Privacy & Cookies

When you use our services, we collect information about you and your use of those services. This Privacy Policy describes how we will use that information. Your privacy matters to us, so please take the time to read and understand it.

This Privacy Policy applies to all of the services provided to you by Student Research and Development, a Washington non-profit corporation ("CodeDay"), including both electronic services (such as the CodeDay website) and physical services (such as Virtual CodeDay). It is effective as of September 15, 2020.

We change our Privacy Policy from time to time; we will post any changes on this site and, if the changes are significant, we will provide a more prominent notice on our homepage.

What Information We Collect

We collect several types of information:

  • Information you give us. Many of our services require you to provide information, such as a name, email, address, or billing information. Additionally, some services require you to sign up for or log in with a CodeDay account, which requires similar information.

  • Public information. For example, we collect information on your contributions to open-source software.

  • Information we get when you use our services. This information includes:
    • Device information. When you use one of CodeDay's electronic services, we collect information which can be used to uniquely identify your device.
    • Location information. When you use our electronic or physical services, we collect information about which city you live in. We request explicit permission before collecting location data more precise than your city.
    • Log information. When you use our electronic or physical services, we automatically collect certain information and store it as logs. This includes details of how you used the service (such as how many tickets you bought for CodeDay).

We may collect and store this information in a country outside the one where you live.

How We Use Your Information

We use your information internally for the following purposes:

  • To provide services. We use the information we collect to continue to provide existing services, to improve them, and to develop new ones.

  • For safety and security. We use the information we collect to protect ourselves and our users. For example, we maintain a list of people who are no longer allowed to
    attend our events for security reasons.

  • To keep you updated. We use information we collect to provide updates on existing and new services, and to occasionally let you know about donation or volunteer opportunities.

When We Share Information

We never sell your data, and try to minimize the need to share information with third-party providers. That said, we sometimes provide information to third-parties for the following purposes:

  • To process it. We provide some information to trusted partners to process it for us.

    For example, we provide your payment information to our payment processing provider and your bank.These providers are contractually required to keep your data safe by taking reasonable security measures, not disclosing it, and not using it for other than the contracted purpose. When possible we keep this data encrypted so that only we can read it.

    We provide a list of these third-party providers here.

  • To measure and demonstrate results. We share aggregated and anonymized, non-personally-identifying information with our partners or publicly to show the effects of our programs.

  • When you choose to share it. When using our services, you have the option of sharing some information publicly, such as sharing a project you create at CodeDay.

  • With your school or parents. If you're a student, we sometimes share information with your school to enable interoperability and functionality within your school. If you're a minor, we will also share information with your parents.

  • In very limited circumstances, for marketing. If you use services which are intended primarily for schools, parents, sponsors, or partners, we may share anonymized information about your use of the service with third-parties to help them remarket our ads.

  • For safety and security. We provide information to third-parties if we have a good-faith belief that doing so is necessary to:
    • Meet an applicable law, regulation, legal process or enforceable governmental request.
    • Detect, prevent, or otherwise address fraud, security or technical issues.
    • Protect against harm to property or safety.

Where possible we ensure shared information which is personally-identifying is encrypted both in transit and at rest.

Information Security

We use industry-standard measures to protect our data from unauthorized alteration or disclosure. In particular:

  • We encrypt many of our services using HTTPS/TLS.
  • We store passwords and other sensitive data using industry-standard cryptography.
  • We restrict access to personal information to employees, contractors, and volunteers who have a need to know it.
  • We review security and processing practices of third-parties with whom we share information.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • Our production infrastructure complies with industry standards, including FIPS 140-2, ISO 27001, and PCI-DSS.

Controlling Your Personal Data

At any time you may request a copy of the information we collect about you, may request that we make corrections or delete it, may opt-out of behavioral tracking, and may request that we do not sell your personal information:

We do not discriminate against those who exercise these controls.


Residents of California

If you are a California resident, California law provides you with specific rights regarding your personal information, including:

  • the right to request that we disclose certain information to you about its collection and use over the past 12 months,
  • the right to request that we delete your personal information, subject to certain exceptions
  • the right to opt-out of having your personal information sold

You have the right not to be discriminated against if you exercise any of your rights under California privacy law.

For purposes of California law, personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household.

What Information We Collect

In the last 12 months, we have collected the following from California residents:

  • Identifiers and other elements of personal information described by California Civil Code Section 1798.80.
  • Characteristics of protected classifications, such as your age, gender, or ethnicity, which you provide when you fill out demographic surveys.
  • Commercial information, including products or services purchased, obtained, or considered.
  • Internet and network activity when you interact with our website.
  • Audio, electronic, visual, thermal, olfactory, or similar information, such as recordings of customer service calls, and photos and videos when you attend our events.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Professional or employment-related information, such as is collected in mentor applications, or for alumni who answer follow-up surveys.
  • Inferences drawn from any of the information identified above.

Data Controls

You may request a copy of your data, request that we correct erroneous data, delete your data, or request that we do not sell your personal information using our data request form, or by emailing, calling, or writing to us using the contact information provided above.

Compliance with California AB 1584

CodeDay complies with AB 1584 as follows:

  1. Pupil records that schools or schools districts provide continue to be the property of, and under the control of, the school district.
  2. Pupils may retain possession and control of pupil-generated content. Pupils may transfer their content from a school account to a personal account by using the process described in the "Data Controls" section.
  3. A parent, legal guardian, or eligible pupil may review personally identifying information in the pupil's records, and correct erroneous information, by contacting us using the process described in "Data Controls" section.
  4. CodeDay prohibits using any pupil information for any purpose other than those specifically permitted.
  5. CodeDay prohibits using any pupil records to engage in targeted advertising.
  6. CodeDay will not retain any pupil records upon completion of the terms of the contract, and will provide written confirmation of the destruction of pupil records to the district upon request. (This does not apply to pupil-generated content if the pupil chooses to establish or maintain an account with CodeDay for the purpose of storing that content, either by retaining control of their own pupil-generated content, or by transferring pupil-generated content to a personal account.)
  7. CodeDay warrants that it has designated an individual responsible for training employees and agents on reasonable protection measures and the confidentiality of pupil records consistent with California and Federal Law, as described in the "Information Security" section.
  8. Immediately upon becoming aware of a compromise of pupil records, or of circumstances that could have resulted in an unauthorized access to or disclosure of pupil records, CodeDay will notify the district and account holder, fully investigate the incident, fully cooperate with the district's investigation of the incident, implement remedial measures, and respond in a timely manner with notification of the incident to the affected parent, legal guardian, or eligible pupil.
  9. Federal law (the Family Education Rights and Privacy Act - FERPA, 20 U.S.C. 1232G and 34 CFR Part 99) allow a school or educational institution to release student records to an organization in certain circumstances, and requires limitations on disclosure of these records and implementation of appropriate security measure. CodeDay is familiar with the requirements of FERPA and its implementing regulations (including without limitation California Education Code Section 49060 et seq), will comply with them, and have designated an individual responsible for ensuring compliance.