Owner / Main contact / POC
Daan Weustenraad - email@example.com
Sneekermeer 13, 3825XT, Amersfoort, the Netherlands - https://puzzel.org
School-subscription Product Description
Will the application/solution require access to a University or USG Resource? (Banner, OneUsg, Wireless, Network, Phones, Servers, etc)?
How will you access this product / solution? (Local Computer use only, Solution uses internet based login, Solution uses School login?)
Do you recommend hard-wired networking connection, or is wireless sufficient?
What are your system requirements (minimal and recommended) for the following:
On what Display size/resolution does your platform work?
The website is fully responsive, especially for playing the puzzles and games, so it will work on all mobile devices as well as desktop computers.
Creating puzzles can best be done on either a desktop computer or tablet since this requires more screen size to keep a clear overview of what you are building.
Recommended graphics card and memory?
Does your application require any (app) installation?
Will this product / solution be used with any data or information?
Not by default. The platform uses no tracking cookies/ads whatsoever, only a session cookie to make sure the user stays logged in.
The user can choose to activate 'Keep track of stats' + 'Force registration' when creating a puzzle/game to gather individual puzzle results. Each registration field can be handpicked to make it as privacy-friendly as possible.
See https://puzzel.org/en/features/general/tracking-puzzle-results for more info.
Please identify the data fields or information (or types of data ) that might or will be used with this product / solution? (FN, LN, DOB, Eagle ID, Email, Date, Keywords, Text, Photos, Video, Audio, Biometric data, etc.)
Each following item is completely optional:
- Puzzle results
- Educational content
- First name / Last name / Email / Student ID
If known, what data types will be used with this resource? (HIPAA, FERPA, PII, PCI, CUI, Research Data, OTHER)
What is the anticipated timeframe for implementing this solution?
The solution can be implemented/used immediately, since all the puzzle generators are publicly available. If one chooses to upgrade to a paid subscription, changes take effect immediately.
What needs to be unblocked/whitelisted with our filter/firewall for this service to work?
The following domains need to be unblocked/whitelisted for Puzzel.org to work fully:
- https://puzzel.org (main website)
- https://cdn.puzzel.org (content delivery like images and audio)
- https://*.googleapis.com (for user/player accounts)
- wss://*.firebaseio.com (for [real-time] database)
Are any of your servers overseas? If so, what nations?
Does your program utilize a caching server?
Does your service require e-mail interaction with students?
Does your software support any integrations?
Currently the only supported integration is Canvas, besides that you can run Puzzel.org standalone of course (which is how it is mainly being used).
Do teachers have individual logins?
Does your product come with unlimited technical support?
Yes (via email, firstname.lastname@example.org)! :)
(as long as you do put effort in trying out features / reading existing documentation). Available between 9AM - 10PM (CET).
Do we have a portal to manage our students?
Do you have customizable roles in the administrative console?
Do you offer training and of what does it consist?
No, but there is quite some documentation in the feature section and all questions are always welcome via email (and the platform is pretty user-friendly!).
Does any of our data have to be imported into your program?
Describe the process and timeline you will utilize to notify the School should a data breach be discovered. Please include the company POC who will notify PWCS and what the notification will be. Please describe how the notification will take place and in what format.
The account holders will be notified via email. The POC of Puzzel.org is Daan Weustenraad (see details above). The notification will contain details about the breach, who was affected and what kind of effects this will have.
The infrastructure (hosts, network equipment, etc.) hosting the application must be located in a locked cage-type environment. A Tier 2 data center (or better) or Cloud Service Provider, such as AWS, Google, or Azure physical infrastructure is preferred.
The application is hosted in a Tier 2 data center, hosted by the biggest Dutch hosting company TransIP. The application data is stored within Google Firebase.
The infrastructure hosting the application must keep the data separate from other customers' data. This can be done through physical (airgap, separate servers, etc.) or logical (VLAN, subnets, security tags, virtual hosts, etc.) means. Describe how this is accomplished.
This is accomplished via virtual authentication. While logged into your account, you only have access to the data that was stored by you, the puzzle owner, or on behalf of your puzzles (the puzzle player data). This is completely protected/guardes via the Firebase Security Rules implementation.
The data must always be encrypted while in transit, while in use and at rest, without exception. Describe how this is accomplished.
'Firebase services encrypt data in transit using HTTPS and logically isolate customer data.' - Firebase
How will you authenticate users? What options exist (Local/manual, SSO, SAML, Clever, etc.)?
Authentication runs through Google Firebase as well, based on email addresses:
Provide information on the account termination process
Please describe who has access to the account data?
Only the puzzle owner has access to their own data. Puzzel.org employees can have access to an account for debugging purposes, but will never access an account without an explicit request from the account holder.
Do you accept payment by PO?
Does this product or solution have the ability to accept payments of any type?
Yes, it can accept credit card payments and PayPal payments (in the US). All the other payment methods are listed below (no checks though)