// Trust & Security Report

    Squirrel Ai North America (technology licensed from Yixue Education Inc. / Squirrel Ai China) logo

    Squirrel Ai North America (technology licensed from Yixue Education Inc. / Squirrel Ai China)

    Intelligent Adaptive Learning System (IALS) - AI-driven K-12 tutoring delivered via proprietary smart-learning tablets inside 3,000+ franchised physical learning centers; no standalone consumer app, API, or enterprise SaaS product is offered.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    COPPA (Children's Online Privacy Protection Act)
    HELD

    "We are required by the Children's Online Privacy Protection Act (\"COPPA\") to obtain verified parental consent before we collect, use, or disclose personal information collected from Learners under 13 years of age."

    Verify on squirrelai.com
    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center, security page, or mention of SOC 2 anywhere on squirrelai.com (home, privacy, terms, COPPA notice, product-features, or FAQ pages).

    source: squirrelai.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not referenced on any squirrelai.com page reviewed (privacy policy, terms of service, children's privacy notice, product features page).

    source: squirrelai.com
    GDPR
    NOT CONFIRMED

    Privacy policy discusses only CCPA and US state privacy laws; GDPR is not mentioned. FAQ states: "All personal data collected by Squirrel Ai North America stays securely within the United States and is never shared outside the country," implying no EU processing footprint requiring a stated GDPR posture.

    source: squirrelai.com
    HIPAA
    NOT CONFIRMED

    No public evidence. Squirrel Ai is a K-12 tutoring product, not a healthcare service; HIPAA is not mentioned anywhere on the vendor's site.

    source: squirrelai.com
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence of an AI-governance certification on squirrelai.com.

    source: squirrelai.com
    CSA STAR
    NOT CONFIRMED

    No public evidence.

    source: squirrelai.com
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable, vendor is a consumer/franchise edtech product, not a government cloud service.

    source: squirrelai.com
    PCI DSS
    NOT CONFIRMED

    No public evidence; payment processing (franchise fees, tuition) is not described in security terms anywhere on the site.

    source: squirrelai.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    US-only per vendor FAQ: "All personal data collected by Squirrel Ai North America stays securely within the United States and is never shared outside the country." Note the vendor also operates a legally separate entity, Squirrel Ai Asia, linked from the same site footer, whose data handling is not covered by this US privacy policy.

    Neither the Privacy Policy, Terms of Service, nor Product Features and Service Functions page states whether learner performance data is used to train the underlying adaptive-learning models, and there is no opt-out mechanism described. Treat as unknown / not publicly disclosed rather than assume either way.

    // Security controls

    Encryption in transit / at rest

    Not disclosed. Privacy Policy states only generic, non-specific language: "We use a combination of physical, technical, and administrative safeguards to protect the information we collect," with no detail on encryption standards, and an explicit disclaimer that they "cannot guarantee the security of the networks, systems, servers, devices, and databases."

    squirrelai.com

    Biometric data collection

    Product collects facial biometric data via device camera to create "face prints" for learner identification/engagement tracking, with an explicit carve-out excluding Illinois, Texas, and Washington residents due to state biometric privacy laws (BIPA and similar).

    squirrelai.com

    Data retention

    "Squirrel Ai will automatically delete Learner Data when the Learner Data is no longer needed for the purpose for which it was obtained, typically one year after account closure or inactivity."

    squirrelai.com

    Trust center / security documentation

    None found. No dedicated security or trust-center page exists on squirrelai.com; site-wide search and crawl (home, privacy, terms, COPPA notice, FAQs, product-features pages) returned no security architecture, audit, or certification content.

    squirrelai.com

    // Products & data scope

    Squirrel Ai Learning Center (IALS tablet platform)AI-adaptive K-12 tutoring, delivered in-person via franchised physical learning centers

    data: Learner PII (name, contact info), device/usage data, facial biometric data (face prints, with state exclusions), learning behavior and performance analytics

    This is the only product offered under squirrelai.com; there is no separate consumer self-serve app, developer API, or enterprise/B2B SaaS tier documented on the site. Franchise operators (Learning Center owners) are a distinct data-recipient category noted in the privacy policy.

    // What to watch

    • No trust center or security page exists; all security claims are generic boilerplate ("physical, technical, and administrative safeguards") with an explicit no-guarantee disclaimer, and no encryption or infrastructure detail is published.
    • Vendor collects children's facial biometric data ("face prints") via device camera, a sensitive data category, with only a partial state-law carve-out (IL, TX, WA) rather than a described technical safeguard or retention-specific policy for biometrics.
    • AI-training posture on learner data is undisclosed (no statement either way, no opt-out described) - flag for buyers who care about data reuse.
    • Name-collision risk: web search results returned an unrelated enterprise-AI-search company called "Squirro" (holds ISO 27001 / SOC 2 Type I) and an unrelated compliance-software product called "Squirrel (Acorn Compliance)" and another unrelated company "Squirrels.ai" - none of these certifications or products belong to this vendor (squirrelai.com, the K-12 tutoring franchise). Confirmed identity via the vendor's own domain content (franchise signup, IALS tablets, learning centers) before grading.
    • Squirrel Ai North America is described on the vendor's own FAQ as an independent US company merely licensing technology from a Chinese parent (Squirrel Ai China / Yixue), operating under a separate Squirrel Ai Asia entity for other regions; this assessment covers only the US entity behind squirrelai.com and should not be read as covering the Asia-region entity or its data practices.

    // At a glance

    Pricing model

    Franchise / brick-and-mortar tutoring center model; consumer tuition pricing not published on the corporate site (requires contacting a local center). Not a self-serve SaaS or API pricing model.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Squirrel Ai North America (technology licensed from Yixue Education Inc. / Squirrel Ai China)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    squirrelai.com

    > Browse all vendor trust reports