Privacy & Cookies

When you use our services, we collect information about you and your use of those services. This Privacy Policy describes how we will use that information. Your privacy matters to us, so please take the time to read and understand it.

This Privacy Policy applies to all of the services provided to you by Student Research and Development, a Washington non-profit corporation ("CodeDay"), including both electronic services (such as the CodeDay website) and physical services (such as Virtual CodeDay). It is effective as of September 15, 2020.

We change our Privacy Policy from time to time; we will post any changes on this site and, if the changes are significant, we will provide a more prominent notice on our homepage.

What Information We Collect

We collect several types of information:

  • Information you give us. Many of our services require you to provide information, such as a name, email, address, or billing information. Additionally, some services require you to sign up for or log in with a CodeDay account, which requires similar information.

  • Public information. For example, we collect information on your contributions to open-source software.

  • Information we get when you use our services. This information includes:
    • Device information. When you use one of CodeDay's electronic services, we collect information which can be used to uniquely identify your device.
    • Location information. When you use our electronic or physical services, we collect information about which city you live in. We request explicit permission before collecting location data more precise than your city.
    • Log information. When you use our electronic or physical services, we automatically collect certain information and store it as logs. This includes details of how you used the service (such as how many tickets you bought for CodeDay).

We may collect and store this information in a country outside the one where you live.

How We Use Your Information

We use your information internally for the following purposes:

  • To provide services. We use the information we collect to continue to provide existing services, to improve them, and to develop new ones.

  • For safety and security. We use the information we collect to protect ourselves and our users. For example, we maintain a list of people who are no longer allowed to
    attend our events for security reasons.

  • To keep you updated. We use information we collect to provide updates on existing and new services, and to occasionally let you know about donation or volunteer opportunities.

When We Share Information

We never sell your data, and try to minimize the need to share information with third-party providers. That said, we sometimes provide information to third-parties for the following purposes:

  • To process it. We provide some information to trusted partners to process it for us.

    For example, we provide your payment information to our payment processing provider and your bank.These providers are contractually required to keep your data safe by taking reasonable security measures, not disclosing it, and not using it for other than the contracted purpose. When possible we keep this data encrypted so that only we can read it.

    We provide a list of these third-party providers here.

  • To measure and demonstrate results. We share aggregated and anonymized, non-personally-identifying information with our partners or publicly to show the effects of our programs.

  • When you choose to share it. When using our services, you have the option of sharing some information publicly, such as sharing a project you create at CodeDay.

  • With your school or parents. If you're a student, we sometimes share information with your school to enable interoperability and functionality within your school. If you're a minor, we will also share information with your parents.

  • In very limited circumstances, for marketing. If you use services which are intended primarily for schools, parents, sponsors, or partners, we may share anonymized information about your use of the service with third-parties to help them remarket our ads.

  • For safety and security. We provide information to third-parties if we have a good-faith belief that doing so is necessary to:
    • Meet an applicable law, regulation, legal process or enforceable governmental request.
    • Detect, prevent, or otherwise address fraud, security or technical issues.
    • Protect against harm to property or safety.

Where possible we ensure shared information which is personally-identifying is encrypted both in transit and at rest.

Information Security

We use industry-standard measures to protect our data from unauthorized alteration or disclosure. In particular:

  • We encrypt many of our services using HTTPS/TLS.
  • We store passwords and other sensitive data using industry-standard cryptography.
  • We restrict access to personal information to employees, contractors, and volunteers who have a need to know it.
  • We review security and processing practices of third-parties with whom we share information.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • Our production infrastructure complies with industry standards, including FIPS 140-2, ISO 27001, and PCI-DSS.

Controlling Your Personal Data

At any time you may request a copy of the information we collect about you, may request that we make corrections or delete it, may opt-out of behavioral tracking, and may request that we do not sell your personal information:

We do not discriminate against those who exercise these controls.

Residents of California

If you are a California resident, California law provides you with specific rights regarding your personal information, including:

  • the right to request that we disclose certain information to you about its collection and use over the past 12 months,
  • the right to request that we delete your personal information, subject to certain exceptions
  • the right to opt-out of having your personal information sold

You have the right not to be discriminated against if you exercise any of your rights under California privacy law.

For purposes of California law, personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household.

What Information We Collect

In the last 12 months, we have collected the following from California residents:

  • Identifiers and other elements of personal information described by California Civil Code Section 1798.80.
  • Characteristics of protected classifications, such as your age, gender, or ethnicity, which you provide when you fill out demographic surveys.
  • Commercial information, including products or services purchased, obtained, or considered.
  • Internet and network activity when you interact with our website.
  • Audio, electronic, visual, thermal, olfactory, or similar information, such as recordings of customer service calls, and photos and videos when you attend our events.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Professional or employment-related information, such as is collected in mentor applications, or for alumni who answer follow-up surveys.
  • Inferences drawn from any of the information identified above.

Data Controls

You may request a copy of your data, or request that we do not sell your personal information using our data request form, or by emailing, calling, or writing to us using the contact information provided above.