Data Privacy Principles

College Board is a mission-driven not-for-profit organization that works to promote excellence and equity in education. We use students' personal data to help them access and succeed in college and career, and use educators’ and other individual’s personal data to support those students and further our mission. We are committed to respecting privacy and protecting individuals’ data—keep reading to see how we do it.

  1. Notice: College Board gives notice to students, parents, educators, and our other stakeholders about how information is collected, used, disclosed, and secured in our Privacy Statement and Program-Specific Privacy Policies. We also provide this notice when the information is collected, including why we collect personally identifiable information.
  2. Choice: College Board gives students, parents, educators, and other individuals choices about their personally identifiable information, including how we use it and share it. Individuals decide how much additional information they disclose beyond the information needed to register for our tests or participate in our programs and services. We don’t share information without the individual’s permission. For those with College Board accounts, they can also change their preferences whenever they choose.

    College Board lets students, parents, educators, and other individuals choose how they receive certain communications, such as text messages, emails, and phone calls. We do not send text messages or call individuals unless they specifically opt in to these forms of communication.

  3. Transparency: We provide transparency for individuals to be clearly informed about College Board’s use of their personal data. We’ve developed policies and publicly available resources to meet our commitment of transparency. For a comprehensive and meaningful view of our privacy practices, see the College Board Privacy Statement, Program-Specific Privacy Policies, and Supplemental Resources on our Privacy Center. Throughout we also provide extensive details about how we collect, use, and disclose individuals’ information, and their right to access, correct, and delete it.
  4. Security: We follow industry standard security practices to protect the personal information submitted to us, both during transmission and once it’s received. College Board has achieved ISO 27001 certification for our information security program, is certified by third-party auditors annually, provides annual SOC 2 reporting on our information security program, and is PCI compliant. These practices help us proactively manage risks and controls. We never ask students, parents, or other individuals to send credit card, bank, or password information over the phone or by email.