Compliant with FERPA, COPPA, SOC 2 Type II, 1EdTech state privacy requirements

Amira has been independently recognized for its commitment to data protection, earning top-tier marks from respected third-party evaluators. We implement strict safeguards to prevent unauthorized access and protect personally identifiable information (PII) at every step.

We support district-specific Data Privacy Agreements (DPAs) and ensure full transparency about how data is used.

Amira meets the highest standards of privacy, security, and transparency.

Amira collects only the data necessary to support learning outcomes. Nothing more. Our closed-loop system enables dynamic and engaging student interactions while maintaining strict control over educational quality and safety. Most importantly, Amira never does public LLM inference during student sessions.

Fully FERPA-compliant, Amira is committed to protecting student data and does not send identifiable information to any external machine learning services.

• No data sales or advertising: Amira never sells student data or uses it for marketing.
• District control: Districts always maintain control over student data.
• Transparent policies: Amira provides clear documentation and opt-out options for districts and families.

Amira uses voice recordings to provide personalized reading feedback and accelerate literacy development. We do so with strong safeguards, responsible AI practices, and full district oversight.

• Secured AI Use Only: Amira Learning never shares student data with public AI platforms like ChatGPT, Claude, Gemini, or any other third-party foundation models. Our AI runs securely on private infrastructure, and student data never leaves our protected environment.
• De-identified Usage: Voice recordings are stored in a de-identified format and never used to publicly train AI models. Only anonymized data-derived features, not recordings or identities, are used to improve Amira’s models. No PII is used in the training of Amira’s AI models.
• No Biometric Templates: Amira Learning does not create or use voiceprints for identification or authentication.

Optional Setting: Districts may choose to disable audio collection entirely. While this may limit instructional functionality, the option is available to support local policy or parental preference.

Amira operates under FERPA’s “school official” exception [34 CFR § 99.31(a)(1)], which allows districts to use educational technology providers without requiring individual parental or caregiver consent when:

• The provider has a legitimate educational interest.
• The provider is under the direct control of the district.
• The provider adheres to FERPA’s redisclosure limitations.

Amira meets all three requirements. This ensures districts can roster students and share necessary educational records, like reading performance data and voice recordings, without additional consent.

Important Clarification: While voice recordings may be considered Personally Identifiable Information (PII) under FERPA, Amira Learning does not create biometric templates or use voiceprints for identification or authentication. Recordings are stored in a de-identified format and are used solely to support educational purposes.

‍

Amira complies with COPPA by ensuring that:

• Only authorized school officials, not students, create and manage student accounts.
• No open registration or anonymous access is available.
• All data collection is governed by school district agreements, ensuring information is used solely for educational purposes and in line with local policies.
• Schools may provide consent on behalf of parents for the collection of student data when using Amira, given the information is used strictly for educational purposes and not for commercial activities, in accordance with the COPPA school exception.

Amira is SOC 2 Type II compliant, demonstrating our commitment to the highest standards of data security, availability, and confidentiality. This independent certification verifies that Amira maintains rigorous internal controls and security practices that protect student data at every level. As part of our SOC 2 Type II commitment, Amira ensures:

• Continuous security monitoring across our infrastructure and systems.
• Strict access controls to prevent unauthorized data exposure.
• Ongoing risk assessments and vulnerability management.
• Formalized policies and procedures to ensure operational integrity and transparency.

Amira holds multiple 1EdTech certifications that demonstrate our commitment to secure, interoperable, and privacy-respecting education technology. These certifications ensure Amira meets rigorous standards for protecting student data and integrating seamlessly with district systems:

• LTI (Learning Tools Interoperability): Enables secure, standards-based integration with learning management systems, reducing the need for custom code and minimizing data exposure.
• Data Privacy Certification: Validates that Amira’s data handling practices align with global privacy standards and prioritize student safety and confidentiality.
• OneRoster Certification: Allows for safe and efficient rostering of students, ensuring that only authorized systems and individuals access enrollment and class data.

Amira’s compliance with these 1EdTech standards ensures that districts can confidently onboard, roster, and integrate Amira into their digital learning ecosystem while maintaining a strong commitment to student privacy and security.

Amira Learning gives districts and families clear options to manage student data responsibly:

• Data Review and Correction: Families can request access to their child’s data or corrections through their school or district.
• Opt-out Options: Districts may remove Amira from an individual student’s digital learning tools or turn off audio collection entirely.
• Family Access: Districts can provide families with clear documentation and oversight tools that align with local policy.

We use industry-standard practices to secure all data collected by Amira Learning, including:

• Encryption: All data is encrypted in transit and at rest.
• Access Controls: Only district-assigned, authorized users can access student information.
• Data Minimization: We collect and retain only what is necessary to support educational goals.
• Regular Audits: Our systems are regularly reviewed and updated as needed to meet evolving cybersecurity standards.