Higher Education & Enterprise Customers

Certifications & Validations

• ISO/IEC 27001:2022 – a summary report is available upon request, reach out to your sales rep or support.
• AICPA SOC 2 type 2 report – a summary report is available upon request after signing an NDA, reach out to your sales rep or support.

Control your data and user access

• User control — designate roles for users to ensure they have the correct accesses and restrictions.
• Toggle features — if the features are available on your plan, choose whether your users have access to AI and other features.
• SSO — use SSO and SCIM to allow users to log in effortlessly and securely, ensuring accuracy and reducing manual processes. Use domain claim to protect your organization and prevent unauthorized use.
• Deletion — upon termination of a subscription, the deletion data for all organization data, including organization content, will start automatically within 90 days, as described in our Data processing agreement (DPA). The owner of the organization will automatically receive an email informing of the deletion process before it occurs.

Security

• Security at Kahoot! – To ensure data is secure we at Kahoot! have implemented a set of safeguards and processes covering all parts of the data journey. Read more about security at Kahoot! here.
• Key Security Measures –
  • Encryption in transit/at rest: We always use end-to-end encryption in transit using industry standard encryption. This includes traffic to end users, as well as internally between data centers and internal / external services. Our public certificates are obtained from an acknowledged certification authority, and we support TLS 1.2 or higher. Additionally, data is encrypted at rest. For datastores, we use a combination of full partition encryption based on LUKS and supplier-provided full disk encryption (AES-256). Backups are also encrypted.
  • RBAC: We implement the principle of least privilege. Different roles are assigned different access rights under management (or system owner) approval necessary to perform their job responsibilities.
  • Vulnerability mgmt: For security monitoring, our main sources of information are Prisma Cloud and Cortex XDR. Our partner NetSecurity helps us with the monitoring and triage of events. Additionally, we work with Intigriti to conduct continuous penetration testing on the Kahoot platform via a Bug Bounty program.
  • Business continuity/DR: We maintain comprehensive Business Continuity and Disaster Recovery plans across all business areas. Our plans address potential disaster scenarios with defined Recovery Time Objectives and Recovery Point Objectives, clear escalation procedures and coordination with our infrastructure providers and sub-processors.
    Incident response: We have a documented incident management policy. The policy is periodically reviewed and updated. We have procedures for notifications to go out to relevant authorities and customers.

Kahoot! at Work product resources

Get to know Kahoot! at work! Learn all about our range of offerings for businesses:

• Kahoot! 360 Catalog
• Kahoot! Glossary
• User Guides

Legal & compliance

• Kahoot! Master Service Agreement – for businesses, organisations and schools/districts (assisted sales).
• Terms & Conditions – for individuals, students, teachers
• Digital Services Act (EU)
• Code of Conduct
• Data Processing Agreement
• Sub-processors

Contacts

• If you need to sign a DPAs, please contact dpa@kahoot.com
• If you have questions about security, please contact security@kahoot.com
• If you have questions about privacy, please contact privacy@kahoot.com
• For all other requests, please use the support form.