Our privacy policy has been updated for EU users.
Full privacy evaluation | See all
Thumbnail
Updated August 16, 2018

Code.org

  • Intended for children under 13.
  • Collection or use of data is limited to product requirements.
  • Personal information is not displayed publicly.
  • Users can interact with trusted users and/or students.
  • Notice is provided in the event of a data breach.
  • Parental consent is required.
Indicates that the product meets all our required privacy safeguards, but more research should be completed prior to use.
Use Responsibly
Full evaluation
73
Overall Scoreinfo-bubble

This overall score represents how the service addressed all our evaluation questions. A higher score (up to 100) means the service provides more transparent and comprehensive policies.

Overview

Code.org is an online application dedicated to expanding access to computer science learning, and increasing participation by women and underrepresented students of color. Code.org's terms state they allow representatives of school districts and schools, such as teachers, administrators, counselors, and other volunteer mentors to set up classrooms with their students through the Services in order to provide tutorial, educational and similar services. Code.org's terms state they collect personally identifiable information and automatically collected usage information from a user when they create a Code Studio Student or Teacher account. In addition, Code.org's terms state they take the protection of a user’s information very seriously and its officers, directors, employees, agents and contractors must have a legitimate business reason to access a user’s Personal Information and to treat any Personal Information of Code.org users as confidential information. Lastly, Code.org's terms specify they take steps to minimize the collection of personal data from users under the age of 13, and encourage children to get the approval of a parent or legal guardian before creating an account on Code.org.

Code.org can be accessed through its website. The Privacy Policy and Terms of Use accessed for this evaluation can be found on Code.org’s website. This evaluation only considers policies that have been made publicly available prior to an individual using the application or service.

Read the Common Sense standard privacy report (SPR)arrow
The standard privacy report (SPR) displays the most important privacy practices from a product’s polices in a single easy-to-read outline. The report displays an alert when a particular privacy practice is risky, unclear, or not evaluated. This alert indicates more time should be focused on these particular details prior to use.
SafetyPromoting responsible use
arrow
Evaluating safety takes into consideration best practices that protect a user's physical and emotional health. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to safety.
80

The terms of Code.org state they are deeply committed to creating a safe and secure learning environment for its students and teachers. Code.org's terms specify they allow representatives of school districts and schools, such as teachers, administrators, counselors, and other volunteer mentors to set up classrooms with their students through the Services in order to provide tutorial, educational and similar services. However, Code.org’s platform does not connect students directly to volunteers or mentors, but instead provides Educators information about potential volunteers.

In addition, Code.org's terms state they have created a tool called the “Internet Simulator” for use in High School classrooms to model how the Internet functions. With this tool, students participating in a teacher-supervised classroom activity can send text-based messages to their teacher and to other students in their specific classroom section. The terms state message contents are visible to the classroom teacher and are not accessed or used by Code.org for any purpose other than an educational tool. All messages are deleted after two hours of class inactivity, or upon a manual reset by the teacher.

PrivacyProtecting collected information
arrow
Evaluating privacy takes into consideration best practices that protect the disclosure of a user's personal information. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to privacy.
74

Code.org's terms state they collect personally identifiable information and automatically collected usage information from a user when they create a Code Studio Student or Teacher account. However, Code.org's terms state they do not require a user to provide any personal information in order to try the tutorials, many of which are accessible without creating a user account. The terms of Code.org state they will never share a user’s personal information with other third parties without the user’s explicit opt-in consent. In addition, Code.org's terms state they do not rent or sell personal information, persistent identifiers, or any other information that they may collect from users, or exploit it for financial gain. Moreover, Code.org's terms specify they do not display any advertising and do not use student data for any targeted or behavioral advertising, profiling, onward disclosure, or collect a user’s web search history across third-party Internet websites or search engines.

Lastly, the terms of Code.org state that school district partners may provide anonymous or de-identified student academic data to an independent third party evaluator to measure how well their programs perform and how well students are learning from them in select partner school districts. Aggregated and anonymized data about student performance over large populations of students may be reported by demographic criteria such as age, general location, gender, ethnicity, and socioeconomic status, but Code.org’s contracts with school districts specify very strict limitations on who may access this data.

SecurityProtecting against unauthorized access
arrow
Evaluating security takes into consideration best practices that protect the integrity and confidentiality of a user's data. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to security.
81

Code.org's terms state they take the protection of a user’s information very seriously and its officers, directors, employees, agents and contractors must have a legitimate business reason to access a user’s Personal Information and are required to treat any Personal Information of Code.org users as confidential information. In addition, Code.org's terms state they use certain physical, managerial, and technical safeguards designed to preserve the integrity and security of a user’s Personal Information. However, the terms do not discuss whether personal information is encrypted while in transit or while in storage. To protect a user’s privacy and security, Code.org's terms state they take reasonable steps to verify an individual’s identity before granting them account access or making corrections to their Personal Information. Teachers who create user accounts on behalf of students can reset the “secret word” or “secret picture” for young children who can’t read, as long as the student leaves the teacher in control of the account.

In addition, although a user may provide personal information to Code.org to use the Service, Code.org's terms state they believe that data they do not store cannot be stolen from them. Code.org's terms state they intentionally choose not to store email addresses for Code Studio student accounts, or phone numbers used in the send-to- phone feature. Lastly, if Code.org learns of a data security incident that compromises or appears to compromise a user’s Personal Information, they will attempt to notify affected users electronically so that they can take appropriate protective steps.

ComplianceFollowing statutory laws and regulations
arrow
Evaluating compliance takes into consideration best practices of companies that collect personal information from children or students and the legal obligations for the privacy and security of that information. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to compliance.
74

Code.org's terms state they take steps to minimize the collection of personal data from users under the age of 13, and encourage children to get the approval of a parent or legal guardian before creating an account on Code.org. If a user is under the age of 13, the terms state they will be able to use the App Lab, Game Lab, and Web Lab tools in the classroom with their teacher’s approval.

The terms state users under 13 can try most tutorials without creating an account, but their learning progress won’t be saved. If Code.org learns that it has inadvertently collected Personal Information or Persistent Identifiers from children under the age of 13 without prior parental or teacher consent, Code.org will take appropriate steps to delete this information. The terms also state when students create accounts on Code Studio, Code.org does not store the email address provided by those Users in a retrievable format. Code.org's terms state they immediately create and store a one-way hashed version of the email address, which cannot be converted back into the original address, and use it only for the purposes of login, account management, and password recovery.

In addition, the terms state Code Studio's learning platform is designed to be used by Users of all ages, including children under the age of 13 with the involvement of and authorization by their school, teacher, parent or legal guardian. A student’s educator or associated educational organization is required have proper permission to register a student for Code.org, and they must have obtained the necessary parental consent for Code.org’s collection of the student’s personal information for the use and benefit of the school and for no other commercial purpose.

About Privacy Evaluations

The privacy evaluations have been designed with the help and support of a consortium of schools and districts across the United States. These evaluations are designed to streamline making an informed decision about the potential privacy implications of educational technology used to support teaching and learning.

Our core evaluation criteria are freely available and will remain freely available. People are encouraged to read the questions we use and the information security primer we released. Vendors are encouraged to use our questions and the information security primer to self-evaluate. You can also learn more about our evaluation process.

Please be in touch with any questions or feedback.