Privacy & Security
Observation Copilot is FERPA and COPPA compliant. Your observation data is encrypted at rest and in transit, never used for AI training, never sold, and deletable at any time. Built by Edthena, a company with over a decade of experience protecting educator data.
Your Data, Your Control
Privacy is not just our promise - it's our practice
Edthena is FERPA compliant, COPPA compliant, a signatory of the Student Privacy Pledge, and a recipient of a top-tier privacy evaluation from Common Sense Media. We are also a founding member of the EdSafe AI Alliance.
- Everything defaults to private
- When you create an observation, no one else can see it. Your notes, feedback drafts, and transcripts are stored in your personal account until you choose to share them.
- Delete your data anytime
- Remove individual observations, teacher records, or your entire account whenever you choose. When you delete your data, it is permanently removed from our systems.
- Know exactly who has access
- Only you and the authorized members of your district can see your observations. All members with access are visible to you at all times.
- Never sold or reused
- Your observation notes, feedback drafts, and transcripts will never be sold, rented, or reused for any purpose outside of your district. Period.
AI & Your Data
AI that works for you, not on your data
Observation Copilot uses AI to turn your observation notes into structured, framework-aligned feedback. That is the only thing your data is used for.
Your notes, transcripts, feedback drafts, and teacher information are never used to train, fine-tune, or improve any AI model. They are never aggregated with other users' data. They are never accessible to anyone outside your authorized district accounts.
Compliance
Meeting the standards educators expect
FERPA Compliant
Observation Copilot meets all requirements of the Family Educational Rights and Privacy Act. We handle education records with the care and confidentiality that federal law demands.
COPPA Compliant
We comply with the Children's Online Privacy Protection Act. While Observation Copilot is designed for school leaders, not students, we maintain COPPA compliance as an additional layer of responsibility.
Student Privacy Pledge Signatory
Edthena is a signatory of the Student Privacy Pledge, a commitment to responsible handling of student information in education technology.
Common Sense Privacy Program
Edthena has earned a top-tier privacy evaluation from Common Sense Media, a trusted independent evaluator of privacy practices for education technology products.
EdSafe AI Alliance Founding Member
Edthena is a founding member of the EdSafe AI Alliance, demonstrating our commitment to the responsible use of AI in education.
Technical Security
Modern architecture you can count on
We understand the sensitive nature of the information we gather and the priority for ensuring access only to intended and authorized individuals. Edthena has served schools and districts since 2011, and we apply everything we have learned to Observation Copilot. For full details on Edthena's company-wide security practices, visit our Edthena Privacy & Security page.
Cloud infrastructure
Underlying our application is a cloud-based storage and computing architecture designed and managed in alignment with SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, FedRAMP, DIACAP, and FISMA. We can request and obtain third-party auditor certifications attesting to the design and operating effectiveness of our cloud-based environment.
Data encryption
We use 128-bit encryption to ensure that information is protected against unauthorized access. All data - your observation notes, transcripts, feedback drafts, and audio - are transmitted over a secure connection. No mixing of secure and insecure content.
Disaster recovery
Our data storage is designed to be recoverable in the event of disaster. Data recovery is achieved by restoring from backup any of the replicated data stores from our cloud-based storage. Storage redundancy is automated by our data storage provider.
Verified identity
Account activation requires an email invitation generated by our platform, ensuring each account is associated with a unique, verified email. This approach is considered a best practice for identity verification.
Passwordless access
We leverage single sign-on to ensure secure, passwordless access to our platform, reducing the risk of credential-based attacks.
SSL certification
Edthena has earned an overall A rating from Qualys SSL Labs, confirming that our transport-layer security meets the highest industry standards.
Learn more: FAQ · Pricing · District Plans · About Us
Questions about security or compliance?
Our team is happy to discuss your district's requirements, complete vendor security questionnaires, or walk through our data practices.