Privacy & data

What Bright Speaker collects, where it flows, and what we deliberately don't do. Written in plain English.

This is an overview, not a legal document. Bright Speaker is pre-launch. A formal privacy policy and terms of service are being drafted and will replace this page before any paid deployment. In the meantime, this is an honest description of how the product works today.

What leaves the student's device

  • Student video: nothing. The webcam stream is processed in the browser for the eye-contact indicator. It is not uploaded, not stored, and not shared.
  • Student audio:the browser's built-in Speech Recognition API is used to convert speech to text during a session. In Chrome, this means audio is transmitted to Google's speech-recognition service to produce a transcript. This is a standard browser capability. We're working on an on-device alternative.
  • Transcript:the text of what a student said during a session. Today it is stored in the browser's local storage. If authenticated accounts ship later, we will document where transcripts live before any school deployment uses them.
  • Scores, XP, and badges: numerical results of a session, stored the same way as transcripts.

What we don't collect

  • We don't ask for a student's birthdate, phone number, home address, or parent email.
  • We don't use third-party ad trackers or advertising cookies. See the Cookie Policy for the current browser-storage and consent notice.
  • We don't build a profile of a student to sell or share.
  • We don't enable peer-to-peer messaging or social features that would create a moderation surface in a K-12 product.

Who we work with (sub-processors)

To run the product, we rely on a small number of services. Today these include:

  • Vercel — hosts the website.
  • Clerk — planned authentication provider when account-based pilots are enabled.
  • Neon — our managed PostgreSQL database; not currently used for student data in the browser demo.
  • Google — provides the browser-level Speech Recognition API that Chrome uses for transcription.

When we sign a data privacy agreement with a school, we'll disclose the current sub-processor list there as well.

About COPPA and FERPA

Bright Speaker is designed for K-12 schools. That means COPPA (for students under 13) and FERPA (for education records) apply to any real deployment. We do not yet hold formal compliance certifications like a COPPA Safe Harbor attestation or a SOC 2 report. We'll be transparent about what we've completed and what's in progress in any procurement conversation. If a school or district requires a data processing agreement to run a pilot, we'll review the language with you and be explicit about what is ready versus still in legal/compliance work.

Deletion and questions

You can clear all session data for your browser from the history page. If authenticated accounts and teacher/admin dashboards ship, the related deletion controls will be documented before schools rely on them.

Questions, corrections, or a data-deletion request? Write us here.

Last updated: 2026-07-02.