Adobe & Student Privacy

Learn how Adobe complies with laws, regulations and best practices related to the privacy of student data.

Last updated: July 21, 2021

Adobe products, apps, and services help students communicate their ideas in more creative and engaging ways — so they can make the world take notice. As schools and universities around the globe are confronted with an ever-expanding array of privacy laws, however, it can be challenging for schools to determine whether Adobe solutions comply with local student privacy requirements.

This page is designed to help you understand – in plain language – the student privacy commitments we make to you, which may vary based on how you deploy Adobe solutions in your school or university. We also answer some of the most common student privacy questions we receive in the U.S., the EU, and elsewhere.

One Adobe. Multiple ways to deploy.

The identity solution you choose makes all the difference. Adobe offerings can be deployed on one of three types of identity solutions: (1) a general consumer ID (which we call an Adobe ID), (2) an Enterprise ID, or (3) a Federated ID.

Note that general Adobe IDs are appropriate only for Higher Education settings. Because K-12 students require additional protections, Primary and Secondary schools should deploy on either Enterprise or Federated IDs in order to apply the appropriate protections. Learn more about Adobe’s eligibility guidelines to qualify as a Primary or Secondary school.

Primary & Secondary Schools (K-12) or Higher Education

Higher Education Only

Account Type

Enterprise or Federated IDs. School claims their domain and assigns licenses to named students using Adobe’s admin console tool. Learn more.

Adobe ID. Learn more.

Relevant Legal Terms

Schools sign up for Enterprise or Federated IDs directly with Adobe and agree to the relevant Adobe license terms including, where applicable, the K-12 (Primary and Secondary) and Higher Education Additional Terms for Student Data.

Users sign up for an Adobe ID directly with Adobe and agree to the Adobe Terms of Use and Privacy Policy.

Account Control

Schools control accounts and content with Enterprise or Federated IDs – not Adobe. Adobe provides the Adobe Student Services on the school’s behalf.

Any student data gathered is for the use and benefit of the school and used for no other commercial purpose other than operating or improving the products and services the school has licensed.

Users control accounts and content with Adobe IDs – not Adobe.

FERPA (Family Educational Rights and Privacy Act)

Where Enterprise or Federated IDs are deployed, Adobe contractually agrees to act as a “school official” for FERPA purposes, consistent with 34 Code of Federal Regulations (CFR) §99.31(a)(1) and to protect student data accordingly.

Where an Adobe ID is deployed, Adobe cannot agree to act as a “school official” for FERPA purposes as our user agreement is with the individual user, not with the school, and the use of the Adobe products and services are governed by our Terms of Use and Privacy Policy.

However, these users receive protections similar to those outlined in FERPA (i.e., Adobe provides commercially reasonable security and will not share personal data except at the user’s direction or as outlined in our Privacy Policy).

Age Restrictions, Parental Consent and COPPA Compliance (Children’s Online Privacy Protection Act)

Enterprise or Federated IDs are appropriate for use by individuals of any age. To the extent that a school determines consent from a student’s parent or legal guardian is required, Adobe relies on the school to obtain such consent.

Adobe IDs are appropriate for use by individuals over the local age of consent (which may vary by location).

Safe Search

Schools deploying Enterprise or Federated IDs can block access to Behance. Internet image search is turned off in Adobe Express by default in these deployment models.

Users can use Adobe ID on all Adobe hosted services, including Behance, and could potentially be exposed to content intended for more mature audiences.

GDPR / Account Data Access, Correction and Deletion Requests

Subject to the school's acceptance of the Data Processing Agreement, Adobe is the Processor and the school is the Controller for GDPR purposes. As a Processor for the school, Adobe gives schools the tools they need to promptly respond to account data access, correction and deletion requests submitted to the school by students or their parents. Schools are empowered to access, correct and delete accounts and stored content.

Learn more about Adobe’s GDPR readiness.

Adobe will respond to data access, correction and deletion requests about Adobe ID user account information made by an authenticated user within the time period required by the GDPR.

Adobe ID users can self-access and delete their own stored content.

Learn more about Adobe’s GDPR readiness.

Access to Account and Data After Graduation

Schools can enable a workflow to authorize the transfer of content from a school-provided Enterprise or Federated ID account to a personal Adobe ID account established by the student creator.

The Adobe ID account and its content are controlled by the Adobe ID user and remain in their control after they graduate or leave a school. No need to do anything extra.

Sharing Data with Third Party Service Providers

In certain circumstances, Adobe may share student data with third party service providers as needed to perform services for Adobe or on Adobe’s behalf. When we do this, we require the third party service providers to protect the security and confidentiality of this data, consistent with our agreement with the school. Adobe does not sell student data to third parties.

Adobe may share Adobe ID users’ personal information with third parties in the ways described in our Privacy Policy.

Adobe works with third party companies that help us run our business. These companies provide services such as delivering customer support, processing credit card payments, and sending emails on our behalf. In some cases, these companies have access to some of an Adobe ID user’s personal information in order to provide services to that user on our behalf. These companies are not permitted to use this information for their own purposes.

Marketing

Adobe does not market to student users with Enterprise or Federated IDs or use Student Data (i.e., data that can be used to identify or contact, or that is linked or linkable to, a specific student) to inform our marketing or advertising activities.

Depending on local law, Adobe may market to Adobe ID users or use data about how they use our products and services to inform our marketing activities, consistent with notice and choice requirements. Learn more.

Online Ad Targeting and Student Personal Information

Adobe does not use Student Data to target online advertising.

Adobe may use data about how an Adobe ID user uses our products and services for targeted online advertising in the manner described in our Privacy Policy.

Analytics and Machine Learning

Adobe may perform analytics and utilize machine learning technologies in limited circumstances solely to support our internal operations and to analyze and improve the student services, consistent with the terms of our agreement with the school.

Any student data gathered is for the use and benefit of the school and used for no other commercial purpose other than operating or improving the products and services the school has licensed.

Depending on local law, Adobe may conduct analytics or use machine learning technologies to improve our services, consistent with notice and choice requirements. Learn more.

Security

Adobe provides reasonable administrative, technical, and physical security controls to protect the schools’ and students’ personal information and content. Learn more about our security program and commitments.

Adobe provides reasonable administrative, technical, and physical security controls to protect the user’s personal information and content. Learn more about our security program and commitments.

Breach Notification

Adobe will notify schools deploying Enterprise or Federated IDs in accordance with the relevant breach notification law and our agreement with the school.

Adobe will notify Adobe ID users in accordance with the relevant breach notification law.

Still have questions? Ask us here.