If you're creating an educational website, you'll need to make sure you have all the correct legal documents in place. This includes having a Privacy Policy that is accurate and appropriate for your website.

Having a good Privacy Policy helps you to meet your legal requirements, show users that you're trustworthy, and create a professional appearance for website visitors.

This article will cover why you need a Privacy Policy for your educational website, what clauses to include, and how you should display it to make sure your users agree to it.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



Why is a Privacy Policy Needed for Educational Websites?

Privacy laws around the world require you to have a Privacy Policy when you are collecting personal information. This means you'll need a Privacy Policy for your educational website if you collect personal information from your website users.

Laws including the General Data Protection Regulation (GDPR) in the EU, Data Protection Act (DPA) in the UK, and California Online Privacy Protection Act (CalOPPA) in the U.S. all require you to have a Privacy Policy if you collect personal information.

Depending on where your educational website is based, and where your website users come, one or several of these different privacy laws might apply to you.

Let's take a look at a couple of examples of when you might be collecting personal information.

When Do Educational Websites Collect Personal Information?

Educational websites collect personal information in situations such as:

  • Collecting email addresses for login or sign-up data
  • Asking for names or addresses
  • Using services like Google Analytics
  • Collecting payment information for an educational service or fee for using the site
  • Names and email addresses for subscriptions to a mailing list
  • Asking for school or class information
  • Using cookies to recommend a particular educational offering

If your educational website is directed at children or teenagers, you should also be aware of the Children's Online Privacy Protection Act (COPPA) and its recent update (COPPA 2.0) in the United States. This law requires special restrictions and rules around collecting personal information from children and teens.

Now let's go through which clauses you need to cover in your Privacy Policy.

What Clauses Should You Include in a Privacy Policy for Educational Websites?

You'll need clauses covering:

  • How Personal Data is Collected
  • Your Use of Cookies
  • What Types of Personal Data are Collected
  • How Personal Data is Used
  • What Legal Rights Users Have
  • How You Handle Children’s Data
  • How You Share and Transfer Data
  • Contact Information

We'll now go through each of those in more detail, with examples of each.

How Personal Data is Collected

First, you need a clause that covers how personal data is collected, i.e. the ways in which you collect information from website users.

Take a look at this example from Khan Academy, which outlines three ways that Khan Academy collects information from users:

Khan Academy Privacy Policy: Collection of information clause

You can see that information is collected:

  • Directly
  • Indirectly through other sources
  • Automatically
  • Through cookies

These are common ways in which most education websites would collect information on users. Consider carefully how your website collects data, and explain it simply and in bullet points like the example above.

Here's another example from edX. In this clause you can see that more detail is provided about when information is collected (such as when creating an edX account), or when browsing the edX site:

edX Privacy Policy: Information collect clause

Make sure you notify users about information collection that they might not be aware of, such as through analytics tools, cookies, or other methods that are not obvious.

Let's take a brief look at cookies.

Your Use of Cookies

Cookies are a common way in which you might collect information from users on your educational website.

You should include information on cookies in your Privacy Policy, as well as setting up a Cookie Policy.

Here's an example from Education Week, which explains how the website use cookies:

Education Week Privacy Policy: Cookies clause

You can see that first-party cookies and third-party cookies are both explained in the clause. The clause also contains information about what these different cookie types do.

Here's another example from The Online School that is much simpler:

Online School UK Privacy Policy: Cookies clause

Simple language can help to make sure your users understand your Privacy Policy, and that the data collection process is clear.

Try to find a good balance between clear, readable wording, and more detailed information that explains things to your users.

Now let's take a look at clauses that cover what types of personal data you collect.

What Types of Personal Data are Collected

Your Privacy Policy should clearly describe all the different types of personal data you collect. It also helps your users if you include information about when you collect that information, such as during the account registration process.

Here's an example from Education Week that explains what personal information is collected by the website:

Education Week Privacy Policy: Personal information collect clause

For example, you can see that when an account is registered, Education Week collects information including email, password, first and last name, job title, organization, address, how users are connected to education, and a user display name. For purchases, the website collects additional information such as credit card details and a delivery address.

Consider what your own website collects, when you provide your services. Make sure all services are covered, including online participation and sign-ups, as well as orders or sales.

Here's another example from Udemy:

Udemy Privacy Policy chart with personal data and legal basis

You can see that the personal information is described in a table. This is a clear and easy way to make sure your users can see and understand what information is being collected about them. Udemy also includes the legal basis for processing, to justify why this data is collected.

How Personal Data is Used

Once you've described how personal data is collected and what you're collecting, you also need a clause covering what you use it for.

You can see in the example below from Education Week below that personal information is used for providing the services, marketing products, sending ordered products, communicating webinars, sending newsletters, and more:

Education Week Privacy Policy: How we use your personal information clause

Some further examples from Education Week include collecting information for research and development, allowing users to participate on the website, and to manage events:

Education Week Privacy Policy: How we use your personal information clause excerpt

This example from Udacity also outlines how personal information is used:

Udacity Privacy Policy: How we use information clause

You can see that it includes sending information, responding to communication, managing online courses, providing services, customizing content, complying with laws, and improving the services.

Many data privacy laws, most particularly the GDPR, also require you to include information in your Privacy Policy about the legal rights that users have.

Here's an example from Udacity that covers legal rights:

Udacity Privacy Policy: Legal rights clause

You can see that these rights include providing access to and/or a copy of information, preventing information being used for direct marketing, updating information, deleting information, restricting processing, transferring information, and revoking consent.

Here's another example from Constructed Education:

Constructed Education Privacy Policy: How to access and control your personal data clause

Like the previous clause, this example also outlines the rights available to users of the website, and explains how they can be exercised.

How You Handle Children's Data

If you're dealing with children's data, or your website is targeted at children, you'll have to include additional sections and may need to write your Privacy Policy differently so that it's readable by teenagers and young people. For an educational website that isn't targeted at children, you could include clauses like the following.

Here's an example from edX. You can see that it specifies that edX is not directed at children:

edX Privacy Policy: Childrens information clause

It also says that if a child has provided edX with personal information, the website should be notified.

Here's another example from Udacity, also explaining the same concept: the website is not targeted at children:

Udacity Privacy Policy: Childrens Privacy clause

This clause specifies that if the information of children under 13 has been collected without consent, Udacity will take reasonable steps to delete it as soon as possible.

Here's another example from Khan Academy. This example includes a Children's Privacy Notice that provides additional information about how they deal with children's data:

Khan Academy Privacy Policy: Childrens clause

You can see that it specifies that Khan Academy asks for the consent of a parent or legal guardian at the account creation step, or deals with schools directly to gain consent when whole classes are using the website.

How You Share and Transfer Data

Once you've made it clear how you collect data and what types of data you collect, you also need to cover how you share data with others and when you transfer it to other jurisdictions.

Here's an example from Education Week that covers situations in which data is shared:

Education Week Privacy Policy: How we share your information clause

You can see this includes situations such as job applications where information might be shared with recruiters, paid subscriptions when information might be shared to third parties, events, and joint marketing partners.

Here's an example from Constructed Education that also explains how information is shared:

Constructed Education Privacy Policy: How we share information we collect clause

In this case, the clause covers service providers and trusted partners. This includes data analytics and marketing services, as well as customer support.

Here's an example from Udacity that also explains how data is transferred to other jurisdictions:

Udacity Privacy Policy: International users clause

It explicitly outlines how data might be transferred to countries other than the user's country of residence. It also specifies that information is stored in the United States.

Here's another example from Udemy that is targeted at users outside of the United States:

Udemy Privacy Policy: Users outside the USA clause

This clause also states that data will be transferred to the United States. Especially if you expect to have international users, make sure you explain where data is stored and processed.

Contact Information Clause

Finally, you need a contact information clause so your users can get in touch with you.

Here's an example from Khan Academy:

Khan Academy Privacy Policy: Contact clause

This clause can be relatively simple, including a couple of ways in which you can be contacted.

Here's another example from edX:

edX Privacy Policy: Contact clause

You can see the information of the EU and UK representatives is also included, even though the company is based in the United States.

Now that we've gone through what should be in your Privacy Policy, let's look at how you should display it.

How Do You Display a Privacy Policy for Educational Websites?

Displaying your Privacy Policy correctly is an important step for making sure that your users can consent to it. It needs to be clearly visible to your users and they need to agree to it actively.

You should display it:

  • In your website footer
  • In any sign-up or mailing list forms
  • In any emails you send

First, display your Privacy Policy in the footer of your website, along with your other legal documents.

You can see this example from Khan Academy clearly displays all the legal documents in text that isn't too tiny and isn't hidden from the user:

Khan Academy website footer with Privacy Policy link highlighted

This example from edX also shows another way in which you can display the Privacy Policy link in your website footer:

edX website footer with Privacy Policy link highlighted

Now let's look at sign-up and mailing list forms.

In Sign-Up or Mailing List Forms

For sign-up and mailing list form submissions, you'll be collecting data such as a name or email address.

You should always include a link to your Privacy Policy next to the form submission with a check-box that says "I accept." This shows a clear agreement to the Privacy Policy.

Many websites have the Privacy Policy link displayed next to the form, such as this example from Udemy:

Udemy sign up form

You can see that next to the sign-up button, there's a statement saying "By signing up, you agree to our Terms of Use and Privacy Policy". This is a good start, but you really need a check box so that it's clear the user has seen the statement and agreed to it.

In Any Emails You Send to Customers

Another good place to include your Privacy Policy is in any emails you send customers.

Here's an example from Coursera:

Coursera email excerpt

Here you can see that an update to the Privacy Policy has happened, so Coursera is sending an email to notify its users. There is a link to the Privacy Policy within the email so that users can reach it easily.

This example from Khan Academy also shows how the Privacy Policy link is included in the email footer:

Khan Academy email footer with Privacy Policy link highlighted

Here you can see that the Privacy Policy is clearly visible, because the link is in a different colour than the rest of the email. This helps your users to see it.

Summary

With these steps, your Privacy Policy should have all the right clauses for an educational website, and you can also make sure your users agree to it with active consent. Make sure you have clauses on how you collect data (including through cookies), what data you collect, how you use it, and the legal rights of your users.

If you're dealing with children's data, make sure you include a clause or a separate Privacy Policy suitable for them. Finally, make sure you let your users know how you share and transfer data, and how they can contact you. Once your Privacy Policy is ready, display it in your website footer, sign-up and mailing list forms, and in any emails you send.

Privacy Policy Generator
The first step to compliance: A Privacy Policy.

Stay compliant with our agreements, policies, and consent banners — everything you need, all in one place.

Generate Privacy Policy