Skip to content
Hal Snyder edited this page Jun 12, 2018 · 6 revisions

GDPR Compliance Statement

CoCalc aims to be completely compliant with the new European GDPR regulations.

  • If there is anything that you would like to know about what personally identifiable information we (or any services we use) tracks, please email us.

  • If you need to permanently delete any data related to your account, or otherwise exercise any of the other (very sensible) rights guaranteed to you (as an EU person) by the GDPR, please email us and we will get it done!


How do you guarantee that your application stays secure?

We designed and implemented CoCalc from the ground up with multiple levels of security (defense in depth) as a key part of the design. The technical details of how our implementation works is proprietary, and helps with security. However, it uses the Calico very restrictive firewalls combined with Google Compute Engines firewalls, and all user code runs in non-privileged Docker containers. We regularly upgrade the images and pay close attention to security disclosures. For example, we are on the private Jupyter notebook security mailing list, which gets early notification of issues. In over 5 years of operation, we have never had a (known) security incident.

William Stein, the lead architect of CoCalc, has a background in security due to his academic research in cryptography and rigorous thinking (as a mathematician).

Requests for Data

Under GDPR, individuals have the right to see what data is retained about them. A school or business that makes CoCalc available to students and employees must be able to deliver that data to those students and employees, should they request it. The response should be all information connected to the person in question, not only personal data, but also transactions and logging information connected to him or her. How can such a school or business retrieve information about specific students or employees?

Send an email to requesting information about a specific user, and also get them to email us to confirm that they've made this request, since we will not divulge information about a user without their permissions (except in case of FERPA, which is a US law for people under 18).

In what format can we expect the response?

A URL will be provided where you can download an archive of the data.

Regarding the actual information that is in CoCalc, it is:

  1. All files they have placed or edited in any project on which they are a collaborator
  2. A log of when they edited or opened each file or project.
  3. A log of their interactive editing of the file (e.g., what they actually did with the file and when).

How long would it take for you to deliver a result to us?

At most 30 days (as required by GDPR), though we will attempt to deliver the data much more quickly.

Clone this wiki locally
You can’t perform that action at this time.