Khan Academy · Khan Academy Privacy Policy

Data Security Practices

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Khan Academy uses security measures to protect your data, but like all online services, it cannot guarantee your data will never be breached.

Consumer impact (what this means for users)

Khan Academy takes security precautions for your personal data, but explicitly does not guarantee it against breaches — meaning your or your child's learning data, contact information, and AI conversation logs could potentially be exposed in a security incident.

Cross-platform context

See how other platforms handle Data Security Practices and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

On a platform used by millions of students and minors, any data breach could expose sensitive educational and personal data; the disclaimer that security cannot be guaranteed is a standard but significant liability limitation.

View original clause language
We use appropriate technical, administrative, and physical security measures to protect the personal information we collect and maintain. However, no security measure is perfect, and we cannot guarantee the security of your information.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: FTC Act Section 5 requires reasonable data security as an unfair practices baseline; COPPA requires reasonable security for children's data (16 C.F.R. §312.8); GDPR Article 32 requires appropriate technical and organizational security measures; CCPA/CPRA §1798.150 creates a private right of action for data breaches resulting from failure to implement reasonable security. State breach notification laws (e.g., Cal. Civ. Code §1798.82, NY SHIELD Act) impose notification obligations following a breach. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces reasonable data security requirements under FTC Act Section 5 and COPPA for platforms handling children's personal information.
    File a complaint →
  • State AG
    State attorneys general enforce state data breach notification laws and consumer protection statutes relevant to security failures.
    File a complaint →

Provision details

Document information
Document
Khan Academy Privacy Policy
Entity
Khan Academy
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002879
Document ID
CA-D-00160
Evidence Provenance
Source URL
https://www.khanacademy.org/about/privacy-policy
Wayback Machine
View archived versions →
SHA-256
67ea8f65d5844645bdb037fbe185b7686e95e08c03fd69c0908a9f7825918090
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Khan Academy | Document: Khan Academy Privacy Policy | Record: CA-P-002879
Captured: 2026-04-18 10:26:27 UTC | SHA-256: 67ea8f65d5844645…
URL: https://conductatlas.com/platform/khan-academy/khan-academy-privacy-policy/data-security-practices/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document