30 questions to ask every K-12 AI vendor before signing.
Most school procurement on AI is happening on top of marketing decks, not diligence. The questions below come out of co-authoring real DPAs with real schools, watching real procurement reviews break apart, and reading real DPDP rules. Print this. Bring it to the next vendor call. Watch how many vendors can answer all thirty.
Hosting and data residency (Q1-Q6)
1. Where physically does my school's data sit at rest? 2. Where physically does it sit during model inference? 3. If the answer to either is "outside India," what consent path covers that, and how does it survive the cross-border negative list activating in November 2026? 4. What is your retention policy for raw conversation logs, and how long until cryptographic erasure on contract termination? 5. Per-school encryption keys, or shared namespace? 6. Show me your CERT-In empanelled pen-test report from the last twelve months โ under NDA is fine.
The Data Processing Agreement (Q7-Q12)
7. Show me your master DPA template โ not the marketing summary, the actual signable document. 8. Does it contain all twelve clauses Schedule IV of DPDP requires (scope, processing instructions, confidentiality, sub-processor controls, security measures, twenty-four-hour breach notification, audit rights, data-subject-request assistance, cross-border disclosure, return/deletion at termination, liability, governing law)? 9. What are the limits on your sub-processor changes โ can I veto, or am I notified after the fact? 10. What is your indemnity ceiling, and does it cover a worst-case DPDP penalty stack? 11. What is the contract exit path, and does the deletion certificate go through a third-party audit? 12. Who signs the DPA from your end โ the founder, counsel, or a sales lead?
Training on student data (Q13-Q15)
13. Will my students' data ever be used to train your model, an upstream vendor's model, or any third party's model โ with or without aggregation? 14. If "no," show me the contract clause that binds you to that. 15. If "yes under a future opt-in," show me the consent mechanism and the parent-facing copy.
Safety architecture (Q16-Q22)
16. What is your input-side safety classifier, and what languages does it pass at what threshold? 17. What is your output-side classifier? 18. What is the self-harm-detection protocol โ three tiers, signed off by a named clinician, with named helpline partnerships? 19. What is your false-positive rate when a kid is just venting about an exam? 20. What is your audit-log retention, and can my school's DPO see it? 21. How are flags surfaced to the school โ dashboard, SMS, email, all of the above โ and what is the SLA for each tier? 22. What happens if the model surfaces inappropriate content unrelated to distress โ incident commander, parent comms timeline, the works?
Curriculum and tool bounds (Q23-Q26)
23. Is the tutor sandboxed to my school's approved curriculum, or does it have open-internet access? 24. Show me how you prove "no open internet" to a procurement reviewer. 25. What is the Indic-language coverage, eval-gated, with published per-language thresholds? 26. What is your incident-response process for a documented hallucination on a math or science answer?
Commercials and exit (Q27-Q30)
27. What is the per-student annual cost, and what does it include โ tutor, dashboard, training, policy support? 28. What does it not include? 29. What happens to my school's data on the day my contract ends โ proof of deletion within thirty days, audit certificate, the lot? 30. If you go out of business in 2028, what is the data-portability path, and which third party holds the escrow?
If a vendor can answer all thirty without escalation, that is the bar. If they can't answer fifteen, walk. If they can't show you the DPA before the procurement decision, they are not ready to be in your school.