AI Policy — AESOP AI Academy

What AI does here

What AI does on this platform

▼

AESOP AI Academy uses AI to power interactive, story-based learning. Specifically, AI helps:

Generate story scenarios that adapt to a learner's choices
Provide hints and feedback during lesson activities
Produce varied practice examples so no two sessions feel identical

AI does not grade learners, make permanent academic decisions, or act without a teacher or parent being able to review the outcome.

What data we collect — and what we don't COPPA

▼

We designed our platform to collect as little personal data as possible — especially for young learners.

Learners are identified by an anonymous Learner ID (format: AESOP-XXXX) — no name, email, password, or personal information is collected
Learner IDs are generated randomly and stored in the browser's local storage and in our database; they cannot be traced back to a real person
Progress data (completed lessons, module tests, course exams) is tied only to this anonymous ID
No behavioral advertising or third-party tracking pixels are used on learner-facing pages

Because we never collect names, emails, or other personal identifiers from learners, COPPA compliance is straightforward — there is no personal information to protect, share, or sell.

For community participation (Discord) and certificate purchase, we collect only what is needed to deliver those services. None of this data is sold or shared with advertisers.

How we keep AI outputs safe Content safety

▼

Every AI-generated story and response passes through a content safety layer before a learner sees it. This includes:

Topic filters that prevent generation of violent, sexual, or hateful content
Age-appropriate language checks calibrated to our Intro, Basic, and Advanced levels
A flagging system that routes unusual outputs to human review

We use Anthropic (Claude) as our AI provider. Anthropic's own usage policies layer on top of ours. No AI provider has access to identifiable learner data.

Who's in control

What educators and parents control

▼

Educators and parents are always in the driver's seat:

Teachers can review any AI-generated lesson content, flag concerns, and override AI suggestions at any time
Parents can request a full export of their child's session data, or deletion of that data, using our Report Issue form
Schools can contact us at any time to discuss how data is used and retained for their learners

AI is a tool here — not a decision-maker. Every significant educational action can be reviewed or reversed by a human.

Our AI provider

▼

We currently use one AI provider:

Anthropic (Claude) — story generation, lesson hints, and conversational activities

We selected Anthropic for its strong content safety track record, data minimization practices, and policies that prohibit using learner inputs to train their models. This list will be updated if we change providers.

How this policy stays current

▼

AI moves fast. We review this policy at least every six months, and immediately whenever:

We add a new AI capability or provider
A relevant law or regulation changes (FERPA, COPPA, state AI laws)
A significant safety incident occurs on the platform

Schools and partners will be notified of any material changes at least 30 days before they take effect.

Radical transparency

What we don't have — and the honest reason why

Some governance documents exist because they're legally required. Others exist because an organization's scale or data practices genuinely need them. Here's exactly what we currently don't have and why — so you can make an informed decision.

Not applicable

Data Processing Agreement (DPA)

A DPA is required when one organization processes personal data on behalf of another — for example, when a school district sends student rosters to a vendor. We don't receive external student data. Learners use our platform with anonymous IDs — no accounts, no registration, and no personal information is collected. We act as data controller for our own minimal, non-personal data only, so a DPA isn't legally required or appropriate at this stage.

Not yet needed

FERPA certification

FERPA governs how schools share student education records with third parties. Because schools aren't sharing records with us — users come to us directly — FERPA doesn't apply to us as a vendor right now. If we enter formal agreements with school districts, we will address FERPA compliance before those agreements go live.

Not yet needed

SOC 2 audit report

SOC 2 is an independent security audit designed for vendors managing large volumes of sensitive enterprise data. As an early-stage platform that collects no personal data from learners (only anonymous Learner IDs and progress records), a full SOC 2 audit isn't warranted yet. We implement security best practices and will pursue formal audits as the platform scales and institutional partnerships grow.

Not applicable

Algorithmic bias audit

Bias audits are most critical when AI makes high-stakes decisions about individuals — hiring, lending, medical triage. Our AI generates stories and learning hints. While we do score learners for certification purposes, AI does not autonomously determine those scores — human-reviewed assessments drive outcomes. Anthropic conducts ongoing safety and fairness evaluation of Claude at the model level. We'll revisit a formal bias audit if AI takes a more direct role in scoring decisions.

When would these change?

If AESOP AI Academy enters formal data-sharing agreements with school districts, we will add a DPA and pursue FERPA compliance before those agreements go live. If the platform reaches enterprise scale, SOC 2 becomes the right next step. We'll update this page when any of that changes.