Mental health is a prerequisite for learning, and all kids deserve access to mental healthcare. As the Trump administration ramps up its mass deportation campaign across the country, the already urgent need for mental health services for students is only increasing.
Chicago has been the focus of this campaign for many weeks, and, concerningly, Chicago Public Schools (CPS) is directing families and students to a for-profit mental health tech company, Hazel Health, that’s just merged with another startup with deep connections to one of ICE’s Big Tech partners, Palantir.
The Parent Coalition for Student Privacy wrote to the Chicago Board of Education along with other advocacy groups to urge the Board to address the inadequate protection for student data in Hazel Health’s contract with CPS just last week. After sending that letter, news emerged about Hazel Health’s merger.
Here’s what we know so far…
What to know about Hazel Health
Last fall, CPS signed a no-cost contract for Hazel Health’s telehealth counseling services for high school students and rolled out these services in March. The services Hazel is providing to CPS students are being underwritten by United Healthcare for students’ whose own public or private insurance doesn’t cover these counseling sessions. Hazel is privately-held, and its venture capital investors include Bain Capital and the firm of a heiress in the Walton family.
CPS’ contract with Hazel is set to renew automatically for two years on December 31, 2025. But if the Board of Ed gives notice by December 1st, the contract can be modified or canceled.
As mentioned above, last week, Illinois Families for Public Schools, Legal Action Chicago, Legal Council for Health Justice, NAMI Chicago, NASW-Illinois Chapter, and the Parent Coalition for Student Privacy, sent a letter to the Chicago Board of Ed and CEO/Superintendent urging them to review, rectify and—if necessary—cancel their contract with Hazel Health because of major issues with student data protection. You can read that letter here.
Why would advocates urge the Board to consider ending a contract for “free” mental health services for students at a time when there is ever increasing need and demand for counseling services?
First and foremost—nothing is free; it’s a truism at this point that free tech means you’re the product, not the customer, and Hazel’s parental consent form raises numerous red flags along these lines. It is both broad and vague—parents must agree that Hazel can use their child’s identifiable data for any research and development purposes. On top of that, parents also must agree that their child’s sensitive mental health and other data may be stolen (“illegally accessed”) once Hazel holds it.
Hazel’s website also has marketing trackers from Amazon, Google and Facebook—something that ed tech vendors can’t use under Illinois’ Student Online Personal Protection Act (SOPPA).
And Hazel’s contract doesn’t provide any details about what sort of highly sensitive data Hazel is collecting—even though that’s something required by SOPPA! As a result, families don’t know: Are these counseling sessions recorded? Are they transcribed? Are students’ eye movement, facial expressions and keystrokes tracked? Is any of this information combined with the medical data and screening assessments Hazel holds? No information about any of these types of data are even disclosed in CPS’ contract. IL-FPS has a more detailed explainer on Hazel’s privacy issues here.
And now Hazel has merged with Palantir-partner Little Otter…
Hazel announced this week that it merged with another mental health tech startup, Little Otter. Little Otter has an AI-based platform and uses the data from its clients to train its algorithms. All of Little Otter therapy sessions are recorded, and it’s unclear whether information from those recordings is being utilized as input for its AI platform.
Little Otter’s founder and CEO, Rebecca Egger, is one of the so-called “Palantir mafia”, having gotten her start in Silicon Valley at Palantir. Little Otter’s tech leads, including their previous CTO, COO and head of data engineering, are also all former Palantir employees.
Little Otter still has close ties to Palantir as one of its Global Builder startups that “use Palantir as a product multiplier to accelerate their missions.”
If you’re not familiar with surveillance tech behemoth Palantir, it’s been a major federal contractor for many years, and is now playing a key role in the Trump administration’s plan to merge data across federal agencies, including the IRS and the Social Security Administration.
One of those agencies is ICE. Palantir has been described as “the corporate backbone of ICE that the agency is relying on for surveillance and deportations,” and they are a—if not the—major tech partner in the Trump administration’s mass deportation plan.
What does this mean for CPS’ contract with Hazel?
Is data from CPS students’ online counseling sessions already being used to train AI algorithms? Will it be used that way in the future because of Hazel’s merger with Little Otter?
In response to the Trump administration’s ramping up federal law enforcement and military presence in Chicago, CPS has highlighted Hazel as a resource for students experiencing fear, anxiety and trauma, as communities across the city are terrorized by ICE’s secret police.
Which leads to another question: Could information from recordings or transcriptions of children’s counseling sessions eventually end up in a federal database? (The Chief Information Officer at the Department of Health and Human Services is also ex-Palantir.)
In light of all these questions, it’s simply not ok for the Chicago Board to allow the contract with Hazel automatically renew. CPS should review it, fix it—if that’s even possible—and if it can’t be fixed, cancel it.
Handing students’ most sensitive data over to tech broligarchs building the surveillance state to hunt down those students or their families is entirely unacceptable.
Free tech is never free, and that’s especially true in 2025.
What can you do?
If you are a Chicagoan, please advocate with their school district leaders about the existing contract with Hazel!
If you are not in Chicago, find out if your school district or state already has a contract with Hazel Health or is considering signing one. Hazel is in 19 states and 180 school districts, including many of the largest in the country: Los Angeles Unified School District, Miami-Dade and Broward County in Florida, Houston and Dallas ISDs in Texas, Fairfax Co VA, Clark Co NV, Jeffco CO, and the School District of Philadelphia.
You can check the Hazel website, and also Google for “Hazel Health” along with the name of your school district, state department of education or health or state’s lobbyist registration site. The North Carolina Department of Health and Human Services just signed a contract with Hazel which covers about 1/3 of the state. Iowa has a partnership with Hazel, as does Rhode Island. In both Virginia and in Georgia, Hazel is an approved vendor for the states’ respective departments of education.
Any and all of these type of contracts need scrutiny, as do any consent forms Hazel is using.
Hazel is also not the only tech company pushing to increase its market share in this space, any outsourcing to third-party tech firms merits a closer look. The data involved is extremely sensitive. There have been several significant ransomware attacks on school districts’ mental health data in recent years including Los Angeles and Minneapolis, with devastating information released about students and staff on the dark web. A major breach of a Finnish mental healthcare startup in 2020 resulted in blackmail attempts and deaths by suicide. CPS itself had a ransomware attack that exposed data of more than 700K students’ in early 2025, including Medicaid ID numbers.
Please reach out if you need assistance with researching what is happening in your district or state: info@studentprivacymatters.org. Even if your state does not have especially robust student privacy laws, your advocacy alone can make a difference!