Coding Rooms is discontinuing Free and K-12 services. Click here for more information.

Privacy Policy

This Privacy Policy describes the practices of EXL Inc. (“EXL”, “we” or “us”) regarding our collection, use, and disclosure of information (including Personal Information, defined below) through our website at and the related software and services provided there (collectively, the “Service”).

Applicability of this Privacy Policy.

Please note that this Privacy Policy only applies to the Services. We process Personal Information (defined below) lawfully pursuant to one of three bases: where we have your consent (such as where you opt-in to marketing communications), where we have a legitimate interest in doing so (such as providing you with customer support), where necessary for performing a contract with you (such as our Terms of Service, to which you agree as a condition of using the Services), or where we have a legal obligation (such as where a court order compels us). This Privacy Policy does not apply to any website, offering, product or service of any third party, even if it links to our Site or incorporates the Service – please refer to the applicable privacy policies before deciding to provide any information to third parties.

A Note to Users Outside the United States.

We are based in the United States. The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. If you are in the European Union and would like additional information on how we legitimize transfers of personal data outside the European Union, the European Economic Area, and Switzerland, please see the “International Transfers” section, below.

Information We Collect.

We collect information from visitors to our website (“Visitors”) and from users of our Services (“Users”). We collect the following categories of information:

How We Use Information.

We use the information we collect for the following purposes:

How We Share Information.

We share or disclose information only in the following cases:

Third Party Service Providers.

We use third-party service providers to help us provide portions of the Coding Rooms services and give support. Examples of these third parties include public cloud storage vendors, carriers, our payment processor, and our service provider for managing customer support tickets. They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party. We prohibit our service providers from selling data they receive from us or receive on our behalf. We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide customer support. The information they may receive as part of providing that support cannot be used by them for anything else. Below is the list of the vendors we currently use:

Prior to engaging any third party vendors, Coding Rooms evaluates their security and privacy posture.

How We Secure Information.

We implement appropriate technical and organizational measures to protect the information we collect and store. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at

Managing Your Information.

You have many choices to access information we collect about you and about how we use or disclose that information. This section details many of those choices, including how you can exercise rights you may with respect to your information (including Personal Information), how you can opt out of collection and use of certain types of information for certain purposes (such as marketing), and how you can use your browser or third-party tools to disable certain collection methods (such as cookies or tracking technologies).

You may access, correct, amend or delete information by accessing it within your account. If you are unable to do so, or if you’re a Visitor who would like to exercise your right to access Personal Information we may have about you, or if you have any other questions about Personal Information we have collected about you, please contact us at

If you would prefer not to accept cookies or otherwise wish to disable our use of tracking technologies, most browsers and mobile devices allow you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. Please note that our Services do not respond to Do Not Track (DNT) signals.

Certain tracking technologies we use are related to advertising networks, and through those technologies the advertising networks may collect certain Log Information from you. No Personal Information is shared with these advertising networks, but please note that the information we share with those advertising networks might be combined with other information about you that those networks may have collected from other sources. To learn more about advertising networks and how to opt out of sharing information with them, please click here and here. If you’re in the EU, you can find additional information about your choices with respect to advertising networks and online behavioral advertising by clicking here.

If you have any questions about how we or our third-party service providers use cookies or other tracking technologies that aren’t answered in this Privacy Policy, please contact us at

International Users.

Residents of the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland. If you reside in the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have legal rights with respect to your personal data, including those set forth under the EU’s General Data Protection Regulation (GDPR). GDPR requires that we have a “basis” for processing your data. We process your personal data (i) with your consent (where applicable), (ii) to perform a contract with a customer, and (iii) for other legitimate interests and business purposes.

Information from Children.

Our Site and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13, unless we have received consent as detailed in Section “Ability to Accept Terms” of our “Terms of Services”. If we learn that we have collected Personal Information of an unauthorized child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable. Please contact us at if you believe we have any information from or about an unauthorized child under the age of 13.

Incident Management and Response

We have a standardized process for responding to security incidents. When a security incident is suspected, our team is notified through a paging service and a central communication channel is established. After each incident, we conduct a post-mortem analysis to identify root causes and track any related follow-up work.

If we believe that a customer’s personal information has been accessed or modified by an unauthorized third party, we will take all necessary steps to notify the affected customers as quickly as possible, and in no case greater than five (5) business days after we learn of the breach.

One of the first steps during a security incident is to verify that the attacker is completely out of the systems question, or that their impacts are minimized. The second step is to identify the extent of the data breach, which should result in a list of the affected customers and data. In the event of a large data breach, we will coordinate with additional legal and security resources to assist our efforts.

In our communications with affected customers, we will include the following information:

·  The nature of how the information was accessed (viewed, modified, etc)

·  The actual information accessed

·  What we’ve done to mitigate the access

·  What corrective actions we will take to prevent future breaches

If you have any questions about our security program, please send an email to

Changes to Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you at the email address you have provided to us and by posting the amended policy here. The current version will always be posted to our Privacy Policy page.

If you have any questions about this Privacy Policy, please contact us at