Is SchoolAI FERPA compliant?

SchoolAI offers a Data Processing Agreement (DPA) and has signed the SDPC national agreement. However, FERPA compliance requires your district to execute a signed DPA. No edtech tool is FERPA certified.

Can students under 13 use SchoolAI?

SchoolAI is designed for K-12 students including those under 13, but districts must ensure a signed DPA is in place and COPPA consent requirements are addressed.

Does SchoolAI use student data to train AI models?

According to SchoolAI's published privacy policy and DPA terms, student data is not used to train AI models.

Is SchoolAI Safe for FERPA? Full K-12 District Assessment

Name: SchoolAI K-12 District FERPA Assessment
Item: SchoolAI
Rating: 3
Author: K12SafeList

📋

Bottom line for districts: SchoolAI has the right compliance infrastructure — SDPC (Student Data Privacy Consortium) agreement, available DPA (Data Privacy Agreement), no student data used for AI training. Whether your district is actually protected depends entirely on what you do with it. The conditions below are non-negotiable.

What is SchoolAI?

SchoolAI is an AI platform designed specifically for K-12 schools. Unlike general-purpose tools like ChatGPT or Google Gemini that educators have adapted for classroom use, SchoolAI was architected from the ground up with student safety and teacher oversight as core requirements.

Its primary product is Spaces — a walled environment where teachers build AI-powered learning experiences that students access through a controlled, teacher-monitored interface. Students interact only within the parameters the teacher sets, and all conversations are visible to the teacher in real time.

SchoolAI also offers an AI assistant for teachers and a growing suite of district-level tools including student insights and learning analytics.

SchoolAI product breakdown

Component

What it does & compliance notes

District verdict

Spaces (student)

Direct student-facing AI

Teacher-designed AI experiences. All student conversations visible to teachers in real time. Requires signed DPA for student use.

✓ Suitable

Teacher AI Assistant

Lesson planning, admin

Teacher-only product. Lower compliance risk. DPA still recommended.

✓ Suitable

Student Insights

District analytics layer

Aggregates student interaction data. Higher sensitivity. Review what is collected before enabling. Verify in DPA.

⚠ Review carefully

FERPA & privacy compliance matrix

Based on SchoolAI's published privacy documentation and SDPC agreement commitments as of March 2026.

Compliance factor

Status

Notes

DPA available

✓ Yes

Must be executed by district

SDPC national agreement signed

✓ Yes

Published in SDPC registry

Student data used for AI training

✓ Not used

Per published privacy policy

Data sold to third parties

✓ Not sold

Per DPA terms

District admin controls

⚠ Moderate

Teacher & admin dashboards available, but SSO, analytics depth, and granular admin controls vary by plan tier — preventing a higher score

COPPA / under-13

⚠ With configuration

District must address consent

SSO / SAML

⚠ Varies by plan

Check your tier

Data residency (US)

✓ US-based

Per published documentation

Audit logs / conversation visibility

✓ Yes

Teachers see all student AI chats

Student access without teacher

✓ Not in Spaces

Requires teacher-designed entry

Acronym reference

DPAData Privacy Agreement — the signed contract required before sharing student data.

SDPCStudent Data Privacy Consortium — standardizes and publishes school data privacy agreements.

SSO / SAMLSingle Sign-On / Security Assertion Markup Language — district identity-provider login.

COPPAChildren's Online Privacy Protection Act — governs data collection from children under 13.

FERPAFamily Educational Rights and Privacy Act — protects student education records.

The FERPA questions that actually matter

Most districts focus on whether a DPA exists. That's necessary but not sufficient. Here are the questions that actually determine your FERPA exposure with SchoolAI:

1. Have you executed the DPA — or just seen that one exists?

SchoolAI makes a DPA available, but availability is not execution. FERPA requires a signed agreement establishing the vendor as a "school official" with a legitimate educational interest before student data can be shared. An unsigned DPA provides no legal protection — this is the most common compliance gap districts miss.

2. Are teachers inputting student PII through the Teacher Assistant?

Teachers who paste specific student information (names combined with grades, IEP details, behavioral notes) into the teacher AI tool are creating FERPA exposure regardless of product design. District policy needs to explicitly address what teachers may and may not input into AI tools, including purpose-built education tools.

3. How are you handling COPPA for under-13 students?

SchoolAI supports K-12 students including those under 13, but COPPA compliance isn't automatic. Your district must either provide verifiable parental consent or rely on the school consent exception. Confirm this pathway is explicitly covered in your executed DPA. See our full COPPA guide for what changed in 2026.

4. What does your district's data retention policy say?

Student AI conversation logs persist and are visible to teachers. Your district's data retention policy needs to account for how long these records are kept and what the deletion process looks like. Verify SchoolAI's retention terms match your district's legal obligations.

District action steps

If you're ready to move forward with SchoolAI, here is the recommended approval path. The first two are non-negotiable before any student exposure.

Execute a signed DPA before student deployment

Contact SchoolAI's district team to initiate the DPA process. Do not allow student use — including piloting — before this is signed.

Verify your state-specific addenda requirements

Many states have student privacy laws beyond FERPA. SchoolAI's national DPA may need state-specific addenda. Check before signing.

Configure your admin dashboard before teacher rollout

Set up your admin account, configure SSO if available, and define teacher roles before inviting staff.

SchoolAI vs. general AI tools

The most important distinction for districts evaluating SchoolAI is the structural difference between a purpose-built education tool and a general-purpose AI adapted for classrooms.

Factor

SchoolAI

Consumer AI

Built for K-12 compliance

✓ Yes

✗ No

Teacher oversight of student AI

✓ Real-time

✗ None

Walled student environment

✓ Spaces

✗ Open access

DPA available at launch

✓ Yes

⚠ Varies

Shadow AI risk

✓ Low

✗ High

Student data used for training

✓ No

✗ Consumer = yes

What we cannot verify

We have not independently audited SchoolAI's technical data handling. Always verify current documentation directly with SchoolAI.
SSO availability, analytics features, and admin controls vary by plan. Confirm on your specific contract before signing.
State-specific student privacy requirements are not uniformly addressed in any national DPA. Your district's legal counsel should review.
AI model providers underlying SchoolAI's features may change. The DPA should address how subprocessor changes are communicated.

Disclaimer: This assessment reflects independent research based on publicly available information as of March 2026. It does not constitute legal advice or a guarantee of FERPA compliance. No edtech product can be "FERPA certified." Always verify current documentation with the vendor and consult your district's legal counsel before procurement decisions.

Evaluating AI tools across your district?

K12SafeList reviews every major K-12 AI tool for FERPA readiness, COPPA compliance, and SDPC status — so your team doesn't start from scratch on every procurement decision. Join our early district cohort for early access to new assessments and a seat on our advisory board.

Join the early cohort →

Free for districts. No commitment.