K-12 AI Governance & Tool Intelligence
For Educators Who Read Carefully · languagefirm.org/districtfiling
Tool Spotlight
MagicSchool is an AI operating system built specifically for K-12 schools. The platform combines an educator toolset of more than 80 tools (lesson plan generator, rubric maker, IEP drafting assistant, parent communication, presentation generator, multiple choice quiz maker, worksheet generator), a student-facing experience through Student Rooms (configured and enabled by educators), and a district admin layer (Enterprise dashboards, custom tools, moderation rules). Models are routed across OpenAI, Anthropic, and Google depending on task. As of the most recent verified review, MagicSchool holds the Common Sense Privacy Verified Seal at 93 percent, an iKeepSafe FERPA Product Profile, SOC 2 Type 2 alignment, and a published Data Privacy Addendum live in the SDPC Resource Registry.
The most consequential design choice for K-12 governance is the role separation. MagicSchool acts as a controller of educator-account information and as a processor of Student Data under a school-executed DPA. Student access requires school enablement through SSO (Google, Microsoft, Clever, or ClassLink) or an educator-shared room code in a Student Room. Students cannot create accounts independently. The free tier is functional for individual teacher exploration. The Enterprise tier is required for district-wide admin visibility, custom tool authoring, and moderation rule management. New York Education Law Section 2-D Exhibit C is published for districts in that state.
The non-negotiable condition for district-sanctioned student-facing deployment is the executed Data Privacy Addendum. Districts execute by signing the addendum and emailing it to security@magicschool.ai. The signed addendum is published in the SDPC Resource Registry at sdpc.a4l.org. Without this contract on file, MagicSchool is a self-register tool outside district governance, regardless of how thoroughly individual teachers may use it.
Best Use Cases10 Things Every Educator Needs to Know
MagicSchool earns Teacher-OK at 19/20, the strongest governance posture profiled in this series. The score depends on one condition that is not optional: the executed Data Privacy Addendum. Without the DPA on file, MagicSchool is the free-teacher-self-register path, which carries none of the contractual protections this score reflects. The DPA is the governance instrument. Everything else is downstream of it.
The DPA is the governance instrument. The score reflects the contractual path, not the free path.
The 19/20 score and the Teacher-OK label apply only when MagicSchool is deployed under an executed Data Privacy Addendum signed by the district and Magic School, Inc. The signing path is a single email to security@magicschool.ai. The signed DPA is then published in the SDPC Resource Registry. Districts using the free teacher tier without the DPA operate as individual self-registrants. None of the contractual protections (no AI training on student data, sub-processor notification, breach notification, FERPA processor designation) are extended to a district that has not executed the DPA. The DPA is not a procurement nicety. It is the instrument that converts MagicSchool from a consumer tool into a governed K-12 platform.
No model training on student data. Signed Zero Data Retention attestations from both OpenAI and Anthropic.
Student Data is contractually prohibited from being used to train, retrain, or improve any AI or machine learning model, including LLMs. This applies to MagicSchool itself and to all sub-processor AI providers. The strength of this commitment is unusual: MagicSchool holds signed Zero Data Retention attestations from both OpenAI and Anthropic, which means prompts and submissions are processed transiently and are not retained or used to train provider models. ZDR is not the default arrangement OpenAI or Anthropic offer to most enterprise customers. The attestations are a meaningful procurement signal that MagicSchool has secured contractual commitments most consumer AI tools cannot demonstrate.
Common Sense Privacy Verified Seal at 93 percent. One of the highest seal scores in the K-12 AI category.
The Common Sense Privacy Seal is awarded based on a 200-plus point rubric that goes beyond stated commitments to evaluate enforceable practices. MagicSchool's 93 percent rating places it among the highest-rated K-12 AI tools Common Sense has evaluated. The seal also commits the vendor to quarterly check-ups and annual policy review, which functions as an external monitoring layer most vendors at this scale do not commit to. For districts that use Common Sense Media ratings or SDPC listings as procurement prerequisites, the 93 percent rating clears those signals and provides a defensible procurement file.
COPPA support is structural, not promotional. Student access is gated by school enablement.
MagicSchool is documented in the iKeepSafe Product Profile and the Student Data Policy as supporting the school-as-agent COPPA consent path. The school acts as the operator and provides parental notice consistent with district policy. Students cannot create accounts independently. Student access is gated entirely by school enablement: SSO via Google, Microsoft, Clever, or ClassLink, or an educator-shared room code in a Student Room. This structural gating is meaningfully stronger than the consent-by-AUP-checkbox arrangement most consumer AI tools use, and it is one of the primary reasons MagicSchool clears the COPPA bar where many comparable tools do not.
FERPA alignment is contractual. iKeepSafe Product Profile completed and published.
MagicSchool acts as a school official data processor under the executed DPA. The iKeepSafe FERPA Product Profile is completed, published (September 2024 cohort), and includes commitments on annual employee privacy training, breach notification, and prior notice for material privacy policy changes. The Product Profile is a meaningful third-party verification: iKeepSafe reviews the vendor's actual practices, not just the public-facing privacy policy, and publishes findings that bind the vendor to those representations. Districts that need a defensible FERPA file can request the Product Profile directly from iKeepSafe and place it alongside the executed DPA in their compliance archive.
SDPC registry is live. The signed DPA is published, not just promised.
The Magic School Data Privacy Addendum is live in the SDPC Resource Registry at sdpc.a4l.org. State-alliance exhibits exist for New York (Ed Law Section 2-D Exhibit C is published in the registry). Other state-alliance exhibits are available on request. The fact that the signed DPA is published in SDPC, rather than just available on request, is unusual and useful: districts in SDPC-member states can adopt or extend the existing addendum rather than negotiating from scratch. For districts in California, Illinois, Texas, or other states with state-specific privacy law, the published New York exhibit demonstrates the vendor's willingness to engage with state-specific contractual frameworks.
Sub-processor notification is contractual. Districts retain the right to object before changes take effect.
Sub-processor changes trigger advance notification under DPA clause 7. The DPA also requires districts to designate the email address for change notifications at execution. Districts retain the contractual right to object to a sub-processor change within a defined window before the change takes effect. This is the structural protection that converts a sub-processor list from a static disclosure into an active governance instrument. Districts adopting MagicSchool should ensure the designated notification email is monitored by IT or compliance personnel rather than by an individual whose role may change. A stale notification address is the most common way this protection fails in practice.
Free tier is exploration-only. Enterprise SSO is the path for student-facing deployment.
The free teacher tier is functional for individual exploration. It does not include district-level admin controls, district dashboards, custom tool authoring, or moderation rule management. It also does not place the district under the protections of the executed DPA, because the DPA binds the school district as the contracting party. Teachers using the free tier without district SSO self-register, creating parallel accounts outside district IT visibility. The full no-new-account experience requires Enterprise SSO configuration via Google, Microsoft, Clever, or ClassLink. Districts that have teachers already on the free tier should plan a migration to Enterprise SSO as part of student-rollout planning, not after.
Aurora Public Schools posted a 28 percent literacy outcome. Independent reviews show 7 to 10 hours saved per teacher per week.
Aurora Public Schools is publicly documented as showing a 28 percent increase in students meeting literacy goals after MagicSchool deployment. Vendor reports more than 5 million educators across more than 13,000 schools and districts in 160 countries. Independent reviews confirm 7 to 10 hours per week saved on planning tasks, consistent with the vendor's reported figures. This is among the strongest deployment evidence in this series. Districts should still validate the outcome model in their own context (Aurora's deployment scope, instructional model, and student population may differ from the district's own), but the published evidence is substantive and traceable, not promotional.
19/20 is the strongest score in the series. The single gap is Q18: free-tier self-registration outside district visibility.
Total: 19/20. Section 6: 5, Section 7: 5, Section 8: 5, Section 9: 4. The single gap is Q18, which fails because the free tier requires teacher self-registration when district SSO is not configured. This produces parallel accounts outside district IT visibility. The full no-new-account experience requires Enterprise SSO. Three items remain flagged in What This Card Cannot Confirm: direct verification of the 1EdTech Trusted Apps Directory listing, the current SOC 2 Type 2 attestation report, and state-alliance exhibits beyond the published New York Section 2-D. None of these are governance blockers. All three are worth tracking in subsequent drift audits. The 19/20 reflects a product with the strongest combination of certifications, contractual commitments, and deployment evidence in this series. The Teacher-OK label is earned on the executed DPA path. It does not transfer to the free path.
Evidence Links: For Your Internal Verification Routine
Endurance Skills Guide
MagicSchool is the strongest-governance card in this series, and the skills that make that governance work are operational, not legal. They are the things a district has to do every week, every quarter, and every year to keep the contractual protections alive after the DPA is signed. Six durable skills, all built from the MagicSchool story and all generalizable to the next vendor.
01
DPA Lifecycle Management
Treating the Contract as a Living Instrument, Not a Filed Document
An executed Data Privacy Addendum is the start of governance, not the end. Districts should track the effective date, the renewal cadence, the designated notification email, the named state exhibits, and the sub-processor list as a single record reviewed at least annually. For MagicSchool, this means knowing who at the district receives sub-processor notifications under DPA clause 7, whether that person is still in their role, and whether the district has any standing objections on file. The DPA file should be retrievable in 60 seconds by anyone who needs it: the superintendent, the district attorney, the IT director, the state ed agency. If retrieval takes longer than that, the contract is filed, not managed.
02
Tier Migration Discipline
Moving Off the Free Path Before the Student Path Goes Live
Free-tier accounts created before a district executes the DPA are not retroactively protected by it. Districts adopting any AI tool with a free-and-paid structure should audit existing teacher accounts before student rollout, identify the migration path to the Enterprise tier, and set a deadline for cutover. For MagicSchool, this means inventorying who has self-registered, configuring SSO via Google, Microsoft, Clever, or ClassLink, and migrating the existing accounts under the Enterprise umbrella. The skill is the discipline of treating the free tier as a temporary state, not a permanent one. The migration is operational work that takes hours or days, not weeks. The cost of skipping it is a permanent shadow IT problem.
03
SSO and Rostering Hygiene
Making the Identity Layer Work Before Asking the AI Layer To
Every governance protection on a card like MagicSchool's depends on the district's ability to identify users correctly, scope access by role, and revoke access when staff or students leave. SSO via Google, Microsoft, Clever, or ClassLink is the foundation of this, and rostering accuracy is what keeps it intact across school years. Audit your rostering source quarterly. Confirm that the OU or group structure used for AI tool access matches the structure used for other Workspace or Microsoft 365 access. Confirm that students who have left the district are removed promptly. The AI tool inherits the quality of the identity layer beneath it. A messy identity layer makes the strongest governance posture brittle.
04
Sub-Processor Notification Monitoring
Reading Vendor Emails as a Governance Function, Not a Marketing Annoyance
Sub-processor changes are the most common way an AI vendor's data handling practices change without the privacy policy itself changing. The DPA gives the district the right to object before the change takes effect, but only if the notification email reaches a person who reads it and recognizes the implication. Designate at least two people to receive sub-processor notifications: one in IT, one in compliance or curriculum. Set up a shared inbox if possible. Establish a default response protocol: when a notification arrives, who reviews it, what the review covers (data residency, sub-processor identity, scope of access), and within what window. If the district has never exercised the contractual right to object, the muscle is not built. Build it before you need it.
05
Educator Output Review Pattern
Adopting the 80-20 Standard as a Default Operating Mode for AI-Generated Content
MagicSchool's vendor recommendation is the 80-20 pattern: AI does the bulk of the drafting, the educator does the final 20 percent of refinement. This is a useful default for any AI tool that produces classroom-ready content. The skill is making the review pattern visible at the district level, not just at the individual teacher level. Build educator review into PD: show staff what 20 percent refinement looks like on a lesson plan, a rubric, an IEP draft, a parent email. Build it into the AUP: name the review obligation explicitly so a teacher cannot defensibly publish unreviewed AI output to students or families. Build it into the moderation rules where the platform supports it. The pattern is not an aspiration. It is the operating standard.
06
Certification Renewal Tracking
Treating Third-Party Seals as Time-Bounded, Not Permanent
Common Sense Privacy Seals, iKeepSafe Product Profiles, SOC 2 Type 2 attestations, and 1EdTech certifications all have renewal cycles. A vendor that holds a certification today may not hold the same certification in 18 months. Districts should track renewal dates as part of the procurement file and re-verify at the renewal interval, not just at adoption. For MagicSchool, this means noting that the iKeepSafe Product Profile was completed in the September 2024 cohort, that the Common Sense Privacy Seal commits the vendor to quarterly check-ups, and that the SOC 2 Type 2 attestation covers a defined twelve-month observation period that requires annual renewal. A certification is not a state of being. It is a representation about a window of time.
An executed Data Privacy Addendum is the most important document in any K-12 AI procurement. For MagicSchool, it converts the product from a consumer self-register tool into a governed K-12 platform. Without it, the 19/20 score on this card does not apply to the district. With it, every contractual protection assessed on this card is in force. The DPA is, in this sense, the single highest-leverage instrument in the entire governance stack. And yet, in most districts, it is filed once and never revisited until something goes wrong.
DPA Lifecycle Management is the skill of treating the executed addendum as a living instrument with a defined operational rhythm. It has four pillars. First, the executed date and renewal cadence. Most DPAs have an effective date, a term length (often three years), and a renewal mechanism. The district should know all three for every active DPA, with the renewal date entered on a compliance calendar that triggers a review at least 90 days before expiration. Second, the sub-processor list. The DPA grants the district the right to object to sub-processor changes within a defined window. That right is exercised only by people who know it exists and who receive the notification. The district should know who currently appears on MagicSchool's sub-processor list, when the list was last updated, and who in the district receives change notifications.
Third, the notification address. The DPA designates a specific email address for change notifications. That address often points to an individual whose role may have changed since the contract was signed. Districts should audit their designated notification addresses across all active DPAs and update them whenever staff turn over. A notification sent to a former employee's inbox is functionally equivalent to no notification at all. Fourth, the state exhibit set. State-specific student data privacy laws (New York Ed Law 2-D, Connecticut, Illinois, Texas, California) often require a state-specific exhibit attached to the underlying DPA. Districts should know which exhibits apply to their state and which are on file for each active vendor. For MagicSchool, the New York Ed Law 2-D Exhibit C is published in the SDPC registry. Other state exhibits are available on request. A district outside New York that has not requested its state's exhibit has not yet completed the contract, even if the underlying DPA is signed.
The operational test for DPA Lifecycle Management is retrieval. If the superintendent, the district attorney, the state ed agency, or a parent asks to see the DPA for any active AI vendor, the document should be retrievable in 60 seconds by the person responsible for it. If retrieval takes longer than that, the document is filed, not managed. Filed documents go stale. Managed documents stay current. The difference is operational discipline, exercised on a calendar, by people whose roles include the work.
Practitioner Exercise
Pick the AI vendor your district uses most frequently. Try to retrieve the executed DPA in 60 seconds. If you can find it, look for four data points: the effective date, the renewal date, the designated notification email, and the most recent sub-processor list. Note which of these you cannot find or are not certain about. If you cannot find the DPA in 60 seconds at all, the document is filed but not managed. Either outcome identifies a governance gap that you can close with a calendar entry, a shared folder reorganization, or a single conversation with the IT director or compliance officer. That conversation is the minimum unit of DPA Lifecycle Management.
Most Recent Policy Update
FTC Final Rule Approved: January 16, 2025 · Federal Register Publication: April 22, 2025 · Effective Date: June 23, 2025 · Compliance Date: April 22, 2026
On April 22, 2025, the Federal Trade Commission published the final rule amending the Children's Online Privacy Protection Rule (COPPA). The amended rule took effect June 23, 2025, with full compliance required by April 22, 2026 (with earlier deadlines for FTC-approved Safe Harbor programs). The amendments are the most substantial revisions to COPPA since 2013, and several of the changes have direct implications for K-12 AI vendors operating under the school-as-agent consent path.
Three changes matter most for this card series. First, the rule clarifies and tightens the requirements for verifiable parental consent (VPC), including new acceptable methods and stricter documentation expectations. Notably, the FTC declined to adopt the proposed EdTech-specific amendments that would have explicitly authorized educational institutions to provide consent for school-authorized educational purposes; the school-as-agent consent path continues to operate under existing FTC guidance rather than under a codified rule provision. For K-12 AI tools deployed to students under 13, the school remains the operator that authorizes use, but the documentation standard has risen across the rule generally. A generic AUP sign-off was already inadequate as a matter of best practice. Under the amended rule, it is more clearly inadequate as a matter of regulation.
Second, the rule expands the definition of personal information to include biometric identifiers (fingerprints, retina patterns, gait, facial data, voice data) and government-issued identifiers, and requires separate verifiable parental consent for third-party disclosures including for targeted advertising. AI tools that collect or generate inferences from interaction data should be evaluated against the expanded definition. MagicSchool's contractual prohibition on training models with student data, combined with the signed Zero Data Retention attestations from OpenAI and Anthropic and the prohibition on advertising to students, addresses the bulk of this expansion at the platform level. Districts should still confirm that any custom tool authoring or moderation rule configuration does not inadvertently create third-party disclosure paths that fall within the new VPC requirement.
Third, the rule strengthens data retention and deletion obligations. Operators may retain personal information only as long as reasonably necessary for the specific purposes for which it was collected. MagicSchool's Student Data Policy already articulates this standard. Districts should confirm that their internal record retention policy aligns with the platform's deletion practices, and that account-cancellation deletion is exercised promptly when staff or students leave.
The operational implication for districts adopting MagicSchool: the executed DPA, the iKeepSafe FERPA Product Profile, the SDPC-registry-published addendum, and the structural gating of student access through SSO already address the substance of the amended rule. The work to do before the April 22, 2026 compliance date is verifying that the district's own consent documentation, retention practices, and account-lifecycle procedures are aligned with the updated standard. The vendor side of the bar is high. The district side of the bar requires intentional effort.
Archive
Every issue of The District Filing, archived and searchable by topic, tool, and skill focus.
languagefirm.org/districtfilingarchive