Edapt is safe to allowlist.
Everything an IT admin needs to verify Edapt and unblock it on FortiGate, Securly, Lightspeed, GoGuardian, Cisco Umbrella, Sophos, Palo Alto, or Zscaler. Quick to verify — usually under five minutes.
TL;DR for IT
- Add
edaptlearn.com+*.edaptlearn.comto your SSL deep-inspection exemption list. (Same reason you bypass Google, Microsoft, banks.) - Categorise the domain as Education in your web-filter database.
- If you use FortiGate, the bypass is in: Security Profiles → SSL/SSH Inspection → Exempt from SSL Inspection.
Allowlist domains
Add these to your URL allowlist:
| Domain | Purpose |
|---|---|
| edaptlearn.com | Main app + marketing site |
| *.edaptlearn.com | Subdomains (auth, api, status) |
| *.vercel.app | Edge-hosted preview deployments |
| vercel.live | WebSocket fallback for live updates |
Subprocessor traffic
Edapt makes outbound calls to these vendors on the user's behalf for sign-in, payment and AI inference. Most are already on standard school allowlists.
| Host | Vendor | Purpose |
|---|---|---|
| api.stripe.com | Stripe | Payment processing |
| js.stripe.com | Stripe | Payment SDK |
| checkout.stripe.com | Stripe | Hosted checkout |
| api.groq.com | Groq | LLM inference |
| api.cerebras.ai | Cerebras | LLM inference |
| api.elevenlabs.io | ElevenLabs | Text-to-speech for Listen mode |
| accounts.google.com | Google Sign-In (OAuth) |
Why SSL inspection breaks Edapt
Edapt uses Google OAuth, Stripe, and modern HTTPS connections that don't accept man-in-the-middle re-signed certificates on personal (BYOD) devices. This is the same reason every school already exemptsaccounts.google.com,login.microsoftonline.com, and bank domains from deep inspection. Adding Edapt to the same exemption list resolves NET::ERR_CERT_AUTHORITY_INVALID for student devices.
Australian state & territory allowlist processes
Public-school networks across Australia inherit allowlists from each state or territory department. If you can get Edapt approved at the department level, every school in that state inherits it. These are the formal vendor-onboarding processes for each AU jurisdiction:
Victoria
DET FUSE / Software & Tools approval
Victorian Department of Education's curated catalogue. Vendors apply via FUSE for inclusion; once listed, schools running the standard DET network image inherit the allowlist.
Department site ↗New South Wales
NSW DoE Privacy Threshold Assessment + ICT Procurement
NSW Department of Education requires a Privacy Threshold Assessment (PTA). Submit via the Digital Strategy team. Approved vendors get added to the Eduroam-style filter exception list for state schools.
Department site ↗Queensland
QLD DoE Software Approval / OneSchool integration
Queensland Department of Education requires a Privacy Impact Assessment (PIA) under the Information Privacy Act 2009 (QLD). Submission via the Information Security team unlocks Education category in the QLD filter.
Department site ↗Western Australia
WA DoE Online Services Risk Assessment
WA Department of Education uses an Online Services Risk Assessment (OSRA) before allowlisting student-facing platforms. Apply via the Department's Cyber Security team.
Department site ↗South Australia
SA DfE Vendor Privacy Assessment
South Australian Department for Education runs a Vendor Privacy Assessment via the Information Strategy and Technology Services group.
Department site ↗Tasmania
TAS DECYP Approved Software List
Tasmanian Department for Education, Children and Young People maintains an Approved Software List. Vendors apply through the ICT Services Division.
Department site ↗ACT
ACT Education Directorate Software Review
ACT Education Directorate reviews vendors via its ICT Strategy team. Approved tools are added to the ACT government filter category for Education.
Department site ↗Northern Territory
NT DoE Vendor Onboarding
NT Department of Education accepts vendor onboarding via its Digital Services group; approved vendors are added to the territory-wide allowlist.
Department site ↗Edtech vendor catalogues & certifications
Independent edtech directories and certifications that are widely consulted by IT teams. Listing in any of these can convert a single school approval into many.
Common Sense Education — Privacy review
ApplyIndependent privacy evaluation widely cited by US districts and increasingly by AU/UK/NZ schools. A passing rating is one of the strongest single trust signals for IT teams.
Apply ↗Clever — App catalog (US)
ApplySingle sign-on + master allowlist used by ~70% of US K-12 districts. Once listed, you inherit district-wide allowlists by default.
Apply ↗ClassLink — App library (US)
ApplySister product to Clever; major in US, Canada and the UK. Listed apps are auto-allowlisted at every customer district.
Apply ↗EdSurge Product Index
ApplyIndustry-recognised edtech directory. Frequently checked by IT decision-makers when researching new tools.
Apply ↗GETchq / iKeepSafe (FERPA, COPPA)
ApplyiKeepSafe certification is a near-mandatory signal for US schools. The FERPA + COPPA + California Student Privacy badges are recognised globally.
Apply ↗AU eSafety Commissioner — Trusted eSafety Provider register
ApplyAU regulator's register of trusted online safety providers. Listing helps with state DET approval queues.
Apply ↗
Submit category review
We've submitted Edapt to the major filter vendors as "Education". If your filter still has us misclassified, re-submit here:
Copy-paste email for IT
If you're a student or parent who can't reach Edapt at school, forward this to your school IT department:
Subject: Allowlist + SSL deep-inspection bypass for edaptlearn.com Hi IT, I'm trying to use Edapt (https://edaptlearn.com), a free educational AI tutoring platform, but our network filter is blocking it with NET::ERR_CERT_AUTHORITY_INVALID — which is the SSL deep-inspection re-signing the connection. Could you please: 1. Add edaptlearn.com (and *.edaptlearn.com) to the SSL deep-inspection exemption / bypass list, and 2. Categorise edaptlearn.com as "Education" / "Educational Reference" in the web filter. Reasons it's safe to allow: - Site-wide TLS 1.3 + HSTS (max-age 2 years, preload-eligible) - No advertising, no third-party tracking - Privacy: https://edaptlearn.com/privacy - Security disclosures: https://edaptlearn.com/security - Subprocessor list + allowlist domains: https://edaptlearn.com/for-schools Thanks!
Verify us
Questions? schools@edaptlearn.com