Khan Academy keeps your personal data for as long as it needs to, which is not defined with a specific timeframe, and you can request deletion by emailing their privacy team.
This analysis describes what Khan Academy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The absence of specific retention periods means users cannot know how long their or their children's data is kept, and deletion requests are handled on a case-by-case basis rather than through an automated process.
Interpretive note: The policy does not define specific retention periods, making it unclear how long different categories of data are retained in practice; this creates uncertainty particularly for EU users where defined retention schedules are a GDPR requirement.
Khan Academy does not specify a maximum retention period for personal data, meaning learning activity records and account information may be kept indefinitely unless a deletion request is submitted; users can request deletion by emailing privacy@khanacademy.org.
How other platforms handle this
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Khan Academy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal obligations, resolve disputes, and enforce our agreements. If you would like to request deletion of your personal information, you may contact us at privacy@khanacademy.org.— Excerpt from Khan Academy's Khan Academy Privacy Policy
REGULATORY LANDSCAPE: Data retention obligations engage GDPR's storage limitation principle (Article 5(1)(e)), which requires that personal data not be kept longer than necessary for its specified purpose, and CCPA's data minimization requirements. For student data, FERPA and state student privacy laws impose obligations on educational institutions to define retention schedules for education records. The absence of specific retention periods may create tension with GDPR's requirement for defined retention schedules. GOVERNANCE EXPOSURE: Medium. The policy's retention language (as long as necessary) is standard boilerplate but does not satisfy GDPR's requirement for defined retention periods communicated to data subjects. EU and UK data protection authorities have cited indefinite or open-ended retention language as a compliance gap. Institutional customers should ensure their data processing agreements specify retention periods for student data. JURISDICTION FLAGS: EU and UK users have stronger rights under GDPR to erasure and to defined retention periods. California residents have CCPA deletion rights. Students in institutional deployments have FERPA-based rights to request amendment or deletion of education records that are inaccurate or maintained in violation of FERPA. CONTRACT AND VENDOR IMPLICATIONS: Institutional data processing agreements with Khan Academy should specify maximum retention periods for student data and include provisions for data return or destruction upon contract termination. Audit rights over retention practices are advisable. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the open-ended retention language complies with GDPR's storage limitation principle for EU user data, and whether specific retention schedules need to be negotiated through data processing agreements for institutional deployments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The absence of specific retention periods means users cannot know how long their or their children's data is kept, and deletion requests are handled on a case-by-case basis rather than through an automated process.
Khan Academy does not specify a maximum retention period for personal data, meaning learning activity records and account information may be kept indefinitely unless a deletion request is submitted; users can request deletion by emailing privacy@khanacademy.org.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Khan Academy.