Coding Rooms transition to “read-only” state on August 31, 2024  Click here for more information.

FERPA Compliance

Privacy The Coding Rooms FERPA Privacy Compliance Policy

Coding Rooms FERPA Privacy Compliance

Coding Rooms & FERPA

At Coding Rooms, we are fully committed to preserving the privacy and security of our users' data. This includes ensuring that our customers in the education sector are compliant with the Family Education Rights and Privacy Act (FERPA). Information Security and Privacy are both key components central to FERPA compliance.

How does Coding Rooms protect user data?

In addition to developing our products with a privacy-by-design methodology, we consistently monitor our infrastructure and conduct vulnerability scans and penetration tests to evaluate our security posture and identify new threats.

What is FERPA?

FERPA is a U.S federal law that protects the privacy of student educational records. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends school beyond the high school level.

Where is FERPA compliance required?

FERPA applies to all academic institutions that receive funds under applicable U.S. Department of Education programs.

What are “educational records”?

Education records directly relate to a student and are maintained by an educational institution or by a party on behalf of the agency or institution. Audio, video, and chat recordings and streams may be considered education records under certain circumstances and may require parental consent if a minor is under the age of 18. More information on this topic can be found at the website.

Are there any FERPA certification programs?

No. Currently there are not any specific FERPA certification programs to assess third-party compliance. The academic institution must perform its own assessment to determine if a product or service affects its ability to comply.

How does Coding Rooms help with FERPA compliance?

To assist with FERPA compliance, Coding Rooms meets and/or exceeds industry standard privacy practices and technical security measures to ensure that user data is protected. Our security and privacy measures include:


This Privacy Policy describes the practices of EXL Inc. (“EXL”, “we” or “us”) regarding our collection, use, and disclosure of information (including Personal Information, defined below) through our website at and the related software and services provided there (collectively, the “Service”).

Applicability of this Privacy Policy.

Please note that this Privacy Policy only applies to the Services. We process Personal Information (defined below) lawfully pursuant to one of three bases: where we have your consent (such as where you opt-in to marketing communications), where we have a legitimate interest in doing so (such as providing you with customer support), where necessary for performing a contract with you (such as our Terms of Service, to which you agree as a condition of using the Services), or where we have a legal obligation (such as where a court order compels us). This Privacy Policy does not apply to any website, offering, product or service of any third party, even if it links to our Site or incorporates the Service – please refer to the applicable privacy policies before deciding to provide any information to third parties.

A Note to Users Outside the United States.

We are based in the United States. The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. If you are in the European Union and would like additional information on how we legitimize transfers of personal data outside the European Union, the European Economic Area, and Switzerland, please see the “International Transfers” section, below.

Information We Collect.

We collect information from visitors to our website (“Visitors”) and from users of our Services (“Users”). We collect the following categories of information:

How We Use Information.

We use the information we collect for the following purposes:

How We Share Information.

We share or disclose information only in the following cases:

Third Party Service Providers.

We use third-party service providers to help us provide portions of the Coding Rooms services and give support. Examples of these third parties include public cloud storage vendors, carriers, our payment processor, and our service provider for managing customer support tickets. They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party. We prohibit our service providers from selling data they receive from us or receive on our behalf. We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide customer support. The information they may receive as part of providing that support cannot be used by them for anything else. Below is the list of the vendors we currently use:

Prior to engaging any third party vendors, Coding Rooms evaluates their security and privacy posture.

How We Secure Information.

We implement appropriate technical and organizational measures to protect the information we collect and store. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at

Managing Your Information.

You have many choices to access information we collect about you and about how we use or disclose that information. This section details many of those choices, including how you can exercise rights you may with respect to your information (including Personal Information), how you can opt out of collection and use of certain types of information for certain purposes (such as marketing), and how you can use your browser or third-party tools to disable certain collection methods (such as cookies or tracking technologies).

You may access, correct, amend or delete information by accessing it within your account. If you are unable to do so, or if you’re a Visitor who would like to exercise your right to access Personal Information we may have about you, or if you have any other questions about Personal Information we have collected about you, please contact us at

If you would prefer not to accept cookies or otherwise wish to disable our use of tracking technologies, most browsers and mobile devices allow you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. Please note that our Services do not respond to Do Not Track (DNT) signals.

Certain tracking technologies we use are related to advertising networks, and through those technologies the advertising networks may collect certain Log Information from you. No Personal Information is shared with these advertising networks, but please note that the information we share with those advertising networks might be combined with other information about you that those networks may have collected from other sources. To learn more about advertising networks and how to opt out of sharing information with them, please click here and here. If you’re in the EU, you can find additional information about your choices with respect to advertising networks and online behavioral advertising by clicking here.

If you have any questions about how we or our third-party service providers use cookies or other tracking technologies that aren’t answered in this Privacy Policy, please contact us at

International Users.

Residents of the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland. If you reside in the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have legal rights with respect to your personal data, including those set forth under the EU’s General Data Protection Regulation (GDPR). GDPR requires that we have a “basis” for processing your data. We process your personal data (i) with your consent (where applicable), (ii) to perform a contract with a customer, and (iii) for other legitimate interests and business purposes.

Information from Children.

Our Site and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13, unless we have received consent as detailed in Section “Ability to Accept Terms” of our “Terms of Services”. If we learn that we have collected Personal Information of an unauthorized child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable. Please contact us at if you believe we have any information from or about an unauthorized child under the age of 13.

Changes to Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you at the email address you have provided to us and by posting the amended policy here. The current version will always be posted to our Privacy Policy page.

If you have any questions about this Privacy Policy, please contact us at