Skip to main content
All CollectionsAbout PathwrightFAQs
Common questions about security, privacy, and copyright
Common questions about security, privacy, and copyright

Find answers for all your questions about security and other technical and legal concerns.

Laurie Garcia avatar
Written by Laurie Garcia
Updated over a week ago

If you don't see your question addressed here, please send us a chat message or email

How do you secure the content in my Pathwright account?

Every Pathwright account is secured under an SSL (Secure Sockets Layer) certificate for every single page in your school. You'll notice the "https" in your URL as opposed to "http." The "S" stands for "secure:" Hyper Text Transfer Protocol Secure (https). 

This is provided automatically for every account, and you do not need to take any extra steps to enable it. This is a plus, since Google automatically gives your site a small boost on SEO (Search Engine Optimization) ranking if your site is secure. 

SSL is the same encryption that banks use, and it encrypts any data shared between a web browser and web server. A secure connection ensures that any data taken from a site is confidential. Data is encrypted in transit, but is not encrypted at rest.

Due to this protocol, all material embedded in your account (videos, surveys, etc) needs to be hosted under https as well. If you want to use a resource not hosted under https, use a hyperlink that opens the content in a new browser tab or window. 

Do I own the content I post on Pathwright? 

Yes, all of the course content is owned by you, and you can view our Terms of Use for the copyright information pertaining to Course Authors.

We require that you grant Pathwright permission to display your content online (otherwise we would not have the legal rights to host your content). 

We will not use or profit from your content in any way without your permission and you control who has access to your courses. 

Do I need copyright permission to post a resource I do not own online? 

If you plan to post content online that you did not create and is not public domain, then you will most likely need to secure permission to use it. 

You can read our full Terms of Use here, but the relevant information is under Copyright & Intellectual Property.

You are responsible to make sure that you own the material or have permission to use it before offering the course. 

How do I prevent learners from downloading my content? 

There's no easy way for learners to download anything from your course other than files that you explicitly make available for download.

Learners will not be able to cleanly print content from the course - except for the documents you attach for download - unless you enable printing.

If you'll be embedding your videos, we recommend using Vimeo. Vimeo Plus has security settings that will let you restrict playback to your Pathwright school. 

If you plan on embedding PDFs, we recommend using Scribd. You will have control over reader permissions, and you can turn off the ability to copy and paste from the document or to download it.

Learners must sign in with the username and password they set up when they joined your course. When anyone registers for a course, they will automatically be signing off on your school Terms of Use and Privacy Policy. Here are links to those two documents: Terms of Use and Privacy Policy

How can I monitor who has access to my account? 

You can see who has created a member account in your school any time by going to Community from the Dashboard or main menu. You can revoke any member's access to a single course or to your entire school. 

If you would like all admins to receive a notification each time a new member joins, we can enable that setting for you on the back end. Send us a chat message or email to get this set up. 

How can I verify my users' identity? 

If your school membership should be limited to those you invite: 

  1. Be sure to keep all courses private (this is the default). 

  2. Ask us to turn on notifications that send to all admins when a new member joins the school or set up a custom notification using Zapier and the Trigger "New school member." If anyone joins your school who should not be there, revoke their access under Community from your Dashboard or main menu. If anyone joins with the wrong email, ask them to update their email under their account settings.

  3. If it is very important that your users sign up with a specific email, create accounts for your members automatically using the "Create member" Action in Zapier. 

If your courses are public: 

  1. Offer courses on a schedule and close the courses at the end. 

  2. Schedule a video call with your learners. Use the meeting to discuss their work in the course and give feedback and ask to see a valid ID. 

  3. If you suspect anyone of sharing their password, revoke their access under Community.

What if my learners share their passwords? 

A single user account can only track progress for one person. It would not be an ideal user experience if multiple individuals tried to share. You can revoke a user's access at any time if you suspect abuse. 

What data does Pathwright collect? 

Here's the data we collect for all users:

  • User first name, last name, email address, and password (password is encoded)

  • IP addresses of users / use of cookies

  • Metadata on user interaction

Passwords are encrypted and stored securely with the same encryption that banks use. As the school administrator, you will have access to your learners' names, email addresses, and progress data. 

We will not sell or share your learners' contact information with other organizations. Secure information, like credit card numbers, is not stored. We do not collect physical addresses or phone numbers from learners.

We comply with Payment Card Industry Data Security Standards (PCI/DSS).

The rest is contingent on your use of Pathwright and individual learner choices. For example...

  • If you have learners enrolled in scheduled classes in Pathwright, then we store their course enrollments and schedules. 

  • If learners optionally update their profile with their location, bio, or other personal data, we store that data as text. 

  • If they upload a profile picture, we store the image. 

  • If you use our native assessments in your Pathwright courses, then we store those assessment answers and scores and overall course grades. 

  • If you use discussions or private feedback in your courses, we store those communications. 

  • If you sell your courses via Stripe (a third-party payment processor), we send metadata about payments to Stripe, but that information is only stored for your convenience and not used by Stripe.

Do you back up my content? How secure is it? 

Pathwright is a web-based platform, so you won't need to download or update any software; we host everything in the cloud. 

We have all Pathwright content backed up on Amazon's servers, which scale based on usage. Amazon uses more than one server to back up your school, and they store our data in several facilities and on multiple devices in each facility. By doing this, they provide 400 times the durability of a typical disk drive. Data is stored in Amazon RDS.

We run backups daily. 

However, please note that Pathwright does not have version control and we cannot retrieve unsaved or overwritten content. 

If you'd like to back up your course content, you are able to make your own backups by copy/pasting your content and saving it outside of Pathwright. 

You can also make duplicates of your courses for extra redundancy. See how to copy a course. 

What happens to data after cancellation? 

We'll keep all your data intact when your account becomes inactive. We don't currently have any processes in place to delete content from the site. If that becomes necessary in the future, we will keep all your courses and learner progress for a minimum of 12 months after the account becomes inactive. You can always return and resume teaching within a year and pick up exactly where you left off.

Data (either an individual's data or an entire Pathwright account) may be permanently deleted within 30 days upon request by account owner. Send us a chat message or email to request account deletion. 

Is Pathwright GDPR compliant?

Yes, we wrote a separate article about GDPR compliance here.

Can I add my own custom user agreement or copyright notice?

Yes, you can. In compliance with GDPR, you can add your own Privacy Policy or Terms and your users will need to sign off on them when they create an account.

By default, new members will sign off on our standard Privacy Policy and Terms of Use.

How does Pathwright ensure compliance with FERPA, COPPA, and other applicable privacy regulations?

We take the online privacy policy for children seriously and have written terms into our Terms of Use and Privacy Policy that everyone must sign off on when creating an account:

We do not knowingly collect personal information from children under 13. If we learn that we have collected the personal information of a child under 13, we will take steps to delete the information as soon as possible. Please contact us at if you believe we have any information from or about a child under the age of 13.

Parents are welcome to set up accounts for children under 13 using their own (the parent's) email address and a pseudonym. They should leave the optional profile picture blank (or use a neutral image). 

Is Pathwright ADA/WCAG compliant? 

Our goal is to be fully ADA/WCAG compliant and we are actively working towards that. Some aspects will also depend on your use of the platform (whether you have entered alternate text for images, provided captions or transcripts for videos, etc.). 

You can go ahead and build your courses in an ADA compliant way now.

  1. Add alternate text to your images in the Media Manager.

  2. Embed your videos from a hosting service like YouTube, Vimeo, Wistia, etc., that supports on-screen closed captions. Or upload captions for videos that you host on Pathwright.

  3. You can also provide a transcript that is screen-reader friendly as an attachment.

Is Pathwright HIPPA compliant?

Regarding HIPPA compliance, members must enter their email and password when they sign up for a course. Their password is encrypted and stored securely with the same encryption that banks use. As the school administrator, you will have access to your members' names, email addresses, and progress data. We will not sell or share your users' contact information with other organizations. All payments and user information is encrypted under Certified PCI level 1 compliance.

Did this answer your question?