We know you need to have us sign data agreements. To speed the process (because we get hundreds of these, please check that your agreements align to these criteria that must be met for us to sign.

Data storage location

We will accept United States. CONUS is not an acceptable limitation. 

Deletion on expiration:

This language is the correct language to include. We put all the power in your hands. The agreement shall state that you have the first obligation of action to protect your data:

Upon expiration of the Agreement, District shall use the tools provided to it by Contractor to export and delete all confidential information provided to Contractor. If for some reason District is not able to avail itself of the self-help tools provided, it may contact Contractor to delete confidential information. Contractor will automatically delete confidential information on expired accounts pursuant to the Deletion schedule in its Privacy Policy. Deletion is irreversible and unrecoverable.


We can agree to something very similar to the below language. We have carefully selected our cloud-services vendors. It is not feasible to require them the sign and agree to be bound by the terms of every DPA we sign and we will not sign any agreement that requires us to ask all subs to sign on to the terms of the DPA. We accept our responsibility for managing them and this language captures our commitment. 

Vendor will ensure that any subcontractors with whom it shares Student Data and/or Teacher or Principal Data are (a) subject to obligations of confidentiality at least as protective as this agreement and receive annual training on their privacy and security obligations, or (b) are engaged under a contract under which they agree that they have no right of access to Vendor's data stored in the subcontractors' cloud-based services.

Breach Reimbursements and Responsibilities and Indemnifications

We can agree to assist you with any breach. We will not agree to any reimbursement or notification requirement that is not limited to our conduct. Districts are responsible for the conduct of their employees. We will look for limitations such as "acts or omissions of the Vendor, or its officers, agents, subcontractors or employees." Failure to include such a limitation will result in us asking for a change.

Intellectual Property Terms

We cannot modify the IP terms in our Terms of Service. We will reject any language that attempts to modify those terms. Those terms are carefully crafted to meet your and our needs.

Entire Agreement Clauses

We cannot accept any entire agreement clause that overrides the entirety of our Terms of Service and Privacy Policy. We can agree to addendums that supersede select portions.

New York Section 2d

We extend the protections and elements of our New York Section 2-d Data and Security Plan to all users. We encourage you to incorporate that rather than reinventing the wheel where it meets your needs.