Khan Academy shares user data with outside companies that help run the platform, including hosting, analytics, and payment processors, but says these companies are contractually required to keep data confidential and only use it for specified purposes.
This analysis describes what Khan Academy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The use of third-party analytics and service providers means user data travels beyond Khan Academy's own systems, and the strength of protection depends on the contractual terms and technical controls in place with each subprocessor.
Your learning data and personal information may be processed by third-party vendors including analytics companies; while Khan Academy states these vendors are contractually restricted, users cannot directly audit those contracts or the technical data flows involved.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Google có thể cần cung cấp thông tin cá nhân của bạn, chẳng hạn như tên và địa chỉ email của bạn, cho Nhà cung cấp để xử lý giao dịch của bạn hoặc cung cấp Nội dung cho bạn. Các Nhà cung cấp đồng ý sử dụng thông tin này theo chính sách bảo mật của họ.
Monitoring
Khan Academy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your information with third-party companies, organizations, or individuals outside of Khan Academy when we have your consent to do so, or with our service providers who process data on our behalf, such as hosting providers, analytics companies, and payment processors. These service providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.— Excerpt from Khan Academy's Khan Academy Privacy Policy
REGULATORY LANDSCAPE: Third-party data sharing engages GDPR Article 28 (processor agreements), CCPA service provider restrictions, COPPA limitations on third-party disclosure of children's data, and FERPA restrictions on redisclosure of education records. The FTC, state attorneys general, and EU data protection authorities are relevant enforcement bodies depending on the user population and geography involved. GOVERNANCE EXPOSURE: Medium. The reference to analytics companies as subprocessors warrants scrutiny given the presence of Google Tag Manager in the page source. Compliance teams should confirm that analytics tools used on pages accessed by child users are configured to prevent advertising profiling and that data processed by analytics subprocessors is governed by appropriate data processing agreements. JURISDICTION FLAGS: EU and UK users are protected by GDPR processor obligations requiring written agreements, processing instructions, and data transfer safeguards. California residents have CCPA rights to know which categories of service providers receive their data. For student data specifically, FERPA restricts sharing with service providers to legitimate educational purposes only. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers should request Khan Academy's current subprocessor list and assess whether each subprocessor's data practices are consistent with the institution's own privacy obligations. The contractual standard of care for subprocessors should be verified through the data processing agreement. COMPLIANCE CONSIDERATIONS: Legal teams should request disclosure of the specific categories of service providers and the data types shared with each, particularly for analytics providers. Consent mechanisms should be reviewed to ensure they cover third-party processing disclosures required under applicable law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The use of third-party analytics and service providers means user data travels beyond Khan Academy's own systems, and the strength of protection depends on the contractual terms and technical controls in place with each subprocessor.
Your learning data and personal information may be processed by third-party vendors including analytics companies; while Khan Academy states these vendors are contractually restricted, users cannot directly audit those contracts or the technical data flows involved.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Khan Academy.