Service overview

Taito Learning provides digital learning services for schools and districts, including keyboarding (K-12), digital citizenship (K-5), and coding solutions (K-8). Our services are designed for instructional use and are operated in accordance with contractual commitments and applicable student data protection laws.

Taito Learning acts as a service provider and data processor, processing student data solely on behalf of and under the direction of educational institutions.

Company profile

Taito Learning Oy is an education technology company headquartered in Finland, serving schools and districts in the United States and internationally. Platform development, data governance, and security oversight are managed by Taito Learning.

Service hosting

Taito Learning services are hosted on Amazon Web Services (AWS) in the United States. AWS provides a secure cloud infrastructure with physical, technical, and operational protections suitable for handling student and school data.

Production environments are logically separated and protected using standard network security controls. Access to systems is restricted to authorized personnel and service providers with an operational need.

Information security framework

Taito Learning maintains an information security program aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) version 1.1. The NIST CSF provides a risk-based framework used to guide security policies and controls based on identified risks, compliance requirements, and business needs, covering core security areas such as access control, data protection, incident response, and security awareness.

Access control and data use

Access to student and school data is governed by role-based controls. Schools and districts manage access for their authorized users, including administrators, teachers, and students.

Internal access to systems containing student data is limited to authorized personnel and service providers for approved operational or support purposes. Student data is used only to provide and support the educational services authorized by the school or district.

Taito Learning does not sell student data and does not use student data for advertising or marketing purposes.

Data encryption

Taito Learning protects student and school data using industry-standard encryption practices. Data transmitted between users and our services is encrypted in transit using secure communication protocols, and data stored within our systems is protected using encryption at rest. These measures help safeguard data against unauthorized access, disclosure, or modification.

Data retention and deletion

Student and school data is retained only for as long as necessary to provide the contracted services and to meet applicable legal or contractual requirements. Upon request by the school or district, or upon termination of the service agreement, data is securely deleted in accordance with agreed-upon terms.

Subprocessors and service providers

Taito Learning uses trusted third-party service providers to support the operation of our services, such as cloud hosting and related infrastructure services. These service providers are contractually required to protect data and to process it only in accordance with Taito Learning’s instructions and applicable data protection obligations.

Taito Learning remains responsible for the protection of student data processed on behalf of schools and districts.

Operational security and incident handling

Taito Learning maintains procedures to identify, assess, and respond to security incidents affecting our services. These procedures are designed to support timely mitigation, communication, and compliance with applicable contractual and legal notification requirements.

Measures are in place to support service continuity and recovery in the event of operational disruptions.

Security awareness and responsibility

Protecting student data is a shared responsibility within Taito Learning. Personnel and relevant service providers are subject to confidentiality obligations and are expected to follow established security and data protection practices appropriate to their roles.

Partner relationships

Stepware partnership

In the United States, Taito Learning works with Stepware, Inc. to support customer onboarding, professional development training, and local customer engagement. Stepware does not have access to student data within the Taito Learning platform and does not perform data processing activities on behalf of schools or districts.

CodeMonkey offering

Taito Learning also resells CodeMonkey’s award-winning coding software in selected U.S. states and to existing Taito Learning customers. CodeMonkey content is delivered through and fully integrated into the Taito Learning platform and is subject to the same security and data protection practices described on this page.

Compliance and privacy alignment

Taito Learning supports school and district compliance with applicable student data privacy laws, including FERPA, COPPA, and relevant U.S. state privacy laws. Our services and contractual practices align with commonly used district data protection agreements and the principles of the Student Privacy Pledge.