This Data Processing Agreement (“Agreement”) forms part of the Terms of Service (“ToS”) between:

Customer (the “Controller”) and Thankdigit Co., a company incorporated in Delaware, USA (“Processor”) collectively, the “Parties”.

1. DEFINITIONS

For the purposes of this Agreement:

“Applicable Data Protection Law” means all applicable laws relating to the processing of Personal Data, including the General Data Protection Regulation (EU) 2016/679 and, where applicable, U.S. education privacy laws such as Family Educational Rights and Privacy Act.

“Personal Data” means any information relating to an identified or identifiable individual.

“Processing” means any operation performed on Personal Data.

“Data Subject” means students, staff, or other individuals whose data is processed.

“Sub-processor” means any third party engaged by Processor.

2. SCOPE AND ROLES

2.1 The Parties acknowledge that:

The Customer is the Controller.

Thankdigit is the Processor.

2.2 The Processor shall process Personal Data solely:

On documented instructions from the Customer;

For the purpose of providing the Thankdigit SNS platform.

3. NATURE AND PURPOSE OF PROCESSING

3.1 Purpose

Provision of a student notification system, including:

Multi-channel notifications (push, messaging platforms);

Notification automation;

Event-triggered communication workflows;

Segmentation and targeting;

Analytics and reporting.

3.2 Categories of Data Subjects

Students;

University staff;

Applicants (if applicable).

3.3 Types of Personal Data

May include: Name, Email address, Phone number, Student ID, Message content, Usage/analytics data.

Optional (if provided by Customer): Birthdate, Gender, Citizenship, Academic information (faculty, department, etc.).

4. PROCESSING LOCATIONS

4.1 Processing may occur:

On Thankdigit-managed infrastructure (e.g., cloud providers).

OR fully on Customer-controlled infrastructure (self-hosted deployment).

4.2 Where self-hosted:

Processor does not store Customer Data;

Processor acts only as a software provider, not an active processor (except support cases);

Customer assumes full responsibility for infrastructure security and compliance.

5. OBLIGATIONS OF THE PROCESSOR

The Processor shall:

Maintain a comprehensive security program aligned with ISO/IEC 27001 principles.

Process Personal Data only on documented instructions.

Ensure personnel are bound by confidentiality obligations.

Implement appropriate technical and organizational measures.

Provide reasonable compliance documentation upon request.

Assist Customer in fulfilling obligations under Applicable Data Protection Law.

Notify Customer of any Personal Data Breach without undue delay.

6. SUB-PROCESSORS

6.1 Authorized Sub-processors:

DigitalOcean, Inc. (cloud infrastructure, where applicable).

6.2 Conditional Processing Model:

If Customer deploys SNS on its own infrastructure - no sub-processors used.

6.3 The Processor shall:

Maintain an up-to-date sub-processor list.

Ensure Sub-processors are bound by equivalent data protection obligations.

Remain fully liable for Sub-processor performance.

6.4 Website-only tools (not part of SNS processing):

Matomo (self-hosted);

Google Analytics.

These do not process SNS Customer data.

6.5 Self-hosted override:

No sub-processors engaged.

7. INTERNATIONAL DATA TRANSFERS

7.1 Where Personal Data is transferred outside the EEA, such transfers shall be governed by:

The EU Standard Contractual Clauses.

7.2 The SCCs are incorporated by reference and apply as follows:

Module Two (Controller - Processor).

Processor acts as “data importer”.

Optional Module 3 if sub-processors engaged.

7.3 Supplementary safeguards include:

Encryption; Access controls; Data minimization.

8. SECURITY MEASURES

Processor shall implement appropriate measures, including:

Encryption in transit (always) and at rest (if required by Customer);

Role-Based Access Control (RBAC);

Secure authentication mechanisms;

Tenant (Customer) data isolation;

Logging and monitoring;

Backup and disaster recovery systems;

Incident response procedures.

9. DATA SUBJECT RIGHTS

Processor shall assist Customer in responding to requests related to:

Access, Rectification, Erasure, Restriction, Portability.

10. PERSONAL DATA BREACH

10.1 Processor shall notify Customer:

Without undue delay and with all relevant details available.

10.2 Notification shall include:

Nature of breach, categories of data affected, and mitigation steps taken.

11. DATA RETENTION AND DELETION

11.1 Upon termination:

Data retained for 90 days for recovery purposes.

11.2 At Customer request:

Immediate deletion available.

11.3 After retention period:

Data permanently deleted or anonymized.

12. AUDIT RIGHTS

12.1 Customer may conduct audits:

With reasonable prior notice.

No more than once annually (unless required by law).

12.2 Audits shall:

Not disrupt operations;

Be subject to confidentiality obligations.

12.3 Processor may provide:

Certifications and security reports as an alternative to on-site audits.

13. LIABILITY

13.1 Liability under this Agreement:

Subject to limitations in the Terms of Service (ToS).

13.2 No expansion of liability beyond ToS unless required by law.

14. FERPA COMPLIANCE

14.1 Processor qualifies as a “School Official” under Family Educational Rights and Privacy Act where applicable.

14.2 Processor agrees:

To use education records only for authorized purposes.

Not to disclose data without Customer authorization.

To implement safeguards consistent with FERPA requirements.

14.3 Processor shall:

Assist Customer with FERPA compliance obligations.

Support audit or access requests from institutions.

15. GOVERNING LAW

This Agreement shall follow the governing law defined in the ToS.

16. CONTACT

All data protection inquiries:

Email: info@thankdigit.com