Trust and data privacy

Student data stays the school's data.

Project Bridge is a temporary custodian of student information, not its owner. Your school or district keeps ownership of every record. We collect the minimum needed to do the work, we never sell data, and we never use it for advertising. This page explains exactly how that works, in plain language your privacy officer can verify.

Student data is never sent to AI vendors in identifiable form

This is the part most platforms cannot say cleanly. Before any student text reaches an AI model, Project Bridge strips the identifying details and replaces them with opaque tokens. The student's name, the people they mention, their school, and their places are removed on our own infrastructure first. Identity is reattached only after the response returns, inside our database. The personal information never leaves our systems in a form an AI vendor could read.

Plain-English label for the data team: this is our data-minimization architecture for AI sub-processors.

Agreements we are ready to sign

  • Data Privacy Agreement (DPA): our template is ready, and we will work from yours.
  • We are prepared to sign the Student Data Privacy Consortium (SDPC) National Data Privacy Agreement (NDPA).
  • We operate consistent with the Student Privacy Pledge principles.

How we handle the basics

  • FERPA: we act as a school official with a legitimate educational interest, under your direction.
  • Data minimization: we collect only what the readiness work requires.
  • Breach notification: we notify your designated contact within 24 hours of discovery.
  • Data return or purge: on termination, we return or delete student data within 30 days.
  • Sub-processors: a current list is available on request, including how each one is constrained.
  • For students enrolled directly (outside a school agreement), enrollment is parent directed and consent is collected before any student account is created.

Security posture

We follow security best practices: encrypted data in transit and at rest, least-privilege access, daily backups with point-in-time recovery, and multi-factor authentication on all staff accounts. We are glad to walk your team through our security posture and roadmap.

Common questions

Is Project Bridge FERPA compliant?

Yes. We operate as a school official under your direction and collect only what the work requires.

Does student data go to AI vendors?

Not in identifiable form. Personal details are removed and tokenized on our infrastructure before any AI model sees the text, and reattached only in our database afterward.

Will you sign our Data Privacy Agreement?

Yes. Our DPA template is ready and we will work from your district's agreement, including the SDPC NDPA.

How is data handled for students under a school agreement versus directly enrolled students?

Under a school agreement the school directs the data use. For directly enrolled students, enrollment and consent are parent directed before any account exists.

What happens to our data if we stop using Project Bridge?

We return or delete student data within 30 days of termination.

Request our data privacy package