Date of Last Revision: June 9, 2017
Code.org® is a nonprofit dedicated to expanding participation in computer science by making it available in more schools, and increasing participation by women and underrepresented students of color.
We are committed to creating a safe and secure environment for learners of all ages on our websites located at https://code.org, https://studio.code.org, https://csedweek.org, https://hourofcode.com, other websites, application programming interface (our “API”), and online services (collectively, our “Website”). Visitors and users of the Website and participants in our education programs are referred to individually as “User” and collectively as “Users”. As a not-for-profit, 501(c)(3) organization, we use the data we receive only insofar as it helps our mission of providing a great computer science education for every student who wants it. We established ourselves as a not-for-profit organization so that a for-profit motive will not interfere with our mission of providing a trusted educational resource.
The sections below describe the ways Code.org collects and uses the name, display name, email address, school name and address, telephone number, or other personally identifiable information from Users (“Personal Information”), persistent cookies or IP addresses (“Persistent Identifiers”), as well as some of the non-personal information and technical information (described below) we collect.
The Hour of Code: Code.org does not collect any Personal Information from students participating in the Hour of Code. The Hour of Code tutorials do not require login to use.
Code.org accounts: The following table describes the data that Code.org collects from registered Users of Code.org courses. You can also try Code.org courses without creating an account, but your learning progress won't be saved.
|Data stored by Code.org if you create a Code.org student account||Required?||How this data is used|
|Display Name (eg “Cool Coder” or “John”)||Mandatory||To provide students a welcome upon login and to identify the student in the teacher’s view of student progress. We recommend using first names only to increase privacy.|
|Age (Not birthdate)||Mandatory||To understand the developmental stage of students to offer an age-appropriate experience for each student. We use this field to ensure we don’t allow students under age 13 to access age-inappropriate features (such as sharing their coding projects on social media). We collect ages (e.g. 16), as opposed to birth dates (e.g. Feb 13, 1998).|
|1-way hash of email address (NOT the actual email addresses, which are collected in the web browser but never transmitted to Code.org and thus never stored by us)||Optional if account created by teacher or parent; Mandatory if student signs up directly||If a student creates an account directly, an email address is required. If the account is created by a teacher or parent, it is optional.
Even if provided, student email addresses are NOT stored by Code.org in a retrievable format. To protect student privacy, we only store a 1-way hash of the email address. We do not have any way of sending email to these students or retrieving their actual email address. It is used only for purposes of login. See section on Student Email Addresses below for more details.
|Login time, IP address, and other technical data||Mandatory (automatic)||This data helps Code.org troubleshoot any problems users experience. It also helps Code.org understand usage patterns, to guide the build out of servers to support all users, and to enable updating the site while minimizing service disruption. See section below on “technical information” for additional details.|
|Gender||Optional||This information is only used in aggregate, to measure the percentage of students that are male or female or to measure how males or females react to different computer science challenges, to track our progress towards reducing the gender gap in computer science.|
|Race||Optional||Students ages 13 and over have an option to indicate their race. For students under age 13 we do not ask individual race, but we ask the teacher to optionally estimate the racial distribution of the entire classroom.
This information is only used in aggregate, to measure the percentage of students from underrepresented minorities and their aggregate reaction to computer science challenges, in order to track our progress toward improving diversity in computer science.
|Progress in the course
1- Date/Time each stage is tried
2- Number of tries to solve a puzzle, and whether it was solved successfully or optimally
3- Information on how the student solved the puzzle including time to completion and whether they used hints
4- The code that the student submitted
5- Student-provided answers to simple assessments (e.g. multiple-choice questions)
|Mandatory (automatic)||This information is displayed to students and their teachers to see their progress in a course, to see the code they’ve created, and to identify topics they need help with. It also lets students pick up where they left off if they log out and login later. See example progress report, and see section below on “technical information” for additional details.
This data also helps Code.org improve the course effectiveness. For example, if a puzzle is too hard, Code.org may take action (like providing better hints) to improve the learning process.
|Student Projects - apps, animations, stories, or code-art||Automatic (for students who create such projects)
Creating apps and projects is part of our course progressions.
|The code and underlying assets for these apps are stored by Code.org, so that students can retrieve their projects each time they log in.
When a student works in the context of a classroom, their teacher also has access to view the projects created by any student in the classroom.
Student projects and code creations each have a custom URL that students can use to share with friends or their teacher, or post to the Code.org public gallery. On the public gallery, projects are displayed with only the first letter of the student’s display name to protect student privacy as well as their age. We do not allow students under the age of 13 to share App Lab, Game Lab, and Web Lab projects to the Code.org public gallery as these projects allow for student-uploaded content.
Students may “remix” (and change or improve upon) projects made by themselves or by other students.
Students over age 13 can also, at their discretion, post their projects to social media.
In our elementary school courses, students create stories, games or art using tools, such as Play Lab, which are limited to using artwork and sounds provided by Code.org. Students can write dialogues for these projects. Text provided by students in these tools will be automatically analyzed to prevent sharing any personal email addresses, phone numbers, or street addresses.
Our middle school and high school courses teach students to make more mature apps and games. These tools allow the students to upload custom photos, sounds and/or videos. (see below)
|Student-uploaded images, sounds, or videos (for App Lab, Game Lab, and Web Lab Projects)||Automatic (if content is uploaded). Creating apps with these tools is part of our courses for grades 6+.
Uploading custom files is optional.
These files are not used by Code.org for any purpose other than within these projects. These projects may be shared as described above, subject to those restrictions imposed on students under 13.
|Data collected by student-created apps||Optional||Students may use Code.org to create their own apps. Depending on the app author’s design, a student-created app may in turn collect data by prompting other Users (anybody who tries using the student-created app) to enter information, such as a favorite movie.
If a student creates an app that collects and stores data in this fashion, all data entered by users of the app may be accessed and possibly shared publicly by the app author, the app itself, and potentially anybody with a link to view the app. Code.org does not itself use or share this data outside of the app.
Before using a student-created app that collects data, Users are shown a clear warning that any data they enter may be shared publicly and that they should not share anything personal to them or to others.
|Written comments in response to curricular/educational prompts within Code.org courses||Optional||Within some of our courses, students in a classroom are prompted to answer a question. Their answers are shared with any teacher with whom the student is affiliated on Code.org, and are not used by Code.org for any other purpose.
In some cases, these questions may be attitudinal (to assist the teacher in understanding their classroom’s reaction to learning computer science, and to help Code.org improve our curriculum). Students are informed that answers to these attitudinal questions are shared with the teacher anonymously.
|Additional* data stored by Code.org if you create a Code.org teacher account||Required?||How this data is used|
|Email address||Required||To send emails to the teacher with updates about their classroom or student progress, when new course-work is available, updates on curriculum, tools, professional learning options, etc.
All emails sent by Code.org will contain an unsubscribe link, and will not require typing a password to unsubscribe.
|District and School name and/or school type (Private, Public, Charter)||Optional||At your option and under your control, we would list your school in the Code.org map and database of schools that teach computer science courses.
Code.org may also use this information to reach out to your school or district to discuss broader education partnerships or participation in special events.
|School address||Optional||At your option and under your control, we would list your school (and relevant contact information, if you provide it) in the Code.org map and database of schools that teach computer science courses.|
|Student section data||Required||You may create accounts for your students (and provide each student’s display name and optionally their age and gender), and organize these students into sections or groups. You may assign each section a display name, and a course assignment. The section grouping data is used to simplify your view of students across multiple sections.
Teachers are encouraged to share a document with students and parents informing them about the Code.org course, including the privacy implications.
|Survey and demographic data||Optional||For the purposes of evaluating our own work and improving our education results, Code.org regularly sends surveys to teachers.
These surveys are completely optional. The data provided by teachers in these surveys is saved and used for analysis by Code.org or by our Evaluator or our professional learning partners or facilitators. Any survey data shared with external parties will be anonymous and aggregated.
|Attendance at professional learning workshops||Participation in professional learning programs is optional.
For teachers who participate, this attendance data will be stored.
|Attendance of teachers who attend our professional learning workshops is stored and associated with the teacher’s account on Code.org.
This data may be shared (along with the teacher’s identity) with any other parties involved in the teacher’s professional learning, such as the in-person facilitator who led the workshop, or the professional learning organization hosting the workshop, or the school district of the teacher. In some cases, the school district may use the workshop attendance data to compensate teachers for participating in the Code.org professional learning program.
|Progress, answers, documents, projects and peer reviews for online professional learning.||Participation in professional learning programs is optional.
For teachers who participate, this data will be stored.
|Progress and answers in online professional-learning courses for teachers is stored in their teacher account in order to allow teachers to pick up where they left off.
This includes the lesson plans, documents and other projects teachers create as part of finishing the online learning courses. After submitting a document or project, teachers receive peer feedback from each other which is also stored so that they can read it.
Teachers also take a self assessment survey to create a custom learning plan. The results of this survey are stored with the teacher’s account along with their custom plan.
|Forums||Optional||For teachers who choose to participate in the forums, posts are shared publicly|
* A teacher account on Code.org has all the functionality of a student account, and as a result the data collected and stored for a teacher account is a superset of the data stored for a student account.
Students and teachers may update, correct, or delete Personal Information in their Code.org accounts at any time via the account settings page (or the manage students page for teachers).
Educators can create accounts on behalf of students. When registering an account for a student who is under the age of 13 (a “Child”), the Educator represents and warrants that they or the educational organization they work for has proper permission to register the Child for Code.org, and that they or the educational organization has obtained the necessary parental consent for collection of some of the Child’s Personal Information for the use and benefit of the school and for no other commercial purpose. In addition, they agree to be bound by these Terms on behalf of the educational organization they work for.
Under a student's control, they can dissociate or associate themselves with as many teachers as they want, (and those teachers get access to the student's course progress and display name but not their email address). Teachers who create User accounts on behalf of students can reset their “secret word” or “secret picture” (for young children who can’t read) for as long as the student leaves the teacher in control of the account.
When you use certain other features of our Website, such as signing forms or petitions to help advocate for Code.org, participating in a workshop, bringing Code.org programs to your school or district, donating to Code.org, purchasing t-shirts or other items, or participating in online surveys, Code.org may ask you to provide Personal Information including your full name, email address, and postal code, or school street address, as well as your billing and/or shipping information when necessary to complete a purchase or make a donation. The information is used to enable your participation in the relevant feature and to send you occasional emails with information about Code.org that we feel may interest you. All emails we send include an “unsubscribe” link. The one exception to this paragraph is that when a User under the age of 13 signs our online petition supporting Code.org’s mission, any email address they provide is never transmitted to our server and thus never stored or used.
If you enter your name to print a certificate of completion upon finishing our courses we save the name you enter in order to let you share your certificate digitally.
We may also survey Users to provide us with optional demographic information (such as gender, age, ethnicity), which we use in aggregate to better understand our User base.
Computer science educators may provide a school or classroom street address along with a description of course offerings, in order to allow students or parents to find local schools, summer-camps, or workshops that teach computer science in their neighborhood.
Lastly, for teachers, educators, and partners who participate in our computer science training programs, we may ask for information that is required for compensating or acknowledging you for your work (such as a mailing address to send a check, the name of the school/district that employs you, or a tax form containing your social security number for IRS reporting purposes).
We may collect and store information about your location to provide you with educational experiences or email updates that are tailored for your region. The location information we have access to may include (1) your ZIP or postal code, if you provide one to us (2) the approximate geographic region your computer or mobile device is located in, as determined from your IP address. You may be able to change the settings on your computer or mobile device to prevent it from providing us with such IP information. (3) your school or classroom location, if you (as a teacher) provide it to us, in order to allow us (with your permission) to display the classroom location on a map or in search results for parents looking for schools that teach computer science. Code.org does not request or collect your exact GPS location, and your billing and shipping addresses are not used for these purposes.
To provide a personalized learning and high-quality experience for our Users, we may use various technologies that automatically record certain technical information from your browser or device, including browser language settings, standard log files, web beacons, or pixel tags. This technical information may include your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring or exit pages, click stream data, operating system, and the dates and times that you visit the Website and assists us in understanding how our Users are using our Website.
To track information about use of our Sites, we use various technological tools. For example: Like most websites, whether or not you are a registered member, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your computer. Cookies remember information about your activities on a website and enable us to provide you with a more personalized learning experience. Code.org may use both session cookies and persistent cookies. A session cookie disappears automatically after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Website. You can, however, remove a persistent cookie at any time. Please review your web browser “Help” file, Tools menu or similar section to learn the proper way to modify your cookie settings, or visit www.allaboutcookies.org. Please note that without cookies you will not have access to certain services and features on the Website.
A pixel tag (also known as a “clear GIF” or “web beacon”) is a tiny image – typically just one-pixel – that can be placed on a Web page or in an email to you, to tell us when you have displayed that page or opened that email.
Code.org may use a variety of third-party service providers, such as email services to send email, analytics companies to understand our Website usage, and social networking platforms to host our videos. We may allow third-party service providers to place and read their own cookies, web beacons, and similar technologies to collect information through the Website. This technical information is collected directly and automatically by these third parties.
We use third party services to implement our Website and all of its associated services and features, including Amazon Web Services, Pardot and MailChimp (for sending email), and Twilio (for sending student code-creations to phones). Personal Information or Persistent Identifiers will be used and stored by these third parties solely in context as an implementation services provider to Code.org, but these third parties will not receive any ownership or have any other rights to access or use this Personal Information or Persistent Identifiers. In particular, when we use Twilio to send text messages to deliver student code-creations to phones, Code.org does NOT store the phone number, and further instructs Twilio to delete the phone number after delivering the text message, but it is possible that underlying phone service providers may retain this information.
Code.org does not allow advertising on our Website, and we do not have the ability to collect your web search history across third party Internet websites or search engines. (If you navigate to the Code.org Website via a web search, your web browser may automatically provide to us the web search term you used in order to find Code.org). Because Code.org doesn’t display advertising or track browsing on third party sites, we do not do anything different in response to “do not track” signals transmitted by web browsers. Certain third-party entities that we use to provide website functionality or social sharing - such as embedded YouTube videos or Facebook or Twitter sharing buttons - may collect Non-Personal Information for the purposes of online behavioral advertising, but our website is designed to continue functioning in schools that disable access to YouTube, Facebook, or Twitter. We encourage you to visit the following links if you would like to opt out of online behavioral advertising: http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. If you do want to opt out using these tools, you may need to opt out separately for each of your devices and for each Web browser on each device.
Student and teacher profiles can NOT be customized with a photo.
Code.org has created a tool called the “Internet Simulator” for use in High School classrooms to model how the Internet functions. With this tool, students participating in a teacher-supervised classroom activity can send text-based messages to their teacher and to other students in their specific classroom section. Message contents are visible to the classroom teacher and are not accessed or used by Code.org for any purpose other than in this educational tool. All messages are deleted after two hours of class inactivity, or upon a manual reset by the teacher.
In some courses, students are asked to provide written responses or reflections to prompts within Code.org courses. These written responses are accessible by any teacher that the student is currently affiliated with on Code.org.
In addition, Users may send messages to Code.org for customer support requests.
Other than the above, the Website supports no other form of messaging among Users.
Code.org does not directly collect or store payment instruments. Donations to Code.org or purchases from the Code.org store are processed via third parties, and although Code.org receives a receipt for donations (for tax purposes), we never receive the payment instrument (such as credit card or wallet information).
When students create Code.org accounts, Code.org does not store the email address provided by those Users in a retrievable format. Instead, we immediately create and store only a one-way hashed version of the email address (which cannot be converted back into the original address), and use it only for the purposes of login, account management, and password recovery. In fact, when creating a student account or during login, the actual account email address is never even transmitted to Code.org's servers. The only circumstance when Code.org's servers receive a student's Code.org email address is if the student forgets their password and asks to reset it. At that point, the student is prompted to enter their email, which is used to send them a password reset link.
If a student contacts us via our customer support pages, we will store and use their email address in order to respond to them. If a student over the age of 13 signs our online petitions, or a student creates a teacher account on Code.org or offers to help us as a software industry volunteer, we will store and use their email address just as we do for other advocates of our nonprofit mission.
For a small minority of our students, and only if they are over the age of 18, we may offer the opportunity to participate in a "longitudinal" study to understand the multi-year impact of learning computer science. Participation in such a study would be entirely optional. Students who receive an offer and choose to participate will be asked to provide their contact information (email address and optionally other forms of contact that may be more convenient for the student). This contact information will not be shared with third parties, nor used in any way outside the purpose of such a study – to ask students to participate in surveys. If we learn that we have inadvertently collected this information from a child under 18, we will delete such information immediately.
Code.org courses are designed to be used by Users of all ages, including children under the age of 13 with the involvement of and pre-authorization by their school, teacher, parent or legal guardian. In order to use features that involve uploading custom media files or sending messages within the school, we obtain prior consent from the student’s teacher, other authorized school representative, or, in some cases, the parent or legal guardian.
When children under the age of 13 attempt to sign our online petition supporting Code.org’s mission, the email addresses are discarded and are not transmitted to or stored on our server.
If Code.org learns that it has inadvertently collected Personal Information or Persistent Identifiers from children under the age of 13 without prior parental or teacher consent, Code.org will take appropriate steps to delete this information. If you are a teacher, parent or legal guardian of a student on Code.org, you can ask us to deactivate the student’s account, delete any hashed email address or inadvertently collected Personal Information or Persistent Identifiers, and request that we no longer allow the student to submit their information to Code.org. To make such a request, please contact us at https://code.org/contact. Before processing your request, we may verify your identity and your relationship with the student.
As is common in education research, to measure how well our programs perform and how well students are learning from them, Code.org engages an experienced independent third party, Outlier Research & Evaluation (“Evaluator”) to do a thorough evaluation of our work in select partner school districts. Outlier is part of the University of Chicago’s Center for Elementary Mathematics and Science Education. For information about Outlier’s experience and track record evaluating education initiatives and student data, visit http://cemse.uchicago.edu/research-and-evaluation/.
To participate in the evaluation, these school districts are asked provide student academic or demographic data from education records directly to the Evaluator, and they are only authorized to provide data that has been completely anonymized (removing student Personal Information such as name and address). The data enables the Evaluator to perform an independent study about our work, in compliance with all applicable Federal and local laws respecting student privacy. Neither Code.org nor the Evaluator will know the personal identity of individual students. When it comes to student assessments and academic results, Code.org will only allow districts to provide the Evaluator anonymized data, which will then be aggregated by the Evaluator across thousands of students from hundreds of schools to publish an independent study. Besides the anonymity of this student academic data, our historic contracts with school districts (in 2014-16) also specify very strict limits on who may access this data. You may read the template we used for contractual language governing student-data in our district agreements at https://code.org/educate/template-district-agreement. This language is historical in nature – as of 2017, Code.org is no longer signing direct partnership agreements with school districts.
We do not rent or sell Personal Information, Persistent Identifiers, or any other information that we collect from Users, or exploit it for financial gain in any other way. Code.org will never share or grant rights to Personal Information with other third-party organizations to use without your consent, except as part of a specific program or feature for which you will have the explicit ability and choice to opt-in.
In particular, we do not share any Personal Information you provide with our donors or sponsors (other than the "Public Reporting" of anonymized reports as described below).
If your use of the Code.org Website is in the context of a partnership with your school or school district, we may allow the school or school district to access the same student progress report that is also shared with your teacher(s).
Part of our educational program is to offer professional development workshops to prepare teachers to offer computer science courses. If you are a teacher participating in one of these workshops, your name and contact information will be shared with the facilitator and/or professional learning organization hosting the workshop, and they may have access to your continued progress in our online professional learning courses in order to coach or facilitate your learning. If Code.org is paying for your travel to our professional learning workshops for teachers, we will - with your explicit permission - share your name and contact information with our travel partner to facilitate booking your travel.
In the context of partnerships between Code.org and school districts, we may also share this workshop attendance and professional learning data with the school district that employs the teacher, in order to allow school districts to compensate teachers in situations where school districts have such an arrangement with their teachers.
Some of our Users choose to post their code-creations with social networks. This functionality is entirely optional. When you post content to social networks, the actual content posted is entirely at your control, and never posted automatically on your behalf. Typically this content includes only the code (app or animation or game or other) that you wrote, posted alongside any other remarks you may choose to add to it.
When you contact us with a support request, you may provide Personal Information, which is shared with a Code.org support representative in order to process your request. Code.org support representatives are either employees or independent contractors of Code.org, and will always have signed a contract requiring them to protect and not disclose confidential information including Personal Information of Users, and to use it only in the context of resolving your product support requests.
Code.org promotes a weekly Student of the Week and a monthly Teacher of the Month, along with prizes. These profiles and similar testimonials are always published with the permission of the participating student or teacher and, if applicable, their parent or legal guardian, or teacher, and may include Personal Information such as the name, likeness and photo or video of the person being profiled.
We may publish anonymized information about student performance on our tutorials and Websites, however, we will never publicly disclose your Personal Information in these reports. Data about student performance will remain anonymized, but aggregated, anonymized data over large populations of students may be reported by demographic criteria such as age, general location, gender, ethnicity, and socioeconomic status.
In certain occasions, Code.org may work with third parties (such as universities and education research organizations) to improve our services or offerings. We may disclose automatically collected and other aggregate non-personal information to authorized partners to conduct research on online education or assist in understanding the usage, viewing, and demographic patterns for certain programs, content, services, promotions, and/or functionality on the Website. We require any research partner that receives anonymous or de-identified data from us to agree in advance that they will not attempt to use this data to identify our Users.
Code.org may also disclose User data including Personal Information or Persistent Identifiers if required to do so by law, or if we have a good-faith belief that such action is necessary to comply with local, state, federal, international, or other applicable laws or respond to a court order, judicial or other government order, subpoena, or warrant, or administrative request. In some cases, we may make such disclosures without first providing notice to Users, teachers, schools, parents or legal guardians.
Code.org may disclose User data including Personal Information or Persistent Identifiers that we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect Code.org from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Website; or to protect the rights, property, or personal safety of Code.org, our Users, or others.
To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your Personal Information.
Although you may provide it to us, we intentionally choose NOT to store email addresses for Code.org student accounts, or phone numbers used in our send-to-phone feature. The data we do not store cannot be stolen from us.
We will delete student display names, coding projects, apps, uploaded images and other assets associated with student accounts that have remained unused and inactive for a period of time, in accordance with our data retention policy.
Code.org uses certain physical, managerial, and technical safeguards designed to preserve the integrity and security of your Personal Information and other information we maintain in connection with the Website. We cannot, however, ensure or warrant the security of any or all of the Personal Information and other information you transmit to Code.org, and you do so at your own risk. Once we receive your transmission of information, Code.org makes commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such Personal Information and other information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
If we learn of a data security incident that compromises or appears to compromise your Personal Information, then we will attempt to notify you electronically so that you can take appropriate protective steps.
Our Website is operated and managed on servers located within the United States. If you choose to use our Website from the European Union or other regions of the world with laws governing data collection and use that differ from U.S. law, then you acknowledge and agree that you are transferring information, including your Personal Information, outside of those regions to the United States and that, by providing your Personal Information on the Website, you consent to that transfer.
We do not disclose any Personal Information to third parties for marketing purposes. For additional information about our privacy practices, or to review and request to have deleted any Personal information you have shared with us, please send a request to https://code.org/contact.