Last updated: June 2026
At Helperbird, we take student privacy seriously. It's not just a policy. It's a promise to every district, every school, every teacher, and every student who relies on us for accessibility.
Our dedication to the Family Educational Rights and Privacy Act (FERPA) is built into the architecture of the product, not bolted on afterwards.
We are aligned and compliant with the rules and standards set out in FERPA, every major US state student‑privacy law, and the contractual frameworks (SDPC National DPA, state-specific exhibits) that districts use to formalise vendor relationships.
In one sentence
Helperbird does not access, collect, store, or disclose any education records. Ever.
How Helperbird is FERPA compliant
We do not access, use, or disclose any education records.
Helperbird Pro is activated using a subscription key that requires no email, no name, no student data, and no personal information of any kind.
Student data and education records simply never touch Helperbird's systems.
This is how the vast majority of our school customers deploy Helperbird, and we recommend the subscription‑key method for every K‑12 deployment. It's the cleanest path because there is nothing personal to collect in the first place.
For organisations that prefer email‑based activation, an optional path is available. The email is used solely to check subscription status, and Helperbird does not retain it.
We operate under the FERPA School Official Exception.
When a district designates Helperbird as a "School Official" with legitimate educational interests under 34 C.F.R. § 99.31(a)(1)(i)(B), we operate:
- Under the school's direct control regarding any education records.
- Subject to FERPA's use and re‑disclosure restrictions. No redisclosure to third parties.
- Solely to deliver the service the district has chosen to offer. Never for any other purpose.
This is the legal mechanism that lets districts use Helperbird in a fully FERPA‑compliant way without obtaining parental consent for every student. It's how virtually every modern EdTech tool operates in education.
The free version is invisible to FERPA.
Helperbird's free version includes reading tools, dyslexia fonts, colour overlays, screen masking, the reading ruler, and the built‑in text‑to‑speech voices.
It runs entirely on the user's device and works offline. It does not send anything to Helperbird or any third party.
For students using only the free version, there is nothing FERPA could even apply to.
Online features are transient. Never stored, never trained on.
When a Pro user uses an online feature (our AI tools, online natural voices, or online voice typing), only the specific text or image they choose is processed transiently by our subprocessors, solely to return the result.
It is not stored, not used for advertising, and not used to train AI models.
- Helperbird operates under Zero Data Retention (ZDR) on our OpenAI organisation. Confirmed Active.
- Microsoft Azure Speech is non‑retaining by default.
- API logging is disabled on our OpenAI organisation.
Administrators stay in full control.
School and district administrators can:
- Disable individual Helperbird features organisation‑wide via Google Admin Console (JSON policy), Microsoft Intune, or the equivalent Firefox enterprise policy.
- Restrict the extension to a list of approved domains.
- Choose to deploy only the free, on‑device features (which transmit nothing externally).
- Revoke access at any time. When a user leaves the organisation, our Clean Slate Policy clears extension data from their browser.
Our standard Data Privacy Agreement
We publish a standard Data Privacy Agreement at /dpa/ that includes:
- A FERPA "School Official" schedule with direct‑control and re‑disclosure terms
- A COPPA "school as agent" schedule for under‑13 students
- GDPR Article 28 + SCCs for any EU or UK student data
- State‑specific exhibits for NY Ed‑Law § 2‑d, CA SOPIPA, Texas Student Privacy Act, Utah Student Data Protection Act, Illinois SOPPA, Connecticut Student Data Privacy Act, and Maryland Student Privacy Act
We also accept the SDPC National Data Privacy Agreement and will happily counter‑sign a district's own template. Whatever's easiest for your team.
To execute a DPA with Helperbird, email [email protected] with your district's legal name, signer details, and any state‑specific exhibits you'd like included.
US state student-privacy laws
Helperbird is aligned and compliant with every major US state student-privacy law, including:
| State | Law | Reference |
|---|---|---|
| New York | NY Education Law § 2‑d + Part 121 ("Bill of Rights for Data Privacy and Security") | § 2‑d |
| California | California Student Online Personal Information Protection Act (SOPIPA) | Cal. Bus. & Prof. Code § 22584 |
| Texas | Texas Student Privacy Act | Tex. Educ. Code § 32.1518 |
| Utah | Utah Student Data Protection Act | Utah Code § 53E‑9‑301 et seq. |
| Illinois | Student Online Personal Protection Act (SOPPA) | 105 ILCS 85 |
| Connecticut | Connecticut Student Data Privacy Act | Conn. Gen. Stat. § 10‑234aa et seq. |
| Maryland | Maryland Student Privacy Act + MODPA | Md. Code Ann. § 14‑4601 et seq. |
If your state requires a specific exhibit or addendum we haven't named here, email [email protected] and we'll add it.
Subprocessor BAA chain
Districts often ask "what about your vendors?" Here's our answer:
| Subprocessor | What they do for Helperbird | Cover |
|---|---|---|
| OpenAI | AI features (Pro only) | ✅ Signed HIPAA BAA; Zero Data Retention Active |
| Amazon Web Services | Backend infrastructure (Lambda + S3) | ✅ Business Associate Addendum Active in AWS Artifact |
| Microsoft Azure | Online voices, online voice typing, Immersive Reader (Pro only) | ✅ HIPAA BAA auto‑incorporated via Microsoft Customer Agreement + Data Protection Addendum |
| Stripe | Payment processing | ✅ Standard DPA; PCI DSS Level 1; sees only payment metadata, never user content |
No subprocessor uses student data to train AI models, for advertising, or for behavioural profiling. Student data is not retained by any subprocessor in our chain.
What this means for your district in plain English
- You can deploy Helperbird district‑wide under FERPA's School Official Exception, with us as your designated School Official.
- Your students' education records are never touched by Helperbird's systems.
- We'll sign your DPA. Yours, ours, or the SDPC National DPA. Whichever you prefer.
- Admins can disable any feature via Google Admin Console or Intune. Keep only what you need.
- Students and staff don't need accounts. The subscription‑key activation requires no personal information.
- No advertising. No profiling. No selling. Ever. By architecture, not just by policy.
Have Questions or Concerns?
Your trust and safety are paramount to us. We genuinely love hearing from school IT directors, district procurement teams, and student‑privacy officers. Even (especially) when the questions are tough.
- DPA execution, FERPA questions, compliance attestations: [email protected]
- Privacy or data‑subject requests: [email protected]
- Security disclosures: [email protected]
- Legal and DMCA: [email protected]
- General product / support: [email protected]
For full background, see our Privacy Policy, our standard Data Privacy Agreement, our Compliance overview, and our COPPA Compliance page.