Privacy & data
What Bright Speaker collects, where it flows, and what we deliberately don't do. Written in plain English.
What leaves the student's device
- Student video: nothing. The webcam stream is processed in the browser for the eye-contact indicator. It is not uploaded, not stored, and not shared.
- Student audio:the browser's built-in Speech Recognition API is used to convert speech to text during a session. In Chrome, this means audio is transmitted to Google's speech-recognition service to produce a transcript. This is a standard browser capability. We're working on an on-device alternative.
- Transcript:the text of what a student said during a session. Today it is stored in the browser's local storage. If authenticated accounts ship later, we will document where transcripts live before any school deployment uses them.
- Scores, XP, and badges: numerical results of a session, stored the same way as transcripts.
What we don't collect
- We don't ask for a student's birthdate, phone number, home address, or parent email.
- We don't use third-party ad trackers or advertising cookies. See the Cookie Policy for the current browser-storage and consent notice.
- We don't build a profile of a student to sell or share.
- We don't enable peer-to-peer messaging or social features that would create a moderation surface in a K-12 product.
Who we work with (sub-processors)
To run the product, we rely on a small number of services. Today these include:
- Vercel — hosts the website.
- Clerk — planned authentication provider when account-based pilots are enabled.
- Neon — our managed PostgreSQL database; not currently used for student data in the browser demo.
- Google — provides the browser-level Speech Recognition API that Chrome uses for transcription.
When we sign a data privacy agreement with a school, we'll disclose the current sub-processor list there as well.
About COPPA and FERPA
Bright Speaker is designed for K-12 schools. That means COPPA (for students under 13) and FERPA (for education records) apply to any real deployment. We do not yet hold formal compliance certifications like a COPPA Safe Harbor attestation or a SOC 2 report. We'll be transparent about what we've completed and what's in progress in any procurement conversation. If a school or district requires a data processing agreement to run a pilot, we'll review the language with you and be explicit about what is ready versus still in legal/compliance work.
Deletion and questions
You can clear all session data for your browser from the history page. If authenticated accounts and teacher/admin dashboards ship, the related deletion controls will be documented before schools rely on them.
Questions, corrections, or a data-deletion request? Write us here.
Last updated: 2026-07-02.