📄 Printable A4 handout — Cmd/Ctrl + P to print or save as PDF
edaptLEARN
Free AI tutoring platform for K-12 students
edaptlearn.com
Last reviewed: 1 May 2026
Education
Allowlist request — edaptlearn.com

Edapt is a free, ad-free educational platform that adapts study material to a student's VARK learning style (Visual, Auditory, Reading/Writing, Kinesthetic). This handout summarises everything an IT team needs to add Edapt to your web-filter allowlist and SSL deep-inspection bypass list.

Action required
  1. Allowlist edaptlearn.com and *.edaptlearn.com in the web filter (categorise as Education).
  2. Add to SSL deep-inspection exemption list (FortiGate menu: Security Profiles → SSL/SSH Inspection → Exempt from SSL Inspection). This resolves NET::ERR_CERT_AUTHORITY_INVALID on student devices.
Domains
HostPurpose
edaptlearn.comMain app + marketing site
*.edaptlearn.comSubdomains (auth, api, status)
api.stripe.com, js.stripe.com, checkout.stripe.comPayment processing (Stripe)
accounts.google.comGoogle Sign-In (OAuth)
api.groq.com, api.cerebras.aiLLM inference (zero-retention)
api.elevenlabs.ioText-to-speech for Listen mode
Security posture
Transport
TLS 1.3 site-wide · HSTS preload-eligible (max-age=2y, includeSubDomains) · HTTP/2 + HTTP/3
Data at rest
Encrypted PostgreSQL (AES-256) · Encrypted backups · Encrypted object storage
Auth
Bcrypt-hashed passwords · Signed short-lived JWTs · CSRF tokens · Stripe handles all card data
AI vendors
Groq + Cerebras under zero-retention / no-training enterprise terms
Privacy
No advertising · No third-party tracking · No model training on user content · APP-compliant (AU)
Disclosure
RFC 9116 security.txt · OAIC NDB-compliant · 48hr ack on responsible disclosure
Verify (publicly)
Privacy policyhttps://edaptlearn.com/privacy
Security disclosureshttps://edaptlearn.com/security
Subprocessor listhttps://edaptlearn.com/for-schools
security.txt (RFC 9116)https://edaptlearn.com/.well-known/security.txt
SSL Labs reporthttps://www.ssllabs.com/ssltest/analyze.html?d=edaptlearn.com
Mozilla Observatoryhttps://observatory.mozilla.org/analyze/edaptlearn.com
Why SSL deep-inspection breaks Edapt

Edapt uses Google OAuth and Stripe, neither of which accept man-in-the-middle re-signed certificates on personal (BYOD) devices. Adding Edapt to the same exemption list you already use for accounts.google.com, login.microsoftonline.com and bank domains resolves the NET::ERR_CERT_AUTHORITY_INVALID error students see.

Contact: schools@edaptlearn.com · Security disclosures: security@edaptlearn.com · Privacy: privacy@edaptlearn.com