We take privacy and security extremely seriously at Twinkl. This FAQ is intentionally technical, if you'd like a non-technical explanation of security and the Twinkl site, we'd recommend reading the 'Is the Twinkl site secure?' FAQ.
The Twinkl site features absolutely no advertising.
If you are seeing advertising when you visit the Twinkl website, this is being added by a third party. Common third parties include browser add-ons, toolbars, locally installed software on your PC (both benign and malicious) and ISP advertisement injection. We'd recommend you take action to understand and eliminate the source of advertising, as not doing so may cause you further problems with your computer and could potentially jeopardise your security and privacy.
If you are an user within a school or business, you should contact whomever is responsible for supporting your IT in the first instance; we're happy to assist and the best way we can do this is if you report your concerns to your local contact first. If you are someone responsible for ICT administration within a school, Education Authority or Grid For Learning context and wish to discuss any concerns you have, or have had reported to you, then we'd love to hear from you.
Encryption & Secure Login
Any data you enter on the website is encrypted when sent to our servers. We adhere to industry standards and best practices, employing strong commercial SSL encryption to give assurance that regular interactions with our services are secure, private, and tamper-proof.
You can independently verify the validity of any of our SSL certificates yourself, in a number of ways, including:
- Visit any page on the website and inspect the certificate from within the browser.
- Use an external, 3rd party, SSL checking service to independently verify our SSL certificate (for example: https://www.digicert.com/help/
All emails sent to you, whether from our website or from our customer service team, are sent by our service provider which supports opportunistic end-to-end TLS encryption; If your email servers/service provider supports TLS then we will transmit email to you in a secure fashion.
From time-to-time, we receive reports of issues using our website due to SSL Certificate errors, these are commonly caused by external issues with validating certificate trust and unrelated to the validity of our certificates. As a popular website with millions of users globally, we tend to see such reports just as root CA certificates expire or are replaced/changed (for example, July 2020:DigiCert, September 2021:LetsEncrypt), especially so from school customers where legacy systems or specialist filtering software is in use and may not be up-to-date.
Scenarios where this may happen, requiring customer action, include the following:
- Operating systems become outdated or non-supported (such as old or not updated versions of Windows, Macintosh or iOS/Android), or are mis-configured, or have not been updated in a long time.
For example, a device is out of date/not supported and therefore does not have up-to-date root certificate authority (CA) certificates to correctly verify certificate trust.
- Browser software (Chrome, Safari, MS Edge) becomes outdated or non-supported, or is mis-configured, or has not been updated in a long time. For example, you are using an old version of Google Chrome.
- Some other device software (such as anti-virus or content filtering software) becomes outdated or non-supported, or is misconfigured or has not been updated in a long time.
- A content filtering or security device on the network/s between you and the Twinkl website is no longer supported, is mis-configured, or has not been updated in a long time.
The best advice we can offer in these scenarios is to ensure your systems are up to date and supported, or work with your IT provider to do so. In some cases there may be technical workarounds you, or your IT provider can perform, but these ought to be considered temporary solutions and the root cause addressed as soon as possible. For example, the Firefox browser uses it's own certificate store, and in some cases may be a simple temporary workaround option whilst systems are updated or re-configured.
Because Twinkl needs to maintain best practices and adhere to industry standards, understandably we often cannot respond to minority customer issues caused by out-of-date systems by making changes to our systems or providing workarounds that would compromise the security of our systems for other users.
Website Vulnerabilities and Malicious Content (Including Viruses and Malware)
We carry out scheduled and continuous malicious content and vulnerability scans of the website infrastructure. If you are worried about a specific issue then we'd love to chat with you!
Web Filtration, Access Blocks and Access Issues
Access issues to the Twinkl website can be very frustrating for educators who rely on our resources to help them to provide the very best education. We recognise this and do all that we can to proactively and responsively ensure access to the Twinkl website infrastructure is possible. Examples of access issues are very rare, mainly because whilst Twinkl has no control over end-user systems, we enjoy good relationships with those who do and they invariably understand the necessity of Twinkl to their user-base.
If you are a user experiencing difficulties we would always recommend that you get in contact with both us, and your local ICT responsible party. Typically within a school context, this is your local ICT administrator, your LEA support team and/or your educational learning network support team (E.G. Grid For Learning / Regional Broadband Consortiums). This allows us to ensure everything within our control is optimal, freeing up administrators to focus on addressing access issues under their control. If you reach out to us, we will typically ask you to provide us with a screenshot to help us best understand your access issue, and may request further technical information so we can best liaise with your ICT contact to resolve the issue.
If you are an ICT responsible party, we'd love to speak to you if you are concerned about the Twinkl website or are considering restricting access to it. A few resources that can be helpful for confirming the legitimacy and security of the Twinkl website from a filtration perspective are as follows:
- Consult your local wider Grid For Learning, Regional Broadband Consortium or contracted upstream filtration provider (for example Atomwide WebScreen) for support in your decision. Usually there are nominated contact details available for you to do this, plus opportunities for training around the filtration systems your GFL offer. These entities work hard to ensure school networks are secured and your educational environment's ICT is optimal.
- Google - the Google Safe Browsing Site secure status checker is a really useful go-to tool. Google is the world's most popular search engine and takes very seriously its responsibility to ensure that visitors who use its search engine to find and access websites are protected. Google tend to be the quickest entity to notice and alert users to a problem with a website.
- Intel Security / McAfee Trusted Source - Intel recently acquired McAfee and are now known as Intel Security. McAfee is a household name and their security products and services are very popular across the global markets and geographies. You can securely query their classification database online here.
- Norton Safeweb - Norton are another household name security product and services vendor. You can securely query their classification database online here.
- TrendMicro - Trend are another very popular security product and services vendor. They have one of the largest domain-reputation databases in the world supporting products which are used to protect UK critical national infrastructure/services. You can securely query their classification database online here.
- Bluecoat/WebPulse - Bluecoat are a major provider of internet filtration services. They provide enterprise services to clients who deliver UK critical national infrastructure, their web filtration service is also behind the popular "K9" schools and home user web filtration software. You can securely query the Bluecoat/WebPulse classification database online here.
- Sonicwall (owned by Dell) - Sonicwall are another a major provider of content filtering. You can query the Sonicwall classification database online here.
- Juniper/SurfControl - Juniper/SurfControl are another a major provider of content filtering. You can query the Juniper/SurfControl classification database online here.