Student Data Privacy Addendum

Effective Date: July 21, 2025

This Student Data Privacy Addendum (“DPA”) is supplemental to the TeachShare Terms of Service available at https://www.teachshare.com/terms (“Terms of Service”). Capitalized terms that are not defined in this DPA have the meaning set out in the Terms of Service.

When our Service is used by an Educational Institution or Teacher for an educational purpose, TeachShare may collect or have access to Student Data (as such terms are defined in the Terms of Service).The processing of Student Data may be subject to the Family Educational Rights and Privacy Act (“FERPA”), the Children’s Online Privacy and Protection Act (“COPPA”), or other applicable federal or state student data privacy laws (together, the “Applicable Data Protection Laws”). To support compliance with Applicable Data Protection Laws, the parties agree as follows:

1. School Official. Educational Institution acknowledges and agrees that TeachShare is acting as a “school official” on behalf of Educational Institution under FERPA and otherwise processing Student Data on Educational Institution’s behalf under other Applicable Data Protection Laws. Educational Institution represents and warrants that Educational Institution has the authority under Applicable Data Protection Laws to provide TeachShare consent to collect personal information from Students for the purpose of providing the Services. To the extent required by Applicable Data Protection Laws, Educational Institution will inform parents and legal guardians how Student Data will be processed by the Services.
2. Collection of Student Data. TeachShare will collect, access, use, process, store, and disclose Student Data solely as necessary for the purpose of performing the Services. For example, if a Teacher uses TeachShare’s platform to prepare feedback on a Student’s assignment, TeachShare’s Service will process any Student Data included in the document to provide the requested Services.
3. Confidentiality. TeachShare agrees to treat Student Data as confidential and not to share it with third parties other than as described in this DPA and in the Agreement or with written consent of Educational Institution. TeachShare will not sell, disclose, make available or otherwise transfer Student Data to any third party without the prior written consent of Educational Institution, except to the extent that the transfer is necessary to provide the Services. For example, we will share Student Data with TeachShare’s AI service providers to enable the provision of the Services. For clarity, the service providers are not permitted to use the Student Data to train their AI models. Third parties who receive Student Data will be contractually bound to maintain the confidentiality of the Student Data and comply with data protection requirements consistent with those provided in this DPA.
4. No Targeted Advertising. TeachShare is prohibited from using, disclosing, or selling Student Data to (a) inform, influence or enable Targeted Advertising; or (b) develop a profile of a Student, family member/guardian or group, for any purpose other than providing the Services. For the purposes of this section, “Targeted Advertising” shall mean the presenting of an advertisement to a Student where the selection of the advertisement is based on Student Data or inferred over time from the usage of TeachShare’s Services or the retention of such Student’s online activities or requests over time for the purpose of targeting subsequent advertisements. “Targeted Advertising” does not include any advertising to a Student on an internet website based on the content of the webpage or in response to a Student’s response or request for information or feedback.
5. Adaptive or Customized Learning. Notwithstanding anything to the contrary in this DPA, TeachShare is expressly permitted to use Student Data for adaptive learning or customized Student learning (including generating personalized learning recommendations).
6. De-Identified Data. Notwithstanding anything to the contrary in this DPA, TeachShare will have the right to de-identify Student Data for the following purposes: (a) assisting the Educational Institution or other governmental agencies in conducting research, analytics and other studies; (b) research, analytics and development of the Services and demonstration of the effectiveness of the Services; and (c) as otherwise permitted under Applicable Data Protection Laws. TeachShare agrees not to attempt to re-identify de-identified Student Data. TeachShare’s use of de-identified Student Data will survive termination of this Addendum or any request by Educational Institution to return or destroy Student Data.
7. Legally Compelled Disclosure. If TeachShare is legally compelled to disclose any Student Data (whether by judicial or administrative order, applicable law, rule or regulation), then TeachShare will use reasonable efforts to provide Educational Institution with prior written notice before making the disclosure so Educational Institution can seek a protective order or other appropriate remedy to prevent the disclosure or to ensure confidentiality. TeachShare will not be required to provide such notice if TeachShare is prohibited from doing so by the applicable order, law, rule or regulation.
8. Direct Notice to Educational Institution - COPPA Authorization. Educational Institution hereby authorizes TeachShare to collect, use and disclose personal data from children under 13 years old in connection with the provision of the Services as set out in this Agreement. Upon written request from Educational Institution with regard to such data, TeachShare will provide an opportunity to review the child’s personal data, the right to delete the child’s personal data; and the ability to cease further collection or use of the child’s personal data. If the Educational Institution declines to provide consent or withdraws consent for the further collection or use of a child’s personal data, TeachShare may no longer be able to provide the Services for that child. Educational Institution affirms that it will provide appropriate notices to parents of the Educational Institution’s use of third-party services such as TeachShare’s Services.
9. Data Rights. TeachShare will reasonably assist Educational Institution in complying with requests from individuals to exercise rights with regard to Student Data under Applicable Data Protection Laws.
10. Data Security. TeachShare will implement and maintain reasonable administrative, physical and technical safeguards designed to prevent any unauthorized use, access, processing, destruction, loss, alteration, or disclosure of Student Data. TeachShare will implement and maintain policies and procedures in place to limit access to Student Data to only those employees that have a need-to-know based on specific job function or role.
11. Security Incident. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by TeachShare (“Security Incident”), TeachShare will notify Educational Institution without undue delay. TeachShare will adhere to all federal and state requirements with respect to the Security Incident, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of the Security Incident.
12. Data Destruction. Within thirty (30) days of the termination of the Agreement, or earlier upon Educational Institution’s reasonable request, TeachShare will return or destroy the Student Data.