are intended for HTTPS use only.
  • We favor strong TLS configurations, including forward secrecy where supported.
Encrypted in transit
TLS for all public API and web traffic

Data handling

Customer content and account metadata live in managed cloud data services. Like many SaaS products, Kuizzo uses shared logical multi-tenant storage; application-level controls and testing help ensure organizations and users only reach data and roles they are permitted to use.

Specific retention, subprocessors, and your rights are in our Privacy Policy. Regional obligations (for example GDPR) are on our GDPR Compliance page.

  • Logical separation and authorization checks at the application layer.
  • Clear policy documentation for how personal data is processed.
Privacy-aware design
Docs and controls you can review

Physical security

Production data is processed in facilities operated by our cloud providers (AWS and Vercel), which maintain physical access controls, monitoring, and auditing at their data centers.

More from AWS: Data center controls.

  • No Kuizzo-owned colocation—we inherit provider physical security posture.
  • Benefit from AWS and Vercel’s audited facility programs.
Provider-grade facilities
World-class data center protections

Confidentiality

We limit internal access to customer data to people who need it to run or support the service. Personnel and contractors with access follow our privacy and security policies.

  • Need-to-know access for operations and support.
  • Expectations for handling customer information are documented and enforced.
Least privilege
Tight internal access boundaries

Application monitoring

Visibility helps us catch reliability issues and suspicious activity early.

  • We log and monitor application and infrastructure signals.
  • Monitoring and alerting support reliability and timely incident response.
Always-on visibility
Logs, metrics, and alerting

SOC 2 and trust

Kuizzo is designed with SOC 2 security principles. Our architecture is SOC 2 aligned, and we are actively working toward SOC 2 certification. AWS and Vercel both maintain SOC 2 Type II reports that underpin the foundation we build on.

  • SOC 2 aligned architecture on enterprise-grade, SOC 2 compliant cloud platforms.
  • Security controls, access management, and data protection built into product design.
  • Formal SOC 2 certification is an active goal on our roadmap.
CommitmentDescription
SOC 2 aligned architectureOur infrastructure is built on enterprise-grade, SOC 2 compliant cloud platforms.
Designed with SOC 2 security principlesSecurity controls, access management, and data protection are baked into our design.
Working toward SOC 2 certificationWe are on a path to achieve formal SOC 2 certification.
Trust program
Aligned today · certifying tomorrow

Related policies

Privacy PolicyGDPR ComplianceCOPPA ComplianceData Deletion

Last updated: March 30, 2026

Questions about security or privacy?

We are happy to hear from schools, partners, and families. Reach out or review our policies anytime.