Learning Wake

Request a Demo

What Districts Actually Check Before Approving an EdTech Tool

If you’ve ever tried to get a new app approved for classroom use and hit a wall of IT tickets and data privacy reviews, this is for you. The Approval…

If you’ve ever tried to get a new app approved for classroom use and hit a wall of IT tickets and data privacy reviews, this is for you.

The Approval Process Is Not Arbitrary

A lot of teachers experience district technology approval as bureaucratic obstruction. You found a tool that works. Students are engaged. And then IT or the district office says they need to review it, and the review takes three months, and by then the school year is over.

That’s genuinely frustrating. But the review process exists for a reason, and understanding what districts are actually looking for helps you either (a) choose tools that will pass quickly or (b) make the case for the tools you already want to use.

The Three Things Every District Checks

District technology approvals vary by district, but there are three questions that come up in nearly every review. How an EdTech vendor answers these questions determines whether a tool gets approved in weeks or months — or at all.

1. Who owns the student data? Under FERPA, schools own student education records and must control who can access them. A vendor who claims ownership of data generated by students, or who can use that data for advertising or product improvement without consent, is a non-starter for any compliant district. The question to ask: “Does this vendor have a FERPA-compliant Data Processing Agreement?”

2. What data is actually collected? Districts need to know what personally identifiable information (PII) a platform collects. Name, email, and login credentials are obvious. Less obvious: behavioral data, usage patterns, device identifiers. California’s SOPIPA law prohibits using student data to build profiles for advertising purposes. If a vendor can’t clearly articulate what they collect and why, that’s a red flag.

3. Where is the data stored and how is it protected? US-based storage, encryption at rest and in transit, and breach notification policies are baseline requirements for most districts. Cloud providers based outside the US or platforms with vague security documentation will stall in review.

COPPA Adds a Layer for Younger Students

If any students using the platform are under 13, COPPA (Children’s Online Privacy Protection Act) applies. This requires verifiable parental consent before collecting personal information from children. Many EdTech tools sidestep this by requiring the school or teacher to act as the consent intermediary — which is a legitimate approach, but it has to be clearly documented in the vendor’s privacy policy and terms of service.

A vendor who hasn’t thought about COPPA compliance will not get approved for elementary or middle school use, regardless of how good the tool is pedagogically.

What Good Documentation Looks Like

When a district IT department or privacy officer reviews a new tool, they’re looking for specific documents, not promises. The gold standard package includes:

A signed Data Processing Agreement (DPA) that names the school or district as the data controller. A privacy policy written in plain language that specifies what data is collected, how it’s used, and how long it’s retained. A Terms of Service that does not claim ownership of student-generated content. A documented process for deleting all student data upon request — ideally within 30 days.

Vendors who can provide all of these on request move through approvals quickly. Vendors who say “our privacy policy is on our website” and leave it at that do not.

The Google Classroom Connection

Many district-approved tools connect to Google Classroom for roster import. If a vendor uses Google’s API to pull class rosters, Google requires that vendor to complete an OAuth verification process — a security review that confirms the app only accesses the scopes it requests, and that those scopes are appropriate for the claimed use case.

A verified Google OAuth application signals to IT departments that the vendor has undergone external scrutiny of their data practices. It’s not a full district approval on its own, but it moves the needle.

What This Means for Teachers

When you’re evaluating a new EdTech tool for your classroom, the pedagogical value matters — but so does the compliance story. A tool that’s excellent in the classroom but can’t pass a district review is a tool you can’t use at scale.

Ask vendors directly: Do you have a FERPA-compliant DPA? Are you COPPA-compliant? Have you completed Google OAuth verification? If a vendor hesitates on any of these, take note. The districts that ask hardest questions are often the same ones that move fastest once they get satisfactory answers.

The teachers who get their tools approved aren’t the ones who found the best apps. They’re the ones who found the best apps and could make the compliance case.

— Learning Wake

Learning Wake is a FERPA-compliant project board platform for K-12 classrooms. It includes a Data Processing Agreement template, COPPA-conscious data practices, and completed Google OAuth verification. learningwake.net