Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Khan Academy's data collection, use, and sharing practices for students, parents, teachers, and general users of its learning platform. The policy authorizes collection of detailed learning data including exercise attempts, video engagement, and skill mastery assessments, with access granted to teachers and school administrators designated by the account holder. For users under 13, the policy prohibits behavioral advertising and restricts data sales, and requires parental or school consent prior to account creation.
This document is Khan Academy's Privacy Policy, governing the collection, use, storage, and disclosure of personal information from users of its free educational platform, with stated compliance obligations under COPPA, FERPA, GDPR, and CCPA as its primary legal frameworks. The policy states that Khan Academy collects account registration data, learning activity data, device and usage information, and communications, and the terms authorize sharing of this data with third-party service providers, district or school administrators (where applicable), and in limited cases with research partners under confidentiality agreements. Notably, the policy asserts stronger-than-baseline protections for child users under 13, prohibiting behavioral advertising to minors and restricting data sale, which is operationally distinct from many consumer platforms; however, the breadth of data collected from logged learning interactions (exercise attempts, video progress, mastery levels) creates a detailed behavioral profile that may have implications beyond what the document characterizes as routine operational data. The policy engages COPPA (enforced by the FTC) for users under 13, FERPA for student records held on behalf of educational institutions, GDPR and UK GDPR for EU and UK users respectively, and CCPA for California residents; compliance obligations vary significantly by user category and institutional context, and school or district deployments create additional obligations around data processing agreements and parental consent delegation.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Khan Academy has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Children Under 13 — COPPA Parental Consent and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.