Trust Center

Security and compliance you can trust

Your data and your learners' data are protected by enterprise-grade security practices, third-party audits, and industry-leading compliance certifications.

Get a Demo Start Free Trial

Certifications & Compliance

Third-party verified security practices you can share with your procurement and legal teams.

πŸ›‘οΈ

SOC 2 Type II

Annual third-party audit of security controls, availability, and confidentiality. Reports available under NDA.

πŸ‡ͺπŸ‡Ί

GDPR

Full compliance with EU General Data Protection Regulation. Data Processing Agreement (DPA) available for enterprise customers.

πŸ‡ΊπŸ‡Έ

CCPA

Compliance with California Consumer Privacy Act. Data subject rights supported.

πŸ’³

PCI DSS

Payment Card Industry Data Security Standard compliance for all payment processing through TCommerce.

⭐

CSA STAR Level 1

Cloud Security Alliance STAR certification demonstrating cloud security best practices.

πŸ“‹

Security Documentation

Need our SOC 2 report, DPA, or security questionnaire responses?

Contact our security team β†’

Security Practices

Infrastructure

  • Hosted on AWS and Google Cloud Platform
  • Multi-region deployment for redundancy
  • Auto-scaling to handle traffic spikes
  • 99.9% uptime SLA on Plus plans

Data Protection

  • TLS 1.2+ encryption in transit
  • AES-256 encryption at rest
  • Customer data isolation
  • Automated backups with point-in-time recovery

Access Control

  • SSO / SAML authentication (Plus)
  • Role-based access control (RBAC)
  • Multi-factor authentication
  • IP allowlisting available

Monitoring & Response

  • 24/7 SIEM monitoring
  • Quarterly penetration testing
  • Vulnerability scanning
  • Incident response plan & team

AI Security

Thinkific's AI features are built with security and privacy as foundational requirements.

Your content never trains AI models

Course content used by Thinker AI is not used to train or improve AI models. Your intellectual property remains yours.

Content-grounded responses

Thinker AI answers exclusively from your course content β€” not from the open internet. This prevents hallucination and ensures accuracy.

OWASP Top 10 for LLMs

Our AI implementation follows OWASP Top 10 for LLM Applications guidelines, including prompt injection prevention and output validation.

Full audit logging

All AI interactions are logged for audit and review. Admins can monitor AI usage and responses.

Additional Resources

Data Processing Agreement

GDPR-compliant DPA available for all customers.

Subprocessor List

Maintained list of data subprocessors with notification of changes.

Privacy Policy

Comprehensive privacy policy covering data collection and usage.

Questions about security?

Our security team is available to discuss your specific requirements, share SOC 2 reports, and complete security questionnaires.

Contact Security Team Start Free Trial