Runestone Academy Privacy Policy

Plain English

Runestone Academy has an educational mission. In this paragraph we provide our plain English view of your privacy and how we use your data when you visit our website (, the “Website”) to register your school or class as a user, when you register as a student of a school or class or access or use our educational services. The books and course materials we provide (the “Service”) are free-of-charge and in an open source format. They are for educational purposes only. As part of the Service or the Website we do collect usage data to help us better understand how you learn and how you use the Service and the Website . Because the Services may be used as a part of your formal education we need to collect some identifying information so that you can save and retrieve your work, and so that your instructor can register for the Service and assess your progress, grade, and give you feedback.

We may use the data we collect to make decisions about revisions to the Service, for academic research and to publish academic papers. We would never publish anything that knowingly revealed your identity. We may share this data with fellow educational researchers, or other partners that help further the mission of computer science education for everyone, but rest assured that any and all personally identifying information will be anonymized before we do. Other than that, we will take reasonable efforts to keep your data private and safe.

All of the code used for the Service is available for you to inspect on GitHub. The rest of this document is the detailed legal description of our policy. if you see something below that you think is not in the educational spirit of Runestone Interactive, please point it out so we can clarify it or change it.


Fair Information Practices
Fair information Practices
Our Contact Information
This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used. PII, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your PII in accordance with our Website or our Service.

What personal information do we collect from the people that visit our blog, website or app?

When registering on our Website you may be asked to enter your name, email address, user name or other details to help you with your experience.

When do we collect information?

We collect information from you when you register on our site, enter information on our Website or use the Service.

How do we use your information?

We may use the information we collect from you when you register to use the Service, sign up for our newsletter, respond to a survey or marketing communication, surf the Website, use the Service or use certain other site features in the following ways:

How do we protect your information?

Although total security does not exist on the Internet or through mobile networks, we will take the following steps to protect your PII.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
An external PCI compliant payment gateway handles all payment transactions.
We do use periodic Malware Scanning.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the Website's or service provider's systems to recognize your browser and capture and remember certain information. . They are also used to help us understand your preferences based on previous or current Website activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about Website traffic and Website interaction so that we can offer better site experiences and tools in the future.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, some of the features that make your site experience more efficient may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your PII unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety. It is also possible that we would sell our business (though merger, sale, reorganization or otherwise), or sell all or substantially all of our assets. In any transaction of this kind, customer information, including your PII, may be among the assets that are transferred. If we decide to so transfer your personally identifiable information, you will be notified by email or by a post to the Website.

The advent of Large Languange Models (LLMs) brings some unique opportunities for improving learning, and providing personalized tutoring to our readers. To do this we reserve the right to enter into an agreement with any company with the resources to train such an LLM, whereby we would provide them a random sample of anonymized answers to the questions contained in the text books on Runestone Academy. Any data privacy agreement that we have in place with a school, that stipulates the school owns the data will be honored and students from such schools would be excluded from the random sample.

Blogs and Message Areas

The Website may include access to and use of blogs or other message areas that allow users to post information to the Website. When you post messages, other site visitors can also view them. We urge you to exercise caution when providing personally identifiable information in the blogs or other message areas. Remember that any information you disclose in these areas becomes public information.
YouTube Videos -- We use YouTube to host the videos contained in our textbooks because it is economical and the most reliable way to ensure that we can serve videos on as many browsers on as many platforms as possible. When we use YouTube for videos then you should understand that YouTube's Terms of Service apply.

Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

It's also important to note that we do not allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act)

The Service shall not be made available to anyone under the age of 13 without our prior written consent.

The General Data Protection Regulation (GDPR)

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. To the best of our knowledge we are in compliance with the GDPR. We collect minimal personally identifiable information, (email, first name, last name) and we do not share that information with any third parties. All users have the ability to delete their account and all associated data. We do not use any personal information for marketing purposes. We do not use any personal information for any purpose other than making it easier for instructors to run a course on Runestone Academy.

How to Access, Correct or Delete Your Information

You can access, correct or delete your personally identifiable information on your “User Profile” page. To protect your privacy and security, we require a user ID and password to verify your identity before granting access or making corrections. Please be advised that certain personal information may not be corrected or deleted if we must by law retain such information as submitted.

If at any time you would like to unsubscribe from receiving future emails, you can email us at and we will promptly remove you from ALL correspondence.

Parental options to Access, Correct or Delete a Student's Information

Parents may request corrections, access or deletion of student information by submitting a request through the verified instructor for the course in which their child is enrolled. Runestone has no way to independently verify the identity of a parent without working through the instructor for the course so if you are a parent please do not email us directly.

Data Retention

In general we keep all data for two years. This is largely so that students can access their work as they continue their studies. After two years data is deleted from our production system. There are several exceptions to this policy.


Runestone derives revenue from the use of Ethical Ads. Registered users, enrolled in a course through their institution, will not be shown ads. EthicalAds does not use cookies or any other form of tracking.

Information Security Policy

We have an information security policy (WISP) that we will update from time to time. Keeping in mind that as a small organization we do not need a lot of written policies. You are welcome to read our WISP. We welcome your feedback and suggestions for how to improve.

Breach Response

In the event of a data breach, we will notify the instructor(s) of all affected courses by email as soon as we are able, within at least 48 hours of us becoming aware of said breach. We will rely on the instructors to relay that information to their school administration. In the event that we have a Data Privacy Agreement in place with a school where we have other contact information we will use that as well.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.
2161 Maier Court
Luck, WI 54853

Last Edited on 2019-08-19