CommonLit is committed to being a leader in student data privacy and security.

Information on CommonLit’s work to comply with U.S. federal and state laws, as well as Europe’s General Data Protection Regulation (GDPR), can be found in our Terms of Use and Privacy Policy.

CommonLit provides information about the data it collects, as well as how it uses and discloses the information it collects from CommonLit accounts, in its Privacy Policy. Below is an outline of our commitment to data security and answers to key questions regarding our Privacy Policy.

What student data does CommonLit collect?

Schools may provide CommonLit with information such as names, email addresses, and grade levels.

Students may provide the same information, along with passwords. CommonLit also generates student usernames.

CommonLit also collects user content from students in relation to their use of the site, including annotations, written responses, and quiz scores.

Finally, CommonLit may collect information regarding students’ IP addresses when visiting the site. CommonLit uses cookies for students’ accounts.

How does CommonLit use this information?

For students with digital CommonLit accounts, CommonLit uses student personal information to provide and maintain the digital platform and its Services. CommonLit does not serve ads or use personal information collected for advertising purposes. CommonLit may de-identify student information, such as quiz scores, to perform internal research and development to improve its services.

CommonLit Never Uses Student Data To Advertise Or Market.

CommonLit will never use any Student Data to advertise or market to students or their parents. CommonLit does not sell or trade student data. Data mining or scanning of user content for the purpose of advertising or marketing to students or their parents is prohibited.

How does CommonLit secure student data?

CommonLit stores and process Student Data in accordance with industry best practices. This includes encryption and appropriate administrative, physical, and technical safeguards to secure Student Data from unauthorized access, disclosure, and use. We conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner.

When might CommonLit disclose personal information?

CommonLit will not share personal information with companies, organizations, and individuals outside of CommonLit unless one of the following circumstances applies:

  • With parental or guardian consent, which may be obtained through schools.
  • With a student’s school or district, since CommonLit accounts are school-managed accounts.
  • For external processing by subcontractors and third party analytics providers.
  • For legal reasons.

What choices do parents and guardians have?

Parents can consent to the collection and use of their child’s information by CommonLit. If parents consent to their child’s use of CommonLit, they can access or request deletion of their child’s CommonLit account by contacting their child’s school.

CommonLit offers a free online reading program, as well as digital downloads of nearly every text in its library. If a parent does not grant consent for a child to create a digital account, they can still access CommonLit content. Parents can instruct teachers to download CommonLit’s PDFs so students can complete the same assignments as their peers. Parents who elect their children use this option should be aware that many differentiation tools for struggling readers are only available on the digital platform.

What rights do European users have?

CommonLit operates and stores data in the United States.

Users from the European Union and European Economic Area (EAA) have certain rights under the General Data Protection Regulation (GDPR). These are outlined extensively in our Privacy Policy. In short, EU users have the right to ask us to take the following actions regarding their personal information; if we are the data controller for that information and can complete the action, we will. If you are an EAA user, you may ask us to:

  • Provide Access to personal information and info on how we process your personal information
  • Correct inaccuracies in your personal information
  • Delete your personal information
  • Transfer your personal information upon your request
  • Restrict how we process your personal information
  • Object to how we use your personal information

Where can you learn more?

If you have questions about the use of CommonLit accounts or the choices available to you, please contact If you have discovered a security vulnerability in CommonLit, we would appreciate your help in disclosing it to us in a responsible manner. We can securely receive disclosures at our vulnerability disclosure form. Please do not send vulnerability reports over email.

If you want to learn more about how CommonLit collects, uses, and discloses personal information to provide services to administrators, teachers, and students, please review the CommonLit Privacy Policy:

The CommonLit services are provided to all under CommonLit’s Terms of Service agreement: