ABOUT US

1EdTech is the leading member-led non-profit edtech partnership accelerating the digital transformation of learning

The 1EdTech community is guided by a set of educational leadership strategies essential to improving learning experiences and outcomes in K-12, higher education, and lifelong learning

1EdTech community-led workstreams help create a secure, scalable, and best-in-class digital learning ecosystem to serve the needs of all learners

1EdTech standards support seamless interoperability, lower TCO, and greater choice.

The TrustEd Apps Directory is the official listing of products and applications reviewed, vetted, or certified by 1EdTech

1EdTech hosts the annual Learning Impact Conference and other engagement opportunities throughout the year to advance the leadership and ideas that shape the future of digital learning

TrustEd Apps Profile for D2L Brightspace

Product: D2L Brightspace
Vetted by Josh Vienneau, Principal Product Manager, Extensibility at D2L Corporation on 2025-01-21

Privacy Rubric Results

This product has met the criteria required to achieve the 1EdTech Data Privacy Seal.

  • N/A
  • UNMET
  • PARTIAL
  • MEETS
Data Collection
Security
3rd Party Data
Advertising
Certified
Rubric Area Expectations
General Meets Partially Meets Doesn't Meet
User Notes GEN1 - How are changes to key policies managed?
ANSWER: Notification is provided to the user in advance and a history of policy revisions are available
User Notes:
"Policy changes are communicated by D2L to D2L clients. D2L Clients may communicate policy changes to their users at their discretion."
"Policy changes are communicated by D2L to D2L clients. D2L Clients may communicate policy changes to their users at their discretion."
Answer Meets Expectations Unselected Option: Unselected Option:
Data Collected Meets Partially Meets Doesn't Meet
User Notes DCQ1 - Do the policies list all data collected?
ANSWER: Policies list the data collected OR policies state no data is collected
User Notes:
We may collect Personal Information about you if your Organization has contracted with us for professional services or end-user support, or if you are an approved support contact under our agreement with your Organization. This information may include your name, email address or other Personal Information. Information collected in connection with our provision of professional services to your Organization is collected for the purpose of providing such services to your Organization efficiently and effectively. Information collected through the use of our support service is intended to help resolve issues as quickly as possible, and to ensure that you can be notified of the progress of any issues that you describe.
We may collect Personal Information about you if your Organization has contracted with us for professional services or end-user support, or if you are an approved support contact under our agreement with your Organization. This information may include your name, email address or other Personal Information. Information collected in connection with our provision of professional services to your Organization is collected for the purpose of providing such services to your Organization efficiently and effectively. Information collected through the use of our support service is intended to help resolve issues as quickly as possible, and to ensure that you can be notified of the progress of any issues that you describe.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes DCQ2 - Do the policies indicate how data is collected?
ANSWER: Policies state specifically how data is collected OR policies state no data collected
User Notes:
At some D2L Web sites, we ask you to provide Personal Information, such as your email address, name, employer name, home or work address, or telephone number. We may also collect demographic information, such as your postal or zip code, gender, age, preferences, interests and favorites.

We may collect Personal Information from you such as your name, email address, telephone number and Organization information when you sign up for webinars, product trials, newsletters, the annual Brightspace FUSION global conference, contests or other marketing initiatives through D2L Web sites.

If you make a purchase through a D2L Web site or Brightspace or other D2L offering or sign up for a conference or seminar, a paid subscription service or a consumer offering, we or our third party providers may ask for additional information, such as your credit card information, billing address or shipping address.

When you join, or post information to, one of our communities, you share your profile information, including your name and other information that you choose to share, with other community members. When you submit an application or inquiry through our Careers site, you voluntarily provide Personal Information to us.

When you post a comment on our company blog, you share information within your comment, along with the name you provide, with the general public.
At some D2L Web sites, we ask you to provide Personal Information, such as your email address, name, employer name, home or work address, or telephone number. We may also collect demographic information, such as your postal or zip code, gender, age, preferences, interests and favorites. We may collect Personal Information from you such as your name, email address, telephone number and Organization information when you sign up for webinars, product trials, newsletters, the annual Brightspace FUSION global conference, contests or other marketing initiatives through D2L Web sites. If you make a purchase through a D2L Web site or Brightspace or other D2L offering or sign up for a conference or seminar, a paid subscription service or a consumer offering, we or our third party providers may ask for additional information, such as your credit card information, billing address or shipping address. When you join, or post information to, one of our communities, you share your profile information, including your name and other information that you choose to share, with other community members. When you submit an application or inquiry through our Careers site, you voluntarily provide Personal Information to us. When you post a comment on our company blog, you share information within your comment, along with the name you provide, with the general public.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes DCQ3 - Do the policies state who owns the data?
ANSWER: Policies state the user owns the data alone OR policies state no data collected
User Notes:
You Own Your Data
And we keep it secure. We put the security, confidentiality, availability, and integrity of your data first. We are committed to the highest security standards and best practices.
You Own Your Data And we keep it secure. We put the security, confidentiality, availability, and integrity of your data first. We are committed to the highest security standards and best practices.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes DCQ4 - Do the policies allow users to delete their data entirely?
ANSWER: Policies allow users to delete data entirely after a period of time OR policies state no data collected
User Notes:
If you are a consumer user and you wish to remove or restrict the collection of data with an account you have with us, you may do so by contacting us at AskUs@D2L.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce this Privacy Policy and any applicable user agreements. We will take steps to ensure that your Personal Information is destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as required by law.
If you are a consumer user and you wish to remove or restrict the collection of data with an account you have with us, you may do so by contacting us at AskUs@D2L.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce this Privacy Policy and any applicable user agreements. We will take steps to ensure that your Personal Information is destroyed, erased or made anonymous as soon as the purpose for which it was collected is no longer relevant, or as required by law.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes DCQ5 - Do the policies state the retention of data?
ANSWER: Policies have a 60-day or less retention policy OR policies state no data collected
User Notes:
If you are an enterprise user, retention of your Personal Information is the responsibility of your Organization and is governed by its privacy policies. If you wish to remove your account, please contact your Organization. If your Organization retains the information, it is subject to our contractual arrangement with your Organization and may be subject to our archival policies.
If you are an enterprise user, retention of your Personal Information is the responsibility of your Organization and is governed by its privacy policies. If you wish to remove your account, please contact your Organization. If your Organization retains the information, it is subject to our contractual arrangement with your Organization and may be subject to our archival policies.
Answer Meets Expectations Unselected Option: Unselected Option:
Security Meets Partially Meets Doesn't Meet
User Notes SECQ1 - Do the policies state how data is protected?
ANSWER: Policies list the steps taken to protect data or OR policies state no data collected
User Notes:
We hold many security certifications and we take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information. For more information on our Security please visit www.d2l.com/security/compliance/.

We restrict access to Personal Information to D2L employees, contractors and agents who have a need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, up to and including termination, as well as civil action and criminal prosecution, if they fail to meet these obligations.
We hold many security certifications and we take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information. For more information on our Security please visit www.d2l.com/security/compliance/. We restrict access to Personal Information to D2L employees, contractors and agents who have a need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, up to and including termination, as well as civil action and criminal prosecution, if they fail to meet these obligations.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SECQ2 - Do the policies state all confidential & sensitive information is encrypted throughout?
ANSWER: Data encrypted throughout OR passes an encryption test with no vulnerabilities OR policies state no data collected
User Notes:
SSL Labs report shows an overall rating of A+
SSL Labs report shows an overall rating of A+
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SECQ3 - Do the policies state whether or not it enforces strong password creation?
ANSWER: Supplier enforces strong password creation OR supplier user base exempt from password requirements or OR no account creation required
User Notes:
If you register to become a D2L member any way, you are responsible for maintaining the confidentiality of your member identification and password information, and for restricting access to your computer. You agree to accept responsibility for all activities that occur under your member identification and password.

No student account creation through website
If you register to become a D2L member any way, you are responsible for maintaining the confidentiality of your member identification and password information, and for restricting access to your computer. You agree to accept responsibility for all activities that occur under your member identification and password. No student account creation through website
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SECQ4 - Do the policies indicate whether or not it leverages 2 step (or other forms of multifactor) authentication?
ANSWER: Supplier uses SSO or an LTI launch OR no account creation is required OR supplier user base exempt from 2-step authentication requirements
User Notes:
Supplier uses SSO or an LTI launch OR no account creation is required
Supplier uses SSO or an LTI launch OR no account creation is required
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SECQ5 - Do the policies state the use of cookies?
ANSWER: Policies list all cookies used and each cookie's purpose OR policies state that it only uses cookies that are crucial for app functionality
User Notes:
When you visit a D2L Web site, you may encounter cookies described in the list below. Our lists are grouped based on the International Chamber of Commerce (ICC) cookie guide, which identifies four categories of cookies:

Strictly necessary cookies
Performance cookies
Functionality cookies
When you visit a D2L Web site, you may encounter cookies described in the list below. Our lists are grouped based on the International Chamber of Commerce (ICC) cookie guide, which identifies four categories of cookies: Strictly necessary cookies Performance cookies Functionality cookies
Answer Meets Expectations Unselected Option: Unselected Option:
Third Party Data Meets Partially Meets Doesn't Meet
User Notes SHRQ1 - Do the policies state the use of third parties?
ANSWER: Policies list each third party separately OR policies state third party use strictly for app functionality OR policies state that they do not use third parties
User Notes:
We may share your information with third parties who are not our partners or service providers only in the following situations:

We have your consent through an opt-in option provided to you; or
We have a good faith belief that access, use, preservation or disclosure of your Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms and conditions of this Privacy Policy or any applicable user agreement, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.
We may share your information with third parties who are not our partners or service providers only in the following situations: We have your consent through an opt-in option provided to you; or We have a good faith belief that access, use, preservation or disclosure of your Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms and conditions of this Privacy Policy or any applicable user agreement, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SHRQ2 - Do the policies state what information is shared with each 3rd party?
ANSWER: Policies list the data it shares with each third party separately OR policies state that it does not share any data with any third party
User Notes:
D2L’s contracts include confidentiality provisions that prohibit D2L from disclosing customer confidential information, including customer data, except under certain defined circumstances, such as when required by law.
D2L agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law.
D2L’s contracts include confidentiality provisions that prohibit D2L from disclosing customer confidential information, including customer data, except under certain defined circumstances, such as when required by law. D2L agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SHRQ3 - Do the policies state whether or not users can opt out of 3rd party data sharing?
ANSWER: Policies include an easy opt out process for users OR policies state that it does not share any data with any third party
User Notes:
We may share your information with third parties who are not our partners or service providers only in the following situations:

We have your consent through an opt-in option provided to you; or
We have a good faith belief that access, use, preservation or disclosure of your Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms and conditions of this Privacy Policy or any applicable user agreement, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.
We may share your information with third parties who are not our partners or service providers only in the following situations: We have your consent through an opt-in option provided to you; or We have a good faith belief that access, use, preservation or disclosure of your Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms and conditions of this Privacy Policy or any applicable user agreement, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SHRQ4 - Do the policies state if the supplier requires 3rd parties to adhere to the terms of the vendor/customer agreement?
ANSWER: Supplier claims responsibility for third party privacy practices OR policies state that it does not share any data with any third party
User Notes:
We restrict access to Personal Information to D2L employees, contractors and agents who have a need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, up to and including termination, as well as civil action and criminal prosecution, if they fail to meet these obligations.
We restrict access to Personal Information to D2L employees, contractors and agents who have a need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, up to and including termination, as well as civil action and criminal prosecution, if they fail to meet these obligations.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes SHRQ5 - Do the policies state whether or not user is notified of a change in third parties?
ANSWER: Supplier changes third party and keeps the same data sharing terms OR supplier does not use any third parties
User Notes:
"Policy changes are communicated by D2L to D2L clients. D2L Clients may communicate policy changes to their users at their discretion."
"Policy changes are communicated by D2L to D2L clients. D2L Clients may communicate policy changes to their users at their discretion."
Answer Meets Expectations Unselected Option: Unselected Option:
Advertising Meets Partially Meets Doesn't Meet
User Notes ADVQ1 - Do the policies indicate if advertisements are displayed?
ANSWER: No ads are displayed
User Notes:
We Don’t Give Your Data to Advertisers
We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
We Don’t Give Your Data to Advertisers We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes ADVQ2 - Do the policies indicate whether or not users are targeted for advertisement?
ANSWER: Policies guarantee no ad targeting OR Policies state no ads are used on its platform
User Notes:
We Don’t Give Your Data to Advertisers
We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
We Don’t Give Your Data to Advertisers We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes ADVQ3 - Do the policies indicate whether or not any 3rd parties track or collect information for advertisement?
ANSWER: Policies state third parties are not used for ads or tracking
User Notes:
We Don’t Give Your Data to Advertisers
We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
We Don’t Give Your Data to Advertisers We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes ADVQ4 - Do the policies indicate whether or not web beacons or other tracking methods are used for ad purposes?
ANSWER: Policies state that it only tracks interactions within its application OR policies state that it does not use any tracking technologies for ads
User Notes:
We Don’t Give Your Data to Advertisers
We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
We Don’t Give Your Data to Advertisers We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
Answer Meets Expectations Unselected Option: Unselected Option:
User Notes ADVQ5 - Do the policies state whether or not users can opt out of sharing data with advertisers?
ANSWER: Policies state in detail how users can opt out of sharing data with advertisers OR policies state no ads are used on its platform
User Notes:
We Don’t Give Your Data to Advertisers
We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
We Don’t Give Your Data to Advertisers We don’t collect, track, target, use, or sell learner data for advertising purposes. It’s that simple.
Answer Meets Expectations Unselected Option: Unselected Option:

Vetting Context

Policies Cited

The following urls were cited as a basis for this information.

Geographical Context

(Laws and regulations can vary across regions)
Ontario
Canada Canada flag

Regulatory Compliance

The information below provides insight into compliance with various regulatory policies.

  • GDPR Compliant: Yes
  • FERPA Compliant: Yes
  • COPPA Compliant: Yes

This application can be used by children under the age of 13.

Email Josh about this record

The views and opinions expressed in this information are those of the authors and do not necessarily reflect the official policy or position of 1EdTech. The information provided is intended to surface trends about the policies and procedures of systems leveraged by the educational community. It should not be considered legal advice.

Disclaimer: 1EdTech Trusted Apps provides a vetting of a product's data policy according to the 1EdTech Trusted Apps Rubric. Achieving the TrustEd Apps Certified Seal indicates adherence to a baseline level of privacy. Institutions should review an application's detailed vetting results before approving it for use.

© Copyright 2025 1EdTech Global Learning Consortium Inc. All Rights Reserved.

App Vetting Rubric Version: 2