SayVeritas
PricingAboutSign in

Resource

Security & Privacy / DPA

Security, Privacy, and Ethical AI by Design

A Foreword on Our Commitment to Trust

At SayVeritas, our foundational commitment is to the unwavering protection of student data and the integrity of the schools we serve. Our platform is architected from the ground up on privacy-by-design principles. In an era of accelerating AI adoption in education, we believe that establishing and maintaining trust with educators, students, and their families is our single highest priority. We recognize that without a foundation of absolute trust, even the most innovative AI tools will fail to achieve their pedagogical purpose. The following sections detail the specific policies, technical measures, and ethical frameworks that bring this commitment to life, ensuring that our technology empowers learning while safeguarding the entire educational community.

  1. Our Core Principles at a Glance

This section provides a high-level overview of the four pillars that form the SayVeritas trust and safety framework. These core principles are not aspirations; they are the operational directives that guide every aspect of our platform's design, development, and deployment.

Regulatory Compliance SayVeritas is fully compliant with key U.S. education privacy laws like FERPA and COPPA and is actively pursuing SOC 2 Type II certification to validate our enterprise-grade controls.

Advanced Data Protection All student data is protected using industry-standard, robust encryption methods, both when stored on our servers (at rest) and when transmitted over networks (in transit).

District-Controlled Data Governance Our data retention policies are transparent and configurable, empowering school districts to determine precisely how long student audio and transcript data is stored to meet their local requirements.

Proactive Ethical AI Guardrails The platform incorporates strict, non-negotiable ethical safeguards to prevent the misuse of student data and to proactively mitigate the risk of algorithmic bias and accent discrimination.

These principles serve as our compass. The following sections provide a more detailed exploration of how they are implemented across our platform.

  1. A Deep Dive into Our Safeguards

While high-level principles are important, we believe true confidence comes from understanding the specific details behind our commitments. This section offers a transparent breakdown of the technical, legal, and ethical measures SayVeritas employs to protect every member of the educational community we serve, forming the basis of our credibility-first approach to instructional intelligence.

2.1. Regulatory Compliance and Certification

Our commitment to legal and regulatory standards is uncompromising. We ensure our platform not only meets but exceeds the requirements for handling sensitive student information.

  • FERPA and COPPA: SayVeritas is fully compliant with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA), the cornerstone regulations for student data privacy in the United States.
  • SOC 2 Roadmap: We have a clear and active roadmap for achieving SOC 2 Type II certification. This rigorous, third-party audit of our security controls signals our deep commitment to implementing and maintaining enterprise-grade data protection standards.

2.2. Data Protection Protocols

Data is secured at every stage of its lifecycle using proven, industry-leading encryption standards.

  • Encryption at Rest: All data stored on our servers, including audio files and transcripts, is protected with AES-256 encryption, one of the strongest and most widely trusted encryption protocols available for securing sensitive information.
  • Encryption in Transit: All data moving between a user's device and the SayVeritas platform is secured using Transport Layer Security (TLS) 1.3, ensuring that information cannot be intercepted or read while in transit over the internet.

2.3. Data Retention and Control

We believe that school districts should be the ultimate stewards of their data. Our policies are designed to provide both clear defaults and flexible controls.

  • Standard Policy: By default, student audio and transcript data are retained for 30 days for operational purposes, after which they are automatically and permanently deleted, unless a district has configured a longer retention period to meet local archiving policies.
  • District Customization: This 30-day retention period is fully configurable. Districts can adjust the policy to align with their specific governance requirements, allowing for longer-term archiving if mandated by local regulations.

2.4. Ethical AI Guardrails: A Non-Negotiable Framework

Our ethical framework is not an afterthought; it is architected into the core of our platform to prevent misuse and protect student dignity. Our AI is designed not just to be effective, but to be fair, transparent, and safe.

  • No Training on Student Data: Student data serves a singular educational purpose. We state unequivocally that student voice recordings are never sold, commercialized, or used to train any public-facing or third-party AI models. This ensures student data is used exclusively for the educational mission of the school or district.
  • Eliminating Emotional Inference: The platform deliberately excludes any AI-driven inference of a student's tone, emotion, or sentiment from their voice. This is a critical design choice rooted in established research on algorithmic bias. By focusing on the content of a student's reasoning rather than their vocal delivery, we mitigate the risk of accent discrimination and reduce the "evaluative anxiety" that can hinder student participation. This technical guardrail helps create the non-judgmental "safe space" necessary for authentic learning.
  • Credible, Auditable Insights: We reject the "black box" AI that educators rightfully fear. Every AI-generated insight in our class-level reports is evidence-linked. This principle of transparency allows teachers and administrators to click through from a summary claim to the exact transcript excerpt and audio timestamp that supports it, making the AI's reasoning fully auditable and empowering teacher oversight.
  • Bias Mitigation by Design: The system includes built-in checks to prevent statistically unreliable conclusions. For example, AI insights are not generated for class reports with fewer than eight student responses. This minimum data threshold is a responsible data science practice that prevents the system from making broad claims based on insufficient evidence, protecting both students and teachers from flawed analysis.

Our commitment to transparency extends beyond our platform's design. The following section addresses the questions we hear most often from our partners.

  1. Frequently Asked Questions (FAQ)

This section aims to provide direct and clear answers to the most common questions that school leaders, IT directors, and teachers have about security, privacy, and ethics on the SayVeritas platform.

  • Does SayVeritas sell or share student data? No. Student data is never sold, shared, or used for any purpose other than the direct educational mission of your district. This includes an absolute prohibition on using student audio to train any third-party or public-facing AI models.
  • How do you prevent the AI from being biased against students with different accents? This is a critical design consideration and a primary ethical guardrail. Our AI is architected to analyze the structure of an argument and the quality of evidence in a student's response, not the acoustic properties of their voice. By deliberately excluding any analysis of tone, emotion, or sentiment, we mitigate the risk of accent discrimination and ensure the system focuses strictly on the substance of a student's reasoning as it relates to the teacher's rubric.
  • Can our district set its own data retention policies? Yes. While our default retention period for audio and transcripts is 30 days, districts have full control to configure these settings to align with their specific local governance policies, whether that requires shorter or longer retention periods.
  • What happens to student audio recordings after they are processed? By default, audio recordings are retained for 30 days for operational use (e.g., for teacher review). After this period, they are permanently deleted unless the district has configured a different retention policy for archival purposes.
  • Is a Data Processing Agreement (DPA) available? Yes, a comprehensive Data Processing Agreement (DPA) is available for all school and district partners to review and execute.
  1. Documentation and Further Inquiries

Our commitment to trust is an ongoing dialogue. We invite our partners to engage with us deeply on these issues. Please contact our team to schedule a detailed security review and receive our full documentation suite, including our Data Processing Agreement (DPA) and SOC 2 compliance roadmap.