vendor info - Puzzel.org

Company Name

Puzzel.org

Owner / Main contact / POC

Daan Weustenraad - daan@puzzel.org

Location/Address

Sneekermeer 13, 3825XT, Amersfoort, the Netherlands - https://puzzel.org

Product/Service Description (School-subscription)

The subscription allow access to the online educational activity creation platform. This allows uploading and creating educational and interactive content.

The selected product includes one year of access to platform with the following features:

unlimited puzzels can be created
all features available
up to 5 additional Teacher-accounts
up to 5,000 puzzles player sessions each month (can be scaled up to support any number of teachers/player sessions).

Will the application/solution require access to a University or USG Resource? (Banner, OneUsg, Wireless, Network, Phones, Servers, etc)?

Yes, it requires an active internet connection, so either WiFi or a mobile network connection is required.

How will you access this product / solution? (Local Computer use only, Solution uses internet based login, Solution uses School login?)

Solution uses internet based login

Do you recommend hard-wired networking connection, or is wireless sufficient?

Wireless is sufficient, the load per webpage is pretty low. (< 1MB mostly)

What are your system requirements (minimal and recommended) for the following:

Any browser that is NOT Internet Explorer (too old), so Chrome, Firefox, Safari, Edge all work. It does NOT require any further plugins like Flash etc..

On what Display size/resolution does your platform work?

The website is fully responsive, so it will work on all mobile devices as well as desktop computers.

Creating activities can best be done on either a desktop computer or tablet since this requires more screen size to keep a clear overview of what you are building.

Recommended graphics card and memory?

Does not matter, the website runs on any semi-modern hardware system.

Does your application require any (app) installation?

No, it is a complete web application, meaning it will solely run in the browser.

Will this product / solution be used with any data or information?

Not by default. The platform uses no tracking cookies/ads whatsoever, only a session cookie to make sure the user stays logged in.

The user can choose to activate 'Keep track of stats' + 'Force registration' when creating an activity to gather individual activity results. Each registration field can be handpicked to make it as privacy-friendly as possible.

Please identify the data fields or information (or types of data ) that might or will be used with this product / solution? (FN, LN, DOB, Eagle ID, Email, Date, Keywords, Text, Photos, Video, Audio, Biometric data, etc.)

Each following item is completely optional:

Activity results
Educational content
First name / Last name / Email / Student ID

If known, what data types will be used with this resource? (HIPAA, FERPA, PII, PCI, CUI, Research Data, OTHER)

Optionally, PII like First name + Lastname / Email / Student ID

What is the anticipated timeframe for implementing this solution?

The solution can be implemented/used immediately, since all the puzzle generators are publicly available. If one chooses to upgrade to a paid subscription, changes take effect immediately.

What needs to be unblocked/whitelisted with our filter/firewall for this service to work?

The following domains need to be unblocked/whitelisted for Puzzel.org to work fully:

https://puzzel.org (main website)
https://cdn.puzzel.org (content delivery like images and audio)
https://*.googleapis.com (for user/player accounts)
wss://*.firebaseio.com (for [real-time] database)

Are any of your servers overseas? If so, what nations?

The data is stored in the US. The servers for hosting the application are run through the CDN of Vercel.

Does your program utilize a caching server?

Only for static content pages.

Does your service require e-mail interaction with students?

No, all communication runs through the activity owner which in most cases will be the Teacher.

Does your software support any integrations?

Currently the only supported integration is Canvas, besides that you can run Puzzel.org standalone of course by embedding it anywhere you like (which is how it is mainly being used).

Do teachers have individual logins?

Yes, each teacher can create his/her own login (via their email address) to connect to the Puzzel.org platform. This individual login can later be connected to a School-account subscription (if available).

Does your product come with unlimited technical support?

Yes (via email, daan@puzzel.org)!

(as long as you do put effort in trying out features / reading existing documentation). Available between 9AM - 10PM (CET).

Do we have a portal to manage our students?

Yes and no, students have the option have registering (if you force this) and while solving activities when logged in, you will have access to their activity results. You have no control over their account though.

You can delete any of their results at any given point in time.

Do you have customizable roles in the administrative console?

No, there is not much hierarchy in the Puzzel.org system. Only the School-account owner has extra rights to invite other teachers to join the main School-account (so they have Premium access).

Do you offer training and of what does it consist?

No, but there is quite some documentation in the feature + activity builder section and all questions are always welcome via email (and the platform is pretty user-friendly!).

Does any of our data have to be imported into your program?

No, this is not a requirement at all.

Describe the process and timeline you will utilize to notify the School should a data breach be discovered. Please include the company POC who will notify PWCS and what the notification will be. Please describe how the notification will take place and in what format.

The account holders will be notified via email. The POC of Puzzel.org is Daan Weustenraad (see details above). The notification will contain details about the breach, who was affected and what kind of effects this will have.

The infrastructure (hosts, network equipment, etc.) hosting the application must be located in a locked cage-type environment. A Tier 2 data center (or better) or Cloud Service Provider, such as AWS, Google, or Azure physical infrastructure is preferred.

The application is hosted by one of the bigger application delivery networks, Vercel and is therefore secured in the best possible way. The application data is stored within Google Firebase.

More about Google Firebase

The infrastructure hosting the application must keep the data separate from other customers' data. This can be done through physical (airgap, separate servers, etc.) or logical (VLAN, subnets, security tags, virtual hosts, etc.) means. Describe how this is accomplished.

This is accomplished via virtual authentication. While logged into your account, you only have access to the data that was stored by you, the activity owner, or on behalf of your activities (the activity player data). This is completely protected/guarded via the Firebase Security Rules implementation.