Khan Academy keeps your personal data for as long as it needs to, which is not defined with a specific timeframe, and you can request deletion by emailing their privacy team.
This analysis describes what Khan Academy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational framework for data retention duration and creates a mechanism for users to initiate deletion requests. The retention standard ties data lifecycle to stated business and legal purposes rather than a fixed time period.
Interpretive note: The policy does not define specific retention periods, making it unclear how long different categories of data are retained in practice; this creates uncertainty particularly for EU users where defined retention schedules are a GDPR requirement.
Khan Academy does not specify a maximum retention period for personal data, meaning learning activity records and account information may be kept indefinitely unless a deletion request is submitted; users can request deletion by emailing privacy@khanacademy.org.
How other platforms handle this
We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your personal information by submitting a request through our privacy request form or by contacting us at pri...
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, natur...
We store information until it is no longer necessary to provide our services and WhatsApp Products, or until your account is deleted or becomes inactive, whichever comes first. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and pro...
Monitoring
Khan Academy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal obligations, resolve disputes, and enforce our agreements. If you would like to request deletion of your personal information, you may contact us at privacy@khanacademy.org.— Excerpt from Khan Academy's Khan Academy Privacy Policy
REGULATORY LANDSCAPE: Data retention obligations engage GDPR's storage limitation principle (Article 5(1)(e)), which requires that personal data not be kept longer than necessary for its specified purpose, and CCPA's data minimization requirements. For student data, FERPA and state student privacy laws impose obligations on educational institutions to define retention schedules for education records. The absence of specific retention periods may create tension with GDPR's requirement for defined retention schedules. GOVERNANCE EXPOSURE: Medium. The policy's retention language (as long as necessary) is standard boilerplate but does not satisfy GDPR's requirement for defined retention periods communicated to data subjects. EU and UK data protection authorities have cited indefinite or open-ended retention language as a compliance gap. Institutional customers should ensure their data processing agreements specify retention periods for student data. JURISDICTION FLAGS: EU and UK users have stronger rights under GDPR to erasure and to defined retention periods. California residents have CCPA deletion rights. Students in institutional deployments have FERPA-based rights to request amendment or deletion of education records that are inaccurate or maintained in violation of FERPA. CONTRACT AND VENDOR IMPLICATIONS: Institutional data processing agreements with Khan Academy should specify maximum retention periods for student data and include provisions for data return or destruction upon contract termination. Audit rights over retention practices are advisable. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the open-ended retention language complies with GDPR's storage limitation principle for EU user data, and whether specific retention schedules need to be negotiated through data processing agreements for institutional deployments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational framework for data retention duration and creates a mechanism for users to initiate deletion requests. The retention standard ties data lifecycle to stated business and legal purposes rather than a fixed time period.
Khan Academy does not specify a maximum retention period for personal data, meaning learning activity records and account information may be kept indefinitely unless a deletion request is submitted; users can request deletion by emailing privacy@khanacademy.org.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Khan Academy.