Student Privacy

Code.org Takes Precautions to Protect Student Data

The nonprofit preemptively erased the email addresses of millions of students taking its online courses and changed its policies.

• By Sri Ravipati
• 07/25/16

In an effort to protect student information, Code.org has erased the email addresses of millions of students taking its online courses and will no longer request email addresses from students.

The Code Studio on Code.org has more than 10 million student accounts in its system. The platform was originally designed so that students under the age of 13 could use their email to login and never have their email addresses sent to Code.org servers. Now, the same approach is being expanded to include all students, even adults, and all student email addresses have been erased.

“The data we don’t store cannot be stolen from us,” said Hadi Partovi, founder and CEO of Code.org, in a blog post. “Knowing this, I can sleep much easier at night, and so can you.”

Patrovi explained that students will still login to Code.org using their email, but the information will be scrambled so that the original email and password are not saved. The site will use a new login approach that involves a one-way hash function to prevent hackers from stealing student information.

Code.org in turn loses the ability to email students based on their Code Studio accounts. The nonprofit said it will instead reach out to teachers whose emails will continue to be saved.

In addition to erasing student email addresses, Code.org announced new updates to its upcoming Terms of Service and Privacy Policy. The updated versions of these documents are open for review and public comments for one month and the changes will be effective on Aug. 22.

Further information about the new login approach and the updated policies are available the Code.org blog.