Puzzel.org

Company Name

Puzzel.org

Owner / Main contact / POC

Daan Weustenraad - daan@puzzel.org

Location/Address

Sneekermeer 13, 3825XT, Amersfoort, the Netherlands - https://puzzel.org

School-subscription Product Description

Access to puzzel platform in order to upload and create educational and interactive content. The selected product includes one year access to platform with the following features: unlimited puzzels can be created, all features available, up to 5 additional Educators on account and up to 5,000 puzzles played each month (scalable up to any number of Educators required).

Will the application/solution require access to a University or USG Resource? (Banner, OneUsg, Wireless, Network, Phones, Servers, etc)?

Yes, it requires an active internet connection, so either WiFi or a mobile network connection is required.

How will you access this product / solution? (Local Computer use only, Solution uses internet based login, Solution uses School login?)

Solution uses internet based login

Do you recommend hard-wired networking connection, or is wireless sufficient?

Wireless is sufficient, the load per webpage is pretty low. (< 1MB mostly)

What are your system requirements (minimal and recommended) for the following:

Any browser that is NOT Internet Explorer (too old), so Chrome, Firefox, Safari, Edge all work. It does NOT require any further plugins like Flash etc..

On what Display size/resolution does your platform work?

The website is fully responsive, especially for playing the puzzles and games, so it will work on all mobile devices as well as desktop computers.

Creating puzzles can best be done on either a desktop computer or tablet since this requires more screen size to keep a clear overview of what you are building.

Recommended graphics card and memory?

Does not matter, the website runs on any semi-modern hardware system.

Does your application require any (app) installation?

No, it is a complete web application, meaning it will solely run in the browser.

Will this product / solution be used with any data or information?

Not by default. The platform uses no tracking cookies/ads whatsoever, only a session cookie to make sure the user stays logged in.

The user can choose to activate 'Keep track of stats' + 'Force registration' when creating a puzzle/game to gather individual puzzle results. Each registration field can be handpicked to make it as privacy-friendly as possible.

See https://puzzel.org/en/features/general/tracking-puzzle-results for more info.

Please identify the data fields or information (or types of data ) that might or will be used with this product / solution? (FN, LN, DOB, Eagle ID, Email, Date, Keywords, Text, Photos, Video, Audio, Biometric data, etc.)

Each following item is completely optional:

  • Puzzle results
  • Educational content
  • First name / Last name / Email / Student ID

If known, what data types will be used with this resource? (HIPAA, FERPA, PII, PCI, CUI, Research Data, OTHER)

Optionally, PII like First name + Lastname / Email / Student ID

What is the anticipated timeframe for implementing this solution?

The solution can be implemented/used immediately, since all the puzzle generators are publicly available. If one chooses to upgrade to a paid subscription, changes take effect immediately.

What needs to be unblocked/whitelisted with our filter/firewall for this service to work?

The following domains need to be unblocked/whitelisted for Puzzel.org to work fully:

  • https://puzzel.org (main website)
  • https://cdn.puzzel.org (content delivery like images and audio)
  • https://*.googleapis.com (for user/player accounts)
  • wss://*.firebaseio.com (for [real-time] database)

Are any of your servers overseas? If so, what nations?

The data is stored in the US. The servers for hosting the application are located in the Netherlands (TransIP).

Does your program utilize a caching server?

No, not directly at least (not required).

Does your service require e-mail interaction with students?

No, all communication runs through the puzzle owner which in most cases will be the Educator.

Does your software support any integrations?

Currently the only supported integration is Canvas, besides that you can run Puzzel.org standalone of course (which is how it is mainly being used).

Canvas integration instructions

Do teachers have individual logins?

Yes, each teacher can create his/her own login (via their email address) to connect to the Puzzel.org platform. This individual login can later be connected to a School-account subscription (if available).

Does your product come with unlimited technical support?

Yes (via email, daan@puzzel.org)! :)

(as long as you do put effort in trying out features / reading existing documentation). Available between 9AM - 10PM (CET).

Do we have a portal to manage our students?

Yes and no, students have the option have registering (if you force this) and while solving puzzles/games when logged in, you will have access to their puzzle results. You have no control over their account though.

Do you have customizable roles in the administrative console?

No, there is not much hierarchy in the Puzzel.org system. Only the School-account owner has extra rights to invite other teachers to join the main School-account (so they have Premium access).

Do you offer training and of what does it consist?

No, but there is quite some documentation in the feature section and all questions are always welcome via email (and the platform is pretty user-friendly!).

Check out the feature section

Does any of our data have to be imported into your program?

No, this is not a requirement at all. You can gradually build up your puzzle entity :).

Describe the process and timeline you will utilize to notify the School should a data breach be discovered. Please include the company POC who will notify PWCS and what the notification will be. Please describe how the notification will take place and in what format.

The account holders will be notified via email. The POC of Puzzel.org is Daan Weustenraad (see details above). The notification will contain details about the breach, who was affected and what kind of effects this will have.

The infrastructure (hosts, network equipment, etc.) hosting the application must be located in a locked cage-type environment. A Tier 2 data center (or better) or Cloud Service Provider, such as AWS, Google, or Azure physical infrastructure is preferred.

The application is hosted in a Tier 2 data center, hosted by the biggest Dutch hosting company TransIP. The application data is stored within Google Firebase.

More about Google Firebase

The infrastructure hosting the application must keep the data separate from other customers' data. This can be done through physical (airgap, separate servers, etc.) or logical (VLAN, subnets, security tags, virtual hosts, etc.) means. Describe how this is accomplished.

This is accomplished via virtual authentication. While logged into your account, you only have access to the data that was stored by you, the puzzle owner, or on behalf of your puzzles (the puzzle player data). This is completely protected/guardes via the Firebase Security Rules implementation.

More on Firebase Security Rules

The data must always be encrypted while in transit, while in use and at rest, without exception. Describe how this is accomplished.

'Firebase services encrypt data in transit using HTTPS and logically isolate customer data.' - Firebase

More on Data Encryption

How will you authenticate users? What options exist (Local/manual, SSO, SAML, Clever, etc.)?

Authentication runs through Google Firebase as well, based on email addresses:

https://firebase.google.com/docs/auth

Provide information on the account termination process

A user account can be deleted at any point, which will completely wipe any existing record of the connected puzzles and connected puzzle results.

Please describe who has access to the account data?

Only the puzzle owner has access to their own data. Puzzel.org employees can have access to an account for debugging purposes, but will never access an account without an explicit request from the account holder.

Do you accept payment by PO?

No, except if the PO can be paid via credit card. A custom online invoice can be created with the PO number on it if that helps :). Checks cannot be accepted unfortunately.

Does this product or solution have the ability to accept payments of any type?

Yes, it can accept credit card payments and PayPal payments (in the US). All the other payment methods are listed below (no checks though)