Schedule of Disposition Clause Samples

Schedule of Disposition. Data shall be disposed of by the following date: As soon as commercially practicable. Embrace® shall retain student data for one year in read-only format. All student data shall be deleted after expiration of that one-year. Embrace is not responsible for any lost student data after expiration of Contract.

Schedule of Disposition. Data shall be disposed of by the following date: As soon as commercially practicable. By [ ] 4. Signature Authorized Representative of LEA Date 5. Verification of Disposition of Data Authorized Representative of Provider Date

Schedule of Disposition. Data shall be disposed of by the following date: As soon as commercially practicable. By [ ] 4. Signature 10/29/2023 Authorized Representative of LEA Date 5. Verification of Disposition of Data 10/29/2023 Authorized Representative of Provider Date North East Provider offers the same privacy protections found in this DPA between it and ISD (“Originating LEA”) which is dated, 10/29/2023 to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing ▇▇▇ may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ BY: Boddle Learning Inc Date: 10/29/2023 Printed Name: ▇▇▇▇ ▇▇▇▇▇▇▇▇▇ Title/Position: Co-Founder

Schedule of Disposition. Data shall be disposed of by the following date: ✔ By [ ]

Schedule of Disposition. Data shall be disposed of by the following date: ✔ As soon as commercially practicable. By [ ] 4. Signature Authorized Representative of LEA 5/17/2024 Date 5. Verification of Disposition of Data Authorized Representative of Company 05/14/2021 Date 1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and Columbia Unit School Distri (“Originating LEA”) which is dated 05/14/2021 , to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing LEA may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ . PROVIDER:CodeCombat Inc. BY: Date: 5/14/2021 Printed Name: ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Title/Position: CEO 2. Subscribing LEA A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the Columbia Unit School Distri and CodeCombat Inc. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** #:: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP F...

Schedule of Disposition. Data shall be disposed of by the following date: As soon as commercially practicable. By [ ] 4. Signature Authorized Representative of LEA Date 5. Verification of Disposition of Data Authorized Representative of Provider Date The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit ▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇ for further details about the noted frameworks. This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Canva Pty Ltd ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Schedule of Disposition. Data shall be disposed of by the following date: A s soon as commercially practicable. By [ ] 4. Signature June 21,2023 Authorized Representative of LEA Date 5. Verification of Disposition of Data Authorized Representative of Company Date ▇▇▇▇▇▇ School District 53 Provider offers the same privacy protections found in this DPA between it and (“Originating LEA”) which is dated , to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing ▇▇▇ may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues;

Schedule of Disposition. Data shall be disposed of by the following date: _0_ As soon as commercially practicable. _O_syDate:

Schedule of Disposition. Data shall be disposed of by the following date: _ ___ As soon as commercially practicable. _ _ By [ ] [Intentionally omitted] E XHIBIT “F” The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization Information technology — Security techniques — Information security management ▇▇▇▇▇▇▇ (▇▇▇ ▇▇▇▇▇ series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit ▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇ for further details about the noted frameworks. The Provider uses the following technical and organizational measures to protect Student Data: Management controls ● The Provider maintains a comprehensive information security program with an appropriate governance structure (including a dedicated Information Security team) and written security policies to oversee and manage risks related to the confidentiality, availability and integrity of Personal Information. ● The Provider aligns its information security program and measures with industry best practices, such as the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001, Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) 800 frameworks. These controls are distilled and incorporated into an internal compliance framework that is applicable to all products and services. ● The Provider uses internal resources and third-party contractors to perform audits and vulnerability assessments and provide guidance on best practices for select systems containing Student Data. System assessments and network audits are per...