Data Processing Addendum

1. Parties and Roles

EquiOps is operated by VenturePath Enterprises LLC, registered in Missouri. Under this DPA, the district is the controller and VenturePath Enterprises LLC (EquiOps) is the processor for personal data handled through EquiOps services.

2. Processing Scope

Processing is limited to services requested by the district and described in applicable order forms or agreements.

• Data Subjects: Authorized district personnel and, where applicable, student-related records provided under district authorization.
• Data Categories: Account/contact data, operational datasets, analytics outputs, and support communications.
• Purpose: Service delivery, analytics, support, security, and reliability operations.

3. Processing Instructions

Processor activities are performed only on documented instructions from the district, except where processing is required by applicable law.

4. Confidentiality

Personnel authorized to process district data are bound by confidentiality obligations and are expected to follow privacy and security procedures relevant to their responsibilities.

5. Security Measures

EquiOps maintains technical and organizational measures appropriate to processing risk, including access controls, encrypted communication, logging, monitoring, and incident response controls.

6. Subprocessors

EquiOps may engage subprocessors for infrastructure and support functions. Subprocessors are subject to contractual data protection obligations substantially equivalent to this DPA. EquiOps remains responsible for subprocessor performance to the extent required by contract.

7. Data Subject Rights Assistance

EquiOps provides reasonable assistance to help districts respond to applicable rights requests, including access, correction, deletion, and related obligations under applicable law.

8. Regulatory Cooperation

EquiOps will provide reasonable information and cooperation requested by districts to support compliance documentation and lawful regulator inquiries, subject to confidentiality and security safeguards.

9. Security Incident Notification

EquiOps will notify affected districts without undue delay after confirmation of a security incident involving district personal data, consistent with legal and contractual requirements.

10. Data Return and Deletion

Upon service termination or district instruction, EquiOps supports data return and deletion workflows as required by contract, subject to legally required retention.

11. Audit and Assurance

EquiOps provides reasonable information necessary to demonstrate compliance with this DPA, using methods that protect system security, confidentiality, and other customer obligations.

12. Data Location and Transfers

EquiOps primarily uses U.S.-based infrastructure. If cross-border processing is required, transfer mechanisms and safeguards will be handled according to applicable law and contractual terms.

13. Liability and Order of Precedence

Liability and remedy terms for data processing are governed by the applicable service agreement and related order documents. Where there is conflict, signed contract documents control according to their stated order-of-precedence provisions.

14. Term and Survival

This DPA applies during the period EquiOps processes district data and survives as needed for confidentiality, security, and legal obligations.

15. Informational Notice

This DPA summary page is provided for general informational purposes and does not constitute legal advice.