A three-part tool for verifying any K-12 AI tool against a structured application of The Language Firm's Forensic Read™ methodology. Score against the rubric. Pull the firm's source-document collection. Look up unfamiliar terms. The verdict is yours; the firm provides the infrastructure that supports the human-in-the-loop work. This tool is the most basic and topical application of what the methodology can produce. The full methodology is published at languagefirm.org/the-forensic-read.
Name a tool. Read its primary documents. Answer twelve inputs across three axes. The verdict calculates from the rubric, with three dealbreakers that auto-trigger Flag. Export a signed PDF for circulation with your cooperating teacher, principal, or school board.
These are the primary documents the firm has linked for this tool. Read them yourself before scoring. The verdict is yours. The Forensic Read™ is the human's read; the firm provides the source-collection infrastructure, not the conclusion.
Several catalogued tools match what you typed. Pick the one you mean to score.
This tool is not in the firm's Source Collection Index. Add up to five primary documents you consulted in producing this verdict. These will appear on the exported PDF as part of the audit trail. The firm's recommended starting set: Terms of Service, Privacy Policy, Data Processing Addendum, Trust Center or Security page, and any product-specific or education-tier page.
At least 3 of 4 best-state answers on every axis. No dealbreakers triggered. Safe to use as intended.
Mixed signals across the three axes, or one axis below the 3-of-4 best-state threshold. Use only after verifying the specific conditions that produced the mixed read.
A dealbreaker is triggered on data, FERPA, or COPPA posture, or any axis has two or more worst-state answers. Do not use until resolved.
The exported PDF includes a signing block so the verdict can be printed, signed, and brought forward for discussion with a cooperating teacher, principal, district administrator, or school board. Add your name and title below; they will appear on the PDF as the printed-name and title lines, leaving only the signature and date to fill in by hand.
The catalogue of K-12 AI tools the firm tracks. Some have already been audited through the First Watch drift audit series; others are catalogued in preparation for future audits. Each entry includes the primary documents needed to apply the rubric. Use this tab to find the documents to read against when scoring a tool, or to see the rubric the Scorer applies.
The Forensic Read™ verdict is set by a three-axis rubric applied to the vendor's primary documents. Twelve inputs total, decidable from documents alone, with three single-input dealbreakers that auto-trigger Flag.
At least 3 of 4 best-state answers on every axis. No dealbreakers triggered.
Mixed across the three axes, or 2 of 4 best-state answers on any single axis.
Two or more worst-state answers on any axis, or any single dealbreaker triggered.
Many K-12 vendors publish their signed Data Processing Addenda and state-specific contract exhibits here. This is the highest-yield single resource for the institutional contract documents that vendors do not post on their public marketing sites.
privacy.a4l.org · searchable by vendor name
Definitions for the specialized terms used in the Scorer and the Index. Look up unfamiliar vocabulary before scoring, or while reading a vendor's primary documents. Each entry that maps to a specific rubric input is tagged with its axis and position.
A mechanism that prevents a service from collecting personal information from users under 13 without first obtaining verifiable parental consent. An active age gate intercepts the user before any data is collected. A self-declared age gate accepts whatever date the user enters without verification, treated as effectively no gate under most regulatory interpretations.
One of the three categories the Forensic Read™ rubric uses: data posture, FERPA posture, and children's data posture (COPPA). Each axis contains four binary inputs. The verdict is calculated by summarizing results across all three axes, not by collapsing them into a single score.
A U.S. federal law (15 U.S.C. §§ 6501–6506) that imposes specific requirements on operators of online services directed at children under 13 or that have actual knowledge of collecting personal information from children under 13. The COPPA Rule (16 C.F.R. Part 312) is the FTC's implementing regulation.
The section that defines what counts as verifiable parental consent. Enumerated methods include signed forms returned by mail, credit-card verification, video conferencing, or government-issued ID matching. Mechanisms relying on a checkbox or typed email do not meet the standard.
The party whose name appears on the agreement governing a tool: a district contract, school-level contract, teacher account, or personal student account. Determines which terms apply, which DPA is in force, and which protections the user can rely on.
The principle, central to COPPA and most modern privacy regimes, that a service should collect only the personal information reasonably necessary for the activity the user is engaged in.
The contract exhibit that specifies what personal data may be processed by a vendor on behalf of a customer, under what terms, with what safeguards, and with what limitations on reuse. In K-12 procurement, typically the document operationalizing the vendor's FERPA posture and specific commitments around student data.
An input that, if answered with the worst-state option, automatically triggers a Flag verdict regardless of how the remaining inputs are answered. The Scorer has three dealbreakers: training-use of inputs (data), school official designation (FERPA), and under-13 age gate (COPPA).
A user's or administrator's ability to trigger the removal of stored content. Self-serve deletion completes through the product interface. By-request deletion requires emailing the vendor. Absence of either is worst-state.
Under FERPA, a category of student information that schools may disclose without prior parental consent — typically name, grade level, dates of attendance, and participation in activities. Distinct from the broader category of education records.
A vendor's practice of maintaining a record of every disclosure of student records to a third party, available to the school for inspection.
A dated change to a vendor's policy, terms, or product language that warrants a fresh read. Documented in the First Watch audit series.
A U.S. federal law (20 U.S.C. § 1232g) governing the privacy of student education records held by educational agencies and institutions receiving federal funding. Grants parents (and students who turn 18) specific rights of access, amendment, and consent.
A FERPA provision (34 C.F.R. § 99.31(a)(1)(i)) that allows a school to disclose education records to a third party without parental consent, provided the third party performs services the school would otherwise perform, is under the school's direct control, and uses the records only for authorized purposes. A vendor that explicitly accepts this designation takes on obligations equivalent to district staff for that data; a vendor that disclaims it does not.
The verdict assigned when a tool either triggers a dealbreaker on any axis, or accumulates two or more worst-state answers on any single axis. Means the tool should not be used until the underlying conditions are resolved.
The Language Firm's proprietary methodology for reading vendor language against a defined rubric to produce a documented governance verdict. Reads policies and terms the way an investigator reads a deposition: for what is said, what is omitted, where responsibility is distributed, and where language shifts between documents to obscure accountability.
The middle answer on any rubric input, indicating partial compliance, ambiguous language, or conditional support. Mid-state answers do not trigger dealbreakers but count against the 3-of-4 best-state threshold required for Proceed.
The specific rights FERPA grants to parents (and to students once they turn 18): the right to inspect and review education records, the right to seek amendment of inaccurate records, and the right to consent to certain disclosures.
The current state of a vendor's commitments, capabilities, and language as it bears on a specific axis. Used three ways: data posture, FERPA posture, and children's data posture. Posture is a snapshot, not a guarantee; the First Watch audits exist because posture drifts.
The verdict assigned when a tool earns at least 3-of-4 best-state answers on every axis, with no dealbreakers. Signals that the Forensic Read™ finds no posture concerns on data, FERPA, or COPPA.
The route by which a tool entered a district's use: district contract, school-level contract, teacher account, or personal student account. Different paths trigger different governance obligations.
Whether a vendor's policy specifies a concrete retention period for the content users submit. Specific is named in the documents. Vague uses qualifiers like "as long as necessary." Indefinite or unstated is absence of any retention claim.
The structured set of twelve inputs across three axes, plus three dealbreakers, that the Scorer applies to produce a verdict. Decidable from documents alone, requires no specialized legal training, and produces consistent results between evaluators reading the same documents.
An FTC guidance position under COPPA permitting a school to consent, on behalf of parents, to online collection of personal information from students under 13, provided the collection is for the use and benefit of the school and not for any other commercial purpose. Functions as a workaround to the otherwise required VPC.
A third party that processes data on behalf of the primary vendor in the course of providing the service. Subprocessor disclosure is the public, dated list of all such third parties.
A vendor-published subdomain or page (commonly trust.[vendor].com) that aggregates compliance attestations, certifications, subprocessor lists, DPAs, and security documentation in one location. Highest-yield single resource for a Forensic Read™ on a vendor with mature governance documentation.
A vendor's practice of using user-submitted content to train or improve its AI models. The most consequential input asks whether the default behavior involves training. A yes-by-default answer is a dealbreaker because it places the burden of protection on the user rather than the vendor.
The COPPA standard for obtaining parental permission to collect personal information from a child under 13. To count as verifiable, the mechanism must use a method enumerated in COPPA Rule §312.5.
The output the Scorer produces when the rubric is applied: Proceed, Caution, or Flag. Deterministic — two readers who answer the twelve inputs the same way arrive at the same verdict. A starting point for governance action, not a substitute for it.
How the Pre-Service Lookup relates to The Language Firm's full methodology. This tab defends the design choices behind the rubric and locates the Scorer's verdicts relative to what a complete Forensic Read™ produces. Read this before citing a verdict, designing institutional reliance on the tool, or comparing it to the firm's full investigative work.
The Pre-Service Lookup is the most basic and topical application of what The Forensic Read™ methodology can produce. It is not the methodology itself. It is a structured, scoped output for a single use case: K-12 AI vendor governance triage at the document layer.
The full Forensic Read™ is an investigative methodology drawing on three academic disciplines — discourse analysis, pragmatic and intertextual analysis, and forensic language analysis — applied across four sequential stages: READ (map the document ecosystem), TRACE (track where meaning shifts between documents), SURFACE (identify what is assumed, obscured, or normalized by omission), and BUILD (produce governance infrastructure in the appropriate register for the audience). The methodology is performed by a named human investigator and produces evidence-grade findings, accountability maps, and signed governance protocols that a district can stand behind under federal program review.
The Pre-Service Lookup applies only a fragment of one of those stages. It performs a structured, rubric-bounded version of SURFACE against a single document category (vendor compliance language), graded along three pre-defined regulatory axes, against twelve fixed inputs. It does not map document ecosystems, does not trace intertextual meaning shifts, and does not build governance infrastructure. It produces a verdict, not a finding; a triage signal, not an audit-grade analysis; a document a person can sign, not a system a district can defend.
The relationship matters: the Scorer democratizes a thin slice of the methodology so that pre-service teachers, parents, boards, and state agencies can perform first-pass triage themselves. Everything beyond first-pass triage — ecosystem mapping, accountability mapping, governance infrastructure, audit-grade findings — remains the work of a named human investigator performing the full Forensic Read™. Read the full methodology at languagefirm.org/the-forensic-read.
The rubric's three axes are the regulatorily anchored dimensions of K-12 AI governance. Each maps to an existing body of law or widely-accepted privacy practice that produces decidable readings from documents alone.
K-12 AI governance is a young domain. The rubric is constructed against the dimensions where law and established practice already provide grounded reading criteria, not against dimensions the rubric would have to invent its own standards for. The three axes map specifically to:
Dimensions the rubric does not currently grade — algorithmic bias, accessibility, pedagogical quality, environmental cost, AI hallucination rate — matter, but are not yet legally bounded in K-12 contexts in ways that produce reproducible readings from documents. When those dimensions become legally or normatively anchored, the rubric will extend. The Scorer is deliberately scoped to what is currently decidable; the full Forensic Read™ methodology engages dimensions the rubric cannot, through investigative work that does not reduce to a fixed input set.
Each dealbreaker is a single document-level fact that, on its own, makes the tool unsuitable for K-12 use regardless of how strong the rest of the posture is. Partial credit is not defensible on these three.
The dealbreakers are the inputs where the rubric treats partial compliance as no compliance:
The number three is not arbitrary. Other rubric inputs — retention specificity, parental rights, deletion right, and so on — are aggregable: a tool with weak posture on one input can compensate with strong posture on others, and the verdict reflects the aggregate. The three dealbreakers are inputs where the rubric determined the failure cannot be aggregated away. Adding a fourth dealbreaker would either (a) elevate an input that is aggregable in practice, undermining the rubric's calibration, or (b) duplicate work the existing three already do.
The threshold is calibrated to be meaningfully selective without being unattainable. The rubric produces verdict distributions that track real differentiation in the current K-12 AI landscape.
The threshold question is whether a tool should clear the Proceed bar with 4-of-4 best-state on every axis (the strictest reading), 3-of-4 (the current threshold), 2-of-4 (a permissive reading), or some axis-asymmetric combination. The 3-of-4 threshold was chosen because:
Axis-symmetric thresholds were chosen over axis-asymmetric ones because asymmetric thresholds would require the rubric to assert that one axis matters more than the others. That assertion is contested; the symmetric threshold leaves the prioritization question to the reader who applies the rubric, which is the appropriate locus for that judgment.
Privacy and compliance documents typically speak in three registers: explicit commitment, qualified or vague commitment, or absence of commitment. A three-option input maps onto how the documents actually read.
The alternative structures considered:
The three-option structure (best-state / mid-state / worst-state) matches the actual phenomenology of reading vendor documents. The evaluator's question on each input is: does the document explicitly commit to the favorable posture, does it partially or conditionally commit, or does it fail to address or disclaim? That question has three honest answers.
The verdict is a documents-based read at a specific date, produced by a structured rubric, signed by a named human. It is not a pedagogical recommendation, a security audit, or a guarantee. It does not replace governance.
The rubric is explicit about its scope:
Within those limits, the verdict claims one thing: that any reader applying the rubric to the same documents on the same date arrives at the same result. That is the reproducibility claim, and it is what makes the methodology citable.
Accountability for what happens to students in a building belongs to a person, never to a tool. The verdict the Scorer produces is not the Forensic Read™. It is a structured output a named human signs and stands behind.
The full Forensic Read™ methodology is built on one conviction: accountability for what happens to students in a building belongs to a person, never to a tool, and the person responsible deserves to be equipped with the analysis, the systems, and the current intelligence to stand behind every decision they are asked to explain.
The Pre-Service Lookup honors that conviction in its design. The verdict is computed deterministically from the inputs, but the inputs are selected by a named human reading the source documents. The PDF that exports the verdict has a signing block precisely because the verdict without the signature is just math. The signature is what makes the document carry weight in an institutional conversation: a school board meeting, a procurement file, a parent conference, a state agency review.
The Forensic Read™ cannot be automated. A computer can never be held accountable. The Pre-Service Lookup is not an attempt to automate the methodology; it is an attempt to extend the most basic and topical application of the methodology to people who could not otherwise apply it. The signing line is the formal expression of that extension. A signed verdict, dated and named, with the source documents listed and the rubric applied: that is the document the firm publishes infrastructure to produce.
The rubric reads vendor language already published in vendor documents. Procurement-grade work — the questions a district sends a vendor and expects written, contractual answers back to — is a different instrument. That work lives in the Clarifier Workshop and the Upstream Vendor Risk Evaluation Protocol, not here.
The Lookup answers one question: what do the documents the vendor has already published say, read against a fixed rubric? It does not answer the procurement-grade questions a district legal team needs answered before authorizing a contract:
These questions matter, and the firm has built instruments to ask them. The Clarifier Workshop walks district leadership teams through procurement-grade vendor questioning against the district's own tools, documents, and context. The Upstream Vendor Risk Evaluation Protocol produces the structured record of vendor responses and the gaps those responses surface. Together, they are the BUILD-stage instruments the methodology produces when the SURFACE-stage triage the Lookup performs is complete.
The Lookup tells a district which tools warrant the deeper procurement work. The Clarifier Workshop and the Upstream Vendor Risk Evaluation Protocol perform that work.
To cite a verdict produced by The Pre-Service Lookup, name the tool, the date of the read, the rubric version, and the signing evaluator. Example: "Khanmigo, Pre-Service Lookup verdict: Proceed (verdict date: May 28, 2026; rubric: three-axis, twelve-input, three-dealbreaker; signed by Maria Rivera, Pre-service teacher, USF School of Education)." The rubric is published openly at thelanguagefirm.org. The full Forensic Read™ methodology, of which this rubric is one applied instrument, is documented at languagefirm.org/the-forensic-read.