bloomz 
Part of our guide to AI in K-12 communication.
A vendor switches on an “AI assistant,” and a feature that looks like a convenience quietly becomes a data-use decision. The demo shows a polished draft appearing in seconds. What the demo does not show is where the text of that message traveled, what model processed it, and whether anything about your students was retained on the way.
That gap is the problem. AI features run on data, and in a school the data is about children. So before a district enables anything labeled AI, the questions to ask are not about the interface. They are about what happens to student information the moment a feature touches it.
This is general information for district leaders, not legal advice. Run the specifics past your own counsel and your data privacy officer.
Why “AI features” is really a data question
Most AI tools work by sending content somewhere to be processed. A teacher types a few notes, the tool sends them to a model, and a finished draft comes back. The convenience is real. The question underneath it is simple and easy to forget in a demo: did any student information leave the platform, and if so, where did it go and what was done with it?
Some vendors process everything inside infrastructure they control and never use your content to improve a general-purpose model. Others route data through third-party AI providers under terms you have not read. The interface looks identical either way. The difference only shows up when you ask.
The five questions to ask before you turn anything on
These five cover the ground that matters. Ask them in writing, and ask for written answers.
Is student data used to train models outside our district?
This is the first question because it is the one most likely to surprise you. Some AI tools use the content that flows through them to train or fine-tune models that other customers also use. For student data, that should be a hard no. The answer you want is direct: student information is never used to train models that operate outside your district’s own use of the product. If the answer arrives wrapped in qualifiers, keep pushing until it is plain.
Where is data stored, and who can access it?
Ask where the data physically lives, what security the hosting meets, and which people at the vendor can see it. A credible answer names the infrastructure and its certifications. Bloomz, for example, is hosted on SOC 2-certified cloud infrastructure, and access is limited to staff who need it to run the service. Note the precise claim there. The cloud infrastructure carries the SOC 2 certification. A vendor that blurs that line, or cannot tell you who internally can reach student records, has told you something.
Is data ever sold or shared?
The answer should be no, with no footnote. Student data should never be sold, and it should never be shared with advertisers or data brokers. Ask specifically about “sharing for marketing purposes” and “anonymized or aggregated data sold to third parties,” because those are the phrases that hide the exceptions. Bloomz does not sell or share student data, full stop.
Can we turn AI off and keep a working platform?
A district should be able to decline AI features and still have a communication platform that does its job. If the AI is welded to core functions so tightly that disabling it breaks messaging or attendance, you have lost the ability to make a measured choice. Ask whether AI is optional, who controls the setting, and what the product does with the feature off. Real educator control includes the control to say no.
Does a human approve anything that reaches a family?
This is where assistive AI separates from the autonomous kind. Ask whether the tool can send a message to a parent on its own, or whether a person always reviews and sends. The safe design keeps a human in the loop on every outbound communication. With Bloomz AI (BLISS), the AI drafts and translates and surfaces patterns for staff, and a person always decides and sends. The AI does not message families on its own and does not make determinations about students. That boundary is worth confirming in writing for any vendor you consider. It is the same boundary we cover in what AI should and shouldn’t do in school communication.
Where FERPA and COPPA fit
FERPA governs the privacy of student education records. COPPA governs the online collection of personal information from children under 13. Together they set the floor for what a school technology vendor must do, and a serious vendor treats them as a starting point rather than a finish line.
Ask whether the vendor signs a data privacy agreement, whether it operates as a school official under FERPA, and whether it holds independent privacy certifications. Bloomz is FERPA and COPPA compliant and iKeepSafe certified, which means a third party has reviewed its practices against those standards. A certification is not a magic word. It is evidence you can verify, which is more than a verbal assurance gives you.
How to read the answers you get
Watch for three things. First, precision. A vendor that knows its own architecture answers without hedging and uses exact terms. Vagueness about where data goes usually means the answer is uncomfortable. Second, scope. “We comply with FERPA” is a claim about the law, not a description of what the product does with AI, so ask the AI questions directly. Third, willingness to put it in writing. A clear verbal answer that evaporates when you request it on paper is not an answer you can rely on at a board meeting.
You do not need to become a privacy lawyer to do this well. You need to ask the five questions, insist on plain answers, and check the answers against the contract and the certifications. The vendors worth working with will make that easy.
Privacy is not a feature you bolt on after the demo. It is the foundation the rest of the decision sits on, and the questions above are how you test whether the foundation holds. If you want to see how assistive AI works when educator control and student privacy are built in from the start, Schedule a demo.