COPPA Compliance

Last updated: June 2026

At Helperbird, we take child safety seriously. It's not just a policy. It's a core promise to every parent, every teacher, and every district that puts our tools in front of their kids.

Our dedication to the Children's Online Privacy Protection Act (COPPA) is built into the architecture of the product, not bolted on afterwards.

We are aligned and compliant with the rules and standards set out in COPPA and the established FTC guidance for educational online services. This includes the "school as agent for parental consent" doctrine that lets districts deploy Helperbird without obtaining individual parental consent for each student.

In one sentence

Helperbird does not collect personal information from any user, child or adult.

How Helperbird is COPPA compliant

We do not collect personal information from any user, child or adult.

Pro features are activated using a subscription key that requires no email, no name, no personal information of any kind.

Children and adults use the exact same subscription‑key activation method, so there is no separate data path for under‑13 users to begin with. There is nothing for COPPA to even apply to.

This is the cleanest possible COPPA posture: the law applies when an operator collects personal information from children, and Helperbird simply does not collect personal information from anyone.

The subscription key method is the recommended path for any deployment involving children.

If your school, district, or family will be using Helperbird with students under 13, the subscription‑key method is the path we recommend. It's the path the vast majority of our schools already use.

It requires no personal information from anyone, so the entire COPPA consent question is moot from the start.

The free version is invisible to COPPA.

Helperbird's free version includes reading tools, dyslexia fonts, colour overlays, screen masking, the reading ruler, and the built‑in text‑to‑speech voices.

It runs entirely on the user's device and works offline. It does not send anything to Helperbird or any third party.

For students using only the free version, there is nothing COPPA could even apply to.

Email‑based activation is optional, and protected by school‑as‑agent VPC.

For organisations that prefer email‑based activation, an optional path is available.

Where this path is used for a student under 13, we ask the school or teacher to obtain verifiable parental consent on the parent's behalf under the FTC‑recognised "school as agent" doctrine.

This is a long‑established FTC doctrine for educational online services. When a school designates a vendor for an educational purpose, the school can provide consent on behalf of the parent for the limited educational use authorized by the school. The school takes on the role of the parent's agent for that purpose only.

When this path is chosen:

• The student's email is used solely to check subscription status. Never for marketing, profiling, or advertising.
• The email is not retained beyond the verification request.
• We do not use the email to build any kind of user profile.
• We do not disclose the email to any third party for purposes other than delivering Helperbird.

No cookies. No tracking. No profiling. No advertising. Ever.

We do not use:

• Cookies of any kind in the extension. The website uses only first‑party cookies for the live‑chat tool, which is on the website only, not in the extension.
• Third‑party tracking technologies.
• Behavioural profiling of any user, child or adult.
• Advertising networks. Helperbird carries no advertising of any kind.
• Sale or sharing of personal data for commercial purposes. Ever. By architecture.

These are properties of how we built the product, not policies we could quietly reverse.

Administrators stay in full control.

School and district administrators can:

• Disable individual Helperbird features organisation‑wide via Google Admin Console (JSON policy), Microsoft Intune, or the equivalent Firefox enterprise policy.
• Restrict the extension to a list of approved domains.
• Choose to deploy only the free, on‑device features (which transmit nothing externally). Ideal for the youngest students.
• Revoke access at any time. When a user leaves the organisation, our Clean Slate Policy clears extension data from their browser.

Verifiable Parental Consent (when applicable)

To be crystal clear about the rare cases where COPPA's verifiable parental consent (VPC) does come into play:

• The subscription‑key method requires no consent step, because no personal information is collected.
• The optional email path for a student under 13 requires VPC, which the school or teacher obtains under the FTC "school as agent" doctrine.
• For parents using Helperbird at home with a child under 13, the parent is the one establishing the subscription and providing direct consent by doing so.
• The free version requires no consent, because nothing is collected.

Pro features that involve online processing

Some Pro features (AI tools, online natural voices, online voice typing) send the text or content you choose to a subprocessor for transient processing.

For under‑13 users, here's exactly what happens:

• Only the specific text or image the user chooses is sent. Never identity, history, or metadata about the user.
• The subprocessor processes it transiently and returns the result.
• It is not stored, not used for advertising, not used to train AI models.
• Helperbird operates under Zero Data Retention (ZDR) on our OpenAI organisation. Confirmed Active.
• Microsoft Azure Speech is non‑retaining by default.

If your school's policy is to disable online features entirely for under‑13 students, you can do so via JSON policy in seconds.

Many of our schools do exactly that for younger grades while keeping the on‑device features (visual tools, built‑in voices) enabled.

Helperbird's standard Data Privacy Agreement

We publish a standard Data Privacy Agreement that includes:

• A COPPA "school as agent" schedule for under‑13 students
• A FERPA "School Official" schedule with direct‑control and re‑disclosure terms
• State‑specific exhibits for every major US state student‑privacy law (NY, CA, TX, UT, IL, CT, MD)
• GDPR Article 28 + SCCs for any EU or UK student data

We also accept the SDPC National Data Privacy Agreement and will happily counter‑sign a district's own template.

To execute a DPA, email [email protected] with your organisation's legal name, signer details, and any state‑specific exhibits you'd like included.

Subprocessor BAA chain

Parents and districts often ask "what about your vendors?" Here's our answer:

None of our subprocessors use children's data to train AI models, for advertising, or for behavioural profiling.

What this means in plain English

• No personal information is collected from any user, child or adult. The subscription‑key method requires nothing.
• The free version transmits nothing anywhere. Ever. Perfect for the youngest users.
• No cookies. No tracking. No profiling. No advertising. Ever. By architecture.
• Schools deploy under "school as agent" for the rare email‑activation case, if they choose it.
• Admins can disable online features for younger grades with a single policy push.
• Our subprocessors are bound by BAAs and contractually prohibited from training or profiling.

Have Questions or Concerns?

Your trust and safety are paramount to us. We genuinely love hearing from parents, teachers, school IT directors, and student‑privacy officers. And from kids themselves, when they have questions about their privacy.

• Privacy or data‑subject requests: [email protected]
• DPA execution, COPPA questions, compliance attestations: [email protected]
• Security disclosures: [email protected]
• Legal and DMCA: [email protected]
• General product / support: [email protected]

For full background, see our Privacy Policy, our standard Data Privacy Agreement, our Compliance overview, and our FERPA Compliance page.