SOC 2 Type 2: 2025 Reporting Cycle

Breakout Learning Inc. has completed a new SOC 2 Type 2 independent assessment for the 2025 reporting cycle, covering a defined annual observation period within 2025. This report follows prior SOC 2 Type 2 reports and confirms the continued operating effectiveness of our controls in accordance with the AICPA Trust Services Criteria.

The report provides current, independent assurance that Breakout Learning’s security controls remain consistently designed and operating effectively to protect customer data and support secure operations.

APPs and POPIA: International Data Protection Compliance

Breakout Learning Inc. aligns its data protection practices with key international privacy laws governing the collection, use, and transfer of personal information. Our compliance posture includes adherence to:

• Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
• Protection of Personal Information Act, 2013 (POPIA) of South Africa

This alignment ensures that personal information originating from Australia and South Africa is handled in accordance with recognized legal and regulatory requirements, including lawful processing, data minimization, security safeguards, and individual rights protections.

Data Privacy Framework (DPF): EU, UK, and Swiss Data Transfer Compliance

Breakout Learning Inc. has self-certified its compliance with the Data Privacy Framework (DPF) programs administered by the U.S. Department of Commerce. Our active listing confirms participation in:

• EU–U.S. Data Privacy Framework (EU–U.S. DPF)
• UK Extension to the EU–U.S. DPF
• Swiss–U.S. Data Privacy Framework (Swiss–U.S. DPF)

This ensures that transfers of personal data from the EU, UK, and Switzerland to Breakout Learning in the United States are safeguarded under recognized adequacy mechanisms.

You can verify our status on the official Data Privacy Framework List.