TeachAid Data Processing Agreement

Effective Date: July 22, 2025
Last Updated: July 22, 2025

​

This Data Processing Agreement (“DPA”) is entered into by and between TeachAid, a product of 1000662662 Ontario Corporation (“Processor” or “TeachAid”), and any School, District, or Educational Organization that uses TeachAid Services (“Controller” or “District”).

​

Together with the Terms of Service, Student Privacy Policy, and Privacy Policy, this agreement governs the processing of student, teacher, or organizational data under applicable law.

​

 

1. Purpose

TeachAid agrees to process data only as necessary to:

​

• Deliver curriculum and instructional tools
   

• Provide AI-assisted supports
   

• Support teacher and administrator dashboards
   

• Comply with contractual obligations and privacy laws
   

TeachAid will not use, sell, share, or access data for any unauthorized purposes.

​

 

2. Definitions

TeachAid.ca Definitions
 

• Controller: The school, district, or educational agency that determines data purposes.
   

• Processor: TeachAid, operating under the Controller’s authority and instruction.
   

• Protected Data: Any PII or student data governed under FERPA, COPPA, Ed Law 2-d, PIPEDA, or similar laws.
   

• Subprocessor: A third party authorized to process data on behalf of TeachAid.
   

• Service: The TeachAid platform, apps, tools, and related services.

​

 

3. Types of Data Collected

TeachAid collects only the minimum necessary to deliver Services.

​

• Data Collected
   

• Purpose
   

• Student first name or nickname
   

• To identify session work
   

• Class code
   

• To associate responses with a teacher/class
   

• Student work submissions
   

• To provide feedback, instruction
   

• AI tutor interactions
   

• To deliver learning support
   

• Technical metadata
   

• For security, diagnostics, and support
   

TeachAid does not collect full names, email addresses, persistent device IDs, behavioral data, or sensitive categories (e.g. medical, biometric, geolocation).

​

 

4. Compliance and Legal Alignment

TeachAid agrees to comply with:

​

• FERPA (as a school official with legitimate educational interest)
   

• COPPA (no direct collection from children)
   

• Ed Law 2-d (New York)
   

• PIPEDA (Canada)
   

• GDPR (where applicable)
   

Districts retain all rights to data under local law and contract.

​

 

5. Data Use and Restrictions

TeachAid will:

​

• Process data solely on behalf of the Controller
   

• Not disclose or sell data to third parties
   

• Not use data for marketing, profiling, or commercial analytics
   

• Use data only to provide and improve educational services
   

De-identified or aggregate data may be used for research or feature development only where permitted by contract and law.

​

 

6. Subprocessors

TeachAid may engage subprocessors for:

​

• Hosting and infrastructure
   

• Email communication
   

• AI model serving and analytics (non-personalized)
   

• Authentication

 

All subprocessors are:

​

• Bound by confidentiality and data protection agreements
   

• Audited regularly for compliance
   

• Prohibited from retaining or reusing data for any other purpose
   

📧 To request the most recent subprocessor list, email nadeem@teachaid.ca. Districts may object to new subprocessors within 30 days of notice.

​

 

7. Security

TeachAid follows industry-standard protections including:

​

• AES-256 encryption at rest
   

• TLS encryption in transit
   

• Industry standard authentication and access logging
   

• Hosting in Canada (DigitalOcean servers)
   

• Annual staff training
   

• Strict internal access controls
   

Any unauthorized access or suspicious activity is promptly investigated and documented.

​

 

8. Breach Notification

In the event of a confirmed data breach involving Protected Data:
 

• TeachAid will notify affected districts within 24 hours of discovery
   

• Notifications will include:
   

  • Nature and scope of breach
     

  • Type of data affected
     

  • Steps taken to mitigate harm
     

  • Support for affected users
     

• If law enforcement requests a delay, TeachAid will comply
   

 Incidents should be reported to nadeem@teachaid.ca

​

 

9. Data Access, Correction, and Deletion

Upon verified request from the Controller or parent/guardian, TeachAid will:

​

• Provide access to student data within 30 days
   

• Correct any inaccurate information
   

• Permanently delete Protected Data within 30 days
   

All deletions are logged and confirmed in writing.

​

 

10. Retention

TeachAid will retain Protected Data:

​

• Only for as long as necessary to fulfill educational purposes
   

• Up to 24 months of inactivity, unless instructed otherwise by the District
   

• Deleted within 30 days of account closure or written request
   

Teachers and administrators may delete student data through the dashboard or by written request.

​

 

11. Data Ownership

All data provided to TeachAid remains the sole property of the Controller.

TeachAid does not claim ownership of any:

​

• Student work
   

• Curriculum content
   

• Teacher-created or uploaded materials
   

Districts may export or request data at any time.

​

 

12. Audits and Documentation

TeachAid will:

​

• Maintain audit logs of system activity
   

• Provide documentation of security and privacy practices
   

• Cooperate with regulatory inquiries and school-led audits
   

Annual privacy reviews are conducted to ensure continued compliance.

​

 

13. Termination

Upon termination of services:

​

• All Protected Data will be deleted within 30 days
   

• Districts may request a certificate of data destruction
   

• Any surviving obligations under this DPA remain enforceable
   

 

14. Governing Law

This agreement is governed by the laws of the Controller’s jurisdiction unless otherwise agreed in writing.

​

 

15. Contact

 

📧 Privacy Contact: nadeem@teachaid.ca

🏢 Mailing Address: 515 Unit 23 Winston Rd, Grimsby, ON L3M 0C8, Canada