The Education Privacy Notice. A Major Update to Our Privacy Policies and Terms of Use
We’ve published the most significant update to VoiceThread’s privacy policies in over a decade. If you’re an administrator, educator, IT professional, or parent, here’s what changed and why it matters.
What We Did
We replaced our single privacy policy with two separate documents: an Education Privacy Notice for schools and institutions, and a General Consumer Privacy Notice for individual users. We also updated our Terms of Use with new protections against unauthorized data scraping and AI training.
The old policy tried to cover everyone in one document. That created confusion. An IT director evaluating VoiceThread for a district had to read through sections about California consumer rights. A parent looking for information about how their child’s data was handled had to wade through billing and marketing language. The new structure puts the right information in front of the right audience.
Why Now
Privacy regulation in education has changed substantially in the past several years. More than 40 states have passed student privacy laws since our last major policy update. Federal guidance on FERPA and COPPA has evolved. Institutions are asking harder questions in their security reviews, and they deserve clear, specific answers.
We worked with the Public Interest Privacy Center (publicinterestprivacy.org), an independent nonprofit focused on student privacy, to audit our existing policies, identify gaps, and draft the new Education Privacy Notice. Our outside legal counsel at Foley & Lardner then reviewed and refined all three documents before publication.
What’s in the Education Privacy Notice
The Education Privacy Notice covers users who access VoiceThread as part of an institutional license held by a school, district, college, university, or other educational institution. It’s structured around the specific concerns that schools, districts, and universities ask about during procurement. Key provisions include:
Schools control the data. VoiceThread asserts no ownership over student information. Schools decide what data is collected, how long it’s retained, and what happens to it when a license ends. We provide the administrative tools to act on those decisions.
Student content is private by default. Nothing a student creates is visible to anyone other than the educator who set up their account unless that educator explicitly enables sharing. We distinguish between “distributing” (sharing with other education users within the platform) and “publishing” (making content accessible to anyone on the internet). K-12 students can only distribute or publish if their educator opts in.
No advertising, profiling, or data sales. Student personal information is never used for advertising. We don’t build profiles for non-educational purposes. We don’t sell data. These aren’t new practices for us, but the new policy states them explicitly and in the specific language that state laws require.
Clear data handling at license expiration. When a license ends, administrators have three options for student accounts: transfer to parents, archive, or delete. For K-12 students, accounts can only be transferred to a parent or guardian. For postsecondary students, accounts can be converted to general consumer accounts. We document these options in the policy itself, not just in a support article.
Breach notification without qualifiers. If we learn of a security breach, we will notify affected users electronically. Period. The old policy included the phrase “subject to applicable laws,” which created ambiguity about whether and when users in certain jurisdictions would be notified. We removed that qualifier.
Fourteen voluntary commitments. Beyond what federal and state laws require, we’ve documented fourteen specific commitments governing how we handle student data. These cover everything from data minimization and purpose limitation to vendor management and successor entity obligations. These commitments are VoiceThread’s own, enforceable through our contracts with schools.
Explicit AI disclosure. The new policy lists every AI sub-processor we use, what they’re used for, and the contractual restrictions that apply. This includes a no-foundation-model-training commitment for any personal information processed through AI services. Schools may opt out of non-core AI features through their account configuration.
What’s in the General Consumer Privacy Notice
For users who access VoiceThread as individual consumers rather than under an institutional license, the General Consumer Privacy Notice covers data collection, use, sharing, and rights. The major change is that all education-specific content has been moved to the Education Privacy Notice, making the consumer document shorter and more relevant to its audience.
We also simplified the international data transfer section. Rather than listing specific jurisdictions and making broad compliance claims, we’re straightforward about the fact that VoiceThread is a US-based service operating under US law. International users are encouraged to contact us directly for a data processing agreement tailored to their jurisdiction. This is more honest and more useful than the previous language.
What’s New in the Terms of Use
Anti-scraping and AI training prohibition. Users and third parties are now explicitly prohibited from scraping, crawling, or mining any data on VoiceThread, whether publicly or privately accessible. This includes any collection of data for the purpose of training, fine-tuning, or developing any unauthorized artificial intelligence system. Your content is yours. We will not allow others to harvest it.
This prohibition does not restrict VoiceThread’s own use of authorized AI tools in connection with providing or improving the Services, provided such use is disclosed in the applicable Privacy Notice.
Commercial use for educators. The old terms limited use to “personal (noncommercial)” purposes, which didn’t account for educators who use VoiceThread professionally. The updated terms explicitly allow paid subscribers, including Pro Educator users, to use VoiceThread for commercial educational purposes.
Updated governing law. The Terms of Use are now governed by Delaware law, consistent with VoiceThread’s state of incorporation.
Updated K-12 framework. K-12 status is now determined by how the institutional license is provisioned, not by which subdomain users access. This reflects how the platform actually operates and gives institutions cleaner administrative control over how their accounts are designated.
Our Privacy Posture
These policy updates reflect how we’ve always operated, not a change in behavior. VoiceThread has maintained an 87% rating from Common Sense Media’s privacy evaluation program, with perfect scores in data sharing, data security, advertising and tracking, parental consent, and school purpose compliance. We’ve held SOC 2 Type 2 certification continuously. We encrypt all data in transit and at rest. We’ve never sold user data, never served advertising, and never used student information for non-educational purposes.
What the new policies do is document these practices in the specific, structured language that modern privacy law requires. When a district privacy officer reviews VoiceThread, they should find the answers to their questions in the policy itself, not in a follow-up email.
What This Means for Your Data
If you’re an administrator or IT professional: the Education Privacy Notice is designed to be the primary document you review during procurement. It addresses FERPA, COPPA, SOPIPA, and state-level student privacy requirements directly. If you have a Data Processing Agreement with us, it takes precedence where terms differ.
If you’re an educator: nothing about how VoiceThread works has changed. Your students’ content is still private by default. You still control sharing and publishing settings. The policies now describe those controls more clearly.
If you’re a parent: student data is owned by the school, not by VoiceThread. Contact your school to access, review, or request deletion of your child’s information. We will support the school in fulfilling those requests.
If you’re an individual user: the General Consumer Privacy Notice applies to you. Your rights to access, correct, and delete your information are documented there.
Questions
If you have questions about these changes, contact us at support@voicethread.com or (888) 407-3929. We’re also happy to schedule a call to walk through the policies with your privacy or procurement team.