Privacy & Security

We know trust starts with protection. That’s why Amira is built to the highest standards of security and privacy in education.

Amira has been independently recognized for its commitment to data protection, earning top-tier marks from respected third-party evaluators. We implement strict safeguards to prevent unauthorized access and protect personally identifiable information (PII) at every step.

We support district-specific Data Privacy Agreements (DPAs) and ensure full transparency about how data is used.

Our Commitment to Student Data Privacy & Security

Amira meets the highest standards of privacy, security, and transparency.

Amira collects only the data necessary to support learning outcomes. Nothing more. Our closed-loop system enables dynamic and engaging student interactions while maintaining strict control over educational quality and safety. Most importantly, Amira never does public LLM inference during student sessions. 

Fully FERPA-compliant, Amira is committed to protecting student data and does not send identifiable information to any external machine learning services.

• No data sales or advertising: Amira never sells student data or uses it for marketing.
• District control: Districts always maintain control over student data.
• Transparent policies: Amira provides clear documentation and opt-out options for districts and families.

FERPA (Family Educational Rights and Privacy Act)

Amira operates under FERPA’s “school official” exception [34 CFR § 99.31(a)(1)], which allows districts to use educational technology providers without requiring individual parental or caregiver consent when:

• The provider has a legitimate educational interest.
• The provider is under the direct control of the district.
• The provider adheres to FERPA’s redisclosure limitations.

Amira meets all three requirements. This ensures districts can roster students and share necessary educational records, like reading performance data and voice recordings, without additional consent.

Important Clarification: While voice recordings may be considered Personally Identifiable Information (PII) under FERPA, Amira Learning does not create biometric templates or use voiceprints for identification or authentication. Recordings are stored in a de-identified format and are used solely to support educational purposes.

COPPA (Children’s Online Privacy Protection Act)

Amira complies with COPPA by ensuring that:

• Only authorized school officials, not students, create and manage student accounts.
• No open registration or anonymous access is available.
• All data collection is governed by school district agreements, ensuring information is used solely for educational purposes and in line with local policies.
• Schools may provide consent on behalf of parents for the collection of student data when using Amira, given the information is used strictly for educational purposes and not for commercial activities, in accordance with the COPPA school exception.

SOC (Systems and Organization Controls) 2 Type II Compliance

Amira is SOC 2 Type II compliant, demonstrating our commitment to the highest standards of data security, availability, and confidentiality. This independent certification verifies that Amira maintains rigorous internal controls and security practices that protect student data at every level. As part of our SOC 2 Type II commitment, Amira ensures:

• Continuous security monitoring across our infrastructure and systems.

• Strict access controls to prevent unauthorized data exposure.

• Ongoing risk assessments and vulnerability management.

• Formalized policies and procedures to ensure operational integrity and transparency.

1EdTech Certifications: LTI, Data Privacy, and OneRoster

Amira holds multiple 1EdTech certifications that demonstrate our commitment to secure, interoperable, and privacy-respecting education technology. These certifications ensure Amira meets rigorous standards for protecting student data and integrating seamlessly with district systems:

• LTI (Learning Tools Interoperability): Enables secure, standards-based integration with learning management systems, reducing the need for custom code and minimizing data exposure.

• Data Privacy Certification: Validates that Amira’s data handling practices align with global privacy standards and prioritize student safety and confidentiality.
  
• OneRoster Certification: Allows for safe and efficient rostering of students, ensuring that only authorized systems and individuals access enrollment and class data.
  

Amira Learning supports compliance with student privacy laws across the US, including:

• House Bill 18 (SCOPE Act)
• California’s Student Online Personal Information Protection Act (SOPIPA)
• New York’s Education Law § 2-d
• Connecticut’s Public Act 16-189

To meet these laws, Amira Learning ensures:

• Data Minimization: Only essential student information is collected.
• Age-Appropriate Access: Students are onboarded through district-verified processes, no open or public accounts exist.
• Content Safety: Students never encounter harmful material, open forums, or unmoderated user-generated content.
• Family Transparency: Districts and families have access to review, correct, or delete student data as needed.

Transparency & Family Rights

Amira Learning gives districts and families clear options to manage student data responsibly:

• Data Review and Correction: Families can request access to their child’s data or corrections through their school or district.
• Opt-out Options: Districts may remove Amira from an individual student’s digital learning tools or turn off audio collection entirely.
• Family Access: Districts can provide families with clear documentation and oversight tools that align with local policy.