Questions to ask before you upload student data to any platform

Print this page and bring it to your next vendor demo. Every question links to a plain-language explainer on why it matters.

  1. How is student data "de-identified," and could a small-town cellist still be recognized in it? why "de-identified" data can still identify a student
  2. The policy says they never sell data. How does it define "sell"? what "we never sell your data" does and does not cover
  3. If the company is acquired or goes under, what happens to your students' records? what happens to student data in an acquisition or bankruptcy
  4. Is anything your students write used to train AI models, and is that default-on? how to spot an AI training clause in the policy
  5. Are you assuming FERPA protects this data? For your practice, it probably does not. why FERPA probably does not cover your practice
  6. They have a SOC 2 report. Do you know what it covers, and what it never can? what a SOC 2 report proves about student data (and what it cannot)
  7. When you delete a student's record, is it deleted, or de-identified and kept? how "delete" can quietly mean "de-identify and keep"
  8. The platform is free. What is the business model? how free edtech platforms make money from student data
  9. Could an "aggregate" report about a group as small as your caseload identify one student? why small-group "aggregate" reports are not anonymous