Compliance for schools & districts
Materials for privacy officers, IT teams, and procurement. Adaptr maps teacher oversight to common US and Québec requirements.
AI proposes. The teacher decides. Student-facing outputs, evaluations, and parent communications require explicit teacher approval.
Teacher approval
Nothing reaches students or parents without an explicit teacher action.
Minimum data
Students join with a class code and PIN — no student email required.
School-directed use
Records support instruction under school staff control, not unrelated marketing.
Institution docs
DPA template, subprocessors list, and procurement pack available on request.
Adaptr is intended for use by schools and teachers under their direction. Student records — roster names, class membership, responses, and progress data — are maintained to support instruction, not for unrelated marketing.
- School official role
- Teachers and authorized school staff control what is uploaded, reviewed, activated, and sent to students or parents.
- Minimum necessary
- Students join with a class code and PIN — no student email is required for core use.
- No direct student marketing
- We do not knowingly use student data for advertising profiles.
- Subprocessors & DPA
- Third-party providers are listed below; a Data Processing Agreement can be provided for institution contracts.
Institutions should map Adaptr to their own FERPA policies, directory information rules, and parent notification requirements before rollout.
English summary
For Québec schools and service providers, Adaptr supports privacy-by-design: data minimization for students, teacher approval before AI-assisted outputs reach learners, and transparency about subprocessors and cross-border processing.
- Personal information is collected for educational purposes under teacher direction.
- AI outputs are drafts until a teacher validates or sends them.
- Privacy incidents should be reported to us at the contact on our Privacy Policy.
- Institution customers may request a privacy impact assessment (PIA / EFVP) pack.
Résumé (français)
Adaptr respecte une approche « privacy by design » : minimisation des données élèves, contrôle enseignant sur les contenus assistés par IA, et transparence sur les sous-traitants.
- Les renseignements sont traités à des fins pédagogiques sous la direction de l'école.
- Les propositions IA restent des brouillons jusqu'à approbation de l'enseignant.
- Transferts hors Québec : voir sous-traitants ci-dessous — DPA disponible sur demande.
- EFVP / évaluation des facteurs relatifs à la vie privée : contactez-nous pour un dossier institution.
Adaptr serves teachers and schools. Student accounts are created under staff direction — not as a consumer app marketed directly to children.
- COPPA (United States)
- Adaptr is designed for classroom use under teacher and school direction. We do not knowingly collect personal information directly from children for marketing. Schools and teachers are responsible for obtaining any required parental consent before student use, consistent with COPPA and local policies.
- PIPEDA (Canada)
- For Canadian institutions outside Québec-specific rules, we process personal information with appropriate safeguards, transparency, and access rights as described in our Privacy Policy. Institution customers may request additional contractual commitments.
- Student data minimization
- Students join with a class code and PIN. Student email is not required for core features, reducing exposure for younger learners.
See also our Privacy Policy and Cookie Policy.
We publish accurate status for common procurement questions. We do not display certification badges we have not earned.
FERPA-aligned practices
DocumentedSchool-directed use, teacher approval, and DPA template for US education records. Adaptr is not a US government-certified FERPA auditor.
Loi 25 / LPRPDE
DocumentedPrivacy-by-design summary, subprocessors transparency, and EFVP / PIA support on request for Québec institutions.
SOC 2 Type II
Not certifiedWe do not currently hold a SOC 2 report. Enterprise customers may request our security overview and DPA while formal attestation is on our roadmap.
ISO 27001
Not certifiedWe follow security practices aligned with common edtech expectations but are not ISO 27001 certified at this time.
HIPAA
Not applicable by defaultAdaptr is an instructional competency-mapping platform, not a healthcare records system. We do not market HIPAA compliance unless a future product scope explicitly covers protected health information.
Third-party providers that process data on our behalf under contractual obligations. Institution customers receive a subprocessors appendix with their DPA.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | Configurable region (US / EU) |
| Anthropic | AI document extraction, tutor drafts, report drafts (teacher-reviewed only) | United States |
| Stripe | Subscription billing and payment metadata | United States / global infrastructure |
| Resend | Transactional email (reports, invitations, contact form) | United States |
| Upstash | Rate limiting for public endpoints | Global edge |
Supabase
Database, authentication, file storage
Configurable region (US / EU)
Anthropic
AI document extraction, tutor drafts, report drafts (teacher-reviewed only)
United States
Stripe
Subscription billing and payment metadata
United States / global infrastructure
Resend
Transactional email (reports, invitations, contact form)
United States
Upstash
Rate limiting for public endpoints
Global edge
Institution procurement pack
DPA template, subprocessors appendix, security overview, and answers to common privacy questionnaire items — for district and school contracts.