Adaptr
← Security & AI overview
Schools & districts

Compliance for schools & districts

Materials for privacy officers, IT teams, and procurement. Adaptr maps teacher oversight to common US and Québec requirements.

Overview
AI proposes. The teacher decides. Student-facing outputs, evaluations, and parent communications require explicit teacher approval.

Teacher approval

Nothing reaches students or parents without an explicit teacher action.

Minimum data

Students join with a class code and PIN — no student email required.

School-directed use

Records support instruction under school staff control, not unrelated marketing.

Institution docs

DPA template, subprocessors list, and procurement pack available on request.

FERPA (United States)

Adaptr is intended for use by schools and teachers under their direction. Student records — roster names, class membership, responses, and progress data — are maintained to support instruction, not for unrelated marketing.

School official role
Teachers and authorized school staff control what is uploaded, reviewed, activated, and sent to students or parents.
Minimum necessary
Students join with a class code and PIN — no student email is required for core use.
No direct student marketing
We do not knowingly use student data for advertising profiles.
Subprocessors & DPA
Third-party providers are listed below; a Data Processing Agreement can be provided for institution contracts.

Institutions should map Adaptr to their own FERPA policies, directory information rules, and parent notification requirements before rollout.

Loi 25 (Québec) / LPRPDE

English summary

For Québec schools and service providers, Adaptr supports privacy-by-design: data minimization for students, teacher approval before AI-assisted outputs reach learners, and transparency about subprocessors and cross-border processing.

  • Personal information is collected for educational purposes under teacher direction.
  • AI outputs are drafts until a teacher validates or sends them.
  • Privacy incidents should be reported to us at the contact on our Privacy Policy.
  • Institution customers may request a privacy impact assessment (PIA / EFVP) pack.

Résumé (français)

Adaptr respecte une approche « privacy by design » : minimisation des données élèves, contrôle enseignant sur les contenus assistés par IA, et transparence sur les sous-traitants.

  • Les renseignements sont traités à des fins pédagogiques sous la direction de l'école.
  • Les propositions IA restent des brouillons jusqu'à approbation de l'enseignant.
  • Transferts hors Québec : voir sous-traitants ci-dessous — DPA disponible sur demande.
  • EFVP / évaluation des facteurs relatifs à la vie privée : contactez-nous pour un dossier institution.
COPPA & PIPEDA

Adaptr serves teachers and schools. Student accounts are created under staff direction — not as a consumer app marketed directly to children.

COPPA (United States)
Adaptr is designed for classroom use under teacher and school direction. We do not knowingly collect personal information directly from children for marketing. Schools and teachers are responsible for obtaining any required parental consent before student use, consistent with COPPA and local policies.
PIPEDA (Canada)
For Canadian institutions outside Québec-specific rules, we process personal information with appropriate safeguards, transparency, and access rights as described in our Privacy Policy. Institution customers may request additional contractual commitments.
Student data minimization
Students join with a class code and PIN. Student email is not required for core features, reducing exposure for younger learners.

See also our Privacy Policy and Cookie Policy.

Certifications & attestations

We publish accurate status for common procurement questions. We do not display certification badges we have not earned.

FERPA-aligned practices

Documented

School-directed use, teacher approval, and DPA template for US education records. Adaptr is not a US government-certified FERPA auditor.

Loi 25 / LPRPDE

Documented

Privacy-by-design summary, subprocessors transparency, and EFVP / PIA support on request for Québec institutions.

SOC 2 Type II

Not certified

We do not currently hold a SOC 2 report. Enterprise customers may request our security overview and DPA while formal attestation is on our roadmap.

ISO 27001

Not certified

We follow security practices aligned with common edtech expectations but are not ISO 27001 certified at this time.

HIPAA

Not applicable by default

Adaptr is an instructional competency-mapping platform, not a healthcare records system. We do not market HIPAA compliance unless a future product scope explicitly covers protected health information.

Subprocessors

Third-party providers that process data on our behalf under contractual obligations. Institution customers receive a subprocessors appendix with their DPA.

Supabase

Database, authentication, file storage

Configurable region (US / EU)

Anthropic

AI document extraction, tutor drafts, report drafts (teacher-reviewed only)

United States

Stripe

Subscription billing and payment metadata

United States / global infrastructure

Resend

Transactional email (reports, invitations, contact form)

United States

Upstash

Rate limiting for public endpoints

Global edge

Institution procurement pack

DPA template, subprocessors appendix, security overview, and answers to common privacy questionnaire items — for district and school contracts.