Independent AI research for educators worldwide

Tools Compare Policies & Frameworks Guides Resources Search
Method Subscribe

Policy resource

COPPA and AI Tools for Schools

A practical COPPA guide for schools reviewing AI tools used by children under 13, with questions about consent, data collection, vendor claims, and family communication.

guide

Primary question

What should schools check about COPPA before approving AI tools for children under 13?

Schools should treat COPPA review as a concrete approval step, not a vendor buzzword. Before approving an AI tool for students under 13, a school should understand what child data is collected, whether parental consent is needed, how the vendor limits use of that data, and whether the school can explain the tool clearly to families.

Author

AIForEdu Policy Desk

Policy & Governance

Last updated

March 5, 2026

Content and metadata refreshed on the date shown.

Evidence level

document reviewed

Signals are labeled so educators can separate vendor claims from reviewed documentation.

Sources checked

4

Each page lists the public materials used to support its claims.

Last verified

March 5, 2026

Useful for policy, pricing, and compliance signals that can shift over time.

Jurisdiction note

This resource uses U.S.-specific COPPA framing. Schools outside the United States should adapt the guidance to local child-data, privacy, and parental-rights requirements.

Quick answer

Schools should treat COPPA review as a concrete approval step, not a vendor buzzword.

Before approving an AI tool for children under 13, a school should understand:

  • what child data is collected
  • whether parental consent is needed
  • how the vendor limits use of that data
  • how long data is retained
  • whether the school can explain the tool clearly to families

If those answers are vague, approval should pause.

Why COPPA matters for AI tools

AI tools often collect more inputs than older classroom software. A child may type prompts, submit writing, upload files, respond to a chatbot, or interact with generated content. Even when the tool looks simple on the surface, the underlying data flow can be more complex than leadership expects.

That makes COPPA more relevant, not less, whenever students under 13 are involved.

The issue is not whether a vendor includes the phrase “COPPA compliant” on a website. The issue is whether the school understands the actual child-data posture of the tool and can defend the approval decision.

When schools should raise a COPPA flag

Schools should slow down and ask more questions when:

  • students under 13 use the tool directly
  • students create accounts
  • the tool stores student prompts, responses, or media
  • the vendor uses third-party models or integrations
  • the product team cannot explain data retention clearly
  • the school would struggle to explain the tool to parents in plain language

The practical COPPA review checklist

1. Child age and use model

  • Are students under 13 using the tool directly?
  • Is the tool student-facing, teacher-mediated, or mixed?
  • Does the school know exactly which grades or age groups will use it?

2. Account and identity questions

  • Do children need individual accounts?
  • What personal information is collected at sign-up?
  • Can the tool be used without broad child profile creation?

3. Data collection and processing

  • What student inputs are collected: text, voice, files, metadata, profile information?
  • Are prompts, chats, or outputs stored after use?
  • Is child data used for model training, analytics, or personalization?
  • Does the vendor explain how parental consent is handled?
  • Can the school describe the consent path clearly?
  • Can parents request review or deletion of a child’s data?

5. School communication and governance

  • Could the school explain the tool in plain language to families?
  • Does the school know what guardrails or supervision will be in place?
  • Is the tool covered by the school’s AI acceptable-use and privacy processes?

What counts as a warning sign

Pause approval if:

  • the vendor avoids answering whether child data is stored
  • consent language is generic or confusing
  • the product is designed for open-ended student interaction with little oversight
  • there is no clear family communication path
  • school leaders cannot explain what the tool actually does with student input

What school teams should do in practice

Do not treat COPPA review as a legal footnote after the instructional decision has already been made.

Use it:

  1. before student pilots expand
  2. before classrooms start creating student accounts
  3. before a vendor is called “approved”
  4. before family-facing communication is written

COPPA review is not the whole approval process

COPPA is only one part of the decision.

Schools should still connect this review to:

Which tools usually trigger the most COPPA scrutiny?

The highest-scrutiny tools are usually:

  • direct student chat tools
  • tutoring tools that store student conversations
  • tools requiring child accounts
  • tools with media upload or voice features

That is why school teams comparing SchoolAI and Khanmigo should be especially clear on supervision, account structure, and family communication before rollout.

Final guidance

The right question is not “Does this vendor mention COPPA?”

The right question is: “Do we understand this child-data workflow well enough to approve it responsibly?”

If the answer is no, the school is not ready to approve the tool yet.

FAQ

Questions policy readers usually ask next.

Does a vendor saying 'COPPA compliant' mean the tool is approved for school use?

No. Vendor language is only a starting point. The school still needs to understand what data is collected, how consent is handled, and whether the product fits local policy, contracts, and family communication expectations.

When does COPPA matter most for AI tools in schools?

COPPA matters most when children under 13 interact directly with a tool, create accounts, submit personal data, or use AI features that process their responses, writing, recordings, or profile information.

Can schools approve a tool without parent communication if COPPA issues are involved?

That is risky. Even when a district has a defensible legal path, family communication is still a governance and trust issue. Schools should be able to explain the educational purpose, the supervision model, and the data practices clearly.

Next steps

Continue from policy language to rollout planning.

Guide

How to Brief Parents on Student Data and AI

Guide

How to Write an AI Acceptable Use Policy for Your School

Comparison

Best AI Tools for Schools in 2026 — Independent Comparison

Comparison

Best AI Tools for Principals in 2026

Resources hub

Browse templates, checklists, and implementation guides.

Sources

Sources used for this policy resource

regulation Federal Trade Commission

Children's Privacy

FTC overview of COPPA requirements, parental consent expectations, and child-data obligations.

Accessed Mar 5, 2026

policy U.S. Department of Education

Protecting Student Privacy

Federal student privacy reference that helps schools connect COPPA questions with broader privacy review.

Accessed Mar 5, 2026

Double opt-in Unsubscribe anytime View newsletter archive Privacy