Effective Date: January 15, 2025
These Terms of Service (the “Agreement”) contains the legal terms and conditions of your access to and use of the Services (as defined herein) provided by Scoir, Inc., a Delaware corporation, (“Scoir”). The term “Customer” as used herein means the educational institution, local educational agency, school administrative unit, education industry association, company, or other legal or professional entity that utilizes or intends to utilize the Services. By your accepting this Agreement, either by your online digital indication of acceptance or by your execution of an Order Form (as defined herein) that references this Agreement, you acknowledge that you have read, understand, and agree to the terms of this Agreement and you represent that you have the authority to bind your institution to this Agreement.
1. DEFINITIONS. Capitalized terms defined herein shall have the meanings ascribed to them, including the following terms, which shall have the following meanings:
“Content” means any information inputted into the Website by Scoir or by a User and which may be accessible by other Users.
“Customer Data” means any information inputted into the Website by Customer, at Customer’s direction, or with Customer’s permission, including, without limitation, information inputted by Invitees, and for which access is restricted to Customer, Invitees, and other Users that Customer or Invitees may permit.
“Intellectual Property Rights” means any patent, trademark, trade secret, service mark, copyright, moral right, right in design, know-how, and any other intellectual or industrial property rights anywhere in the world whether or not registered.
“Invitee” means any User who is authorized by Customer to use the Services, or any portion thereof, and for whom Customer has provisioned the Services. Invitees may include, without limitation, Customer’s students and their parents or guardians, teachers, school counselors, and administrators.
“Order Form” means an ordering document entered into between Customer and Scoir that identifies Customer and specifies (i) the Products to which Customer is subscribing and which Scoir will provided to Customer pursuant to this Agreement, (ii) the Subscription Term, and (iii) the fees payable by Customer for the Services.
“Products” means Scoir’s cloud-based software applications, tools, features, and utilities that are separately packaged, marketed, and priced by Scoir, each of which constitutes a portion of the Services and which collectively constitute the entirety of the Services.
“Services” means the cloud-based college and career planning and counseling platform, as further described in Section 2.1, provided or made available by Scoir through the Website.
“Subscription Term” means the period of time further defined in Section 7.1 during which this Agreement governs the relationship between Scoir and Customer with respect to the Services.
“User” means any person who creates an account on the Website. Users include, but are not limited to, Invitees.
“Website” means the public Internet site available at the domain https://app.scoir.com, including any subdomain thereof, and all associated mobile applications.
2. USE OF THE SERVICES
2.1. Description of Services. The Services include information and functionality intended to educate and assist students in their post-secondary pursuits. More specifically and without limitation, the Services enable students to search for and learn about careers, career pathways, and related post-secondary educational opportunities; to communicate with their school faculty and administrators; to receive, complete, and submit assignments related to their college and career planning; to engage with representatives from post-secondary educational institutions; to create, manage, and submit their applications for admission to institutions of higher education; and to solicit from school faculty and administrators the creation and delivery of documents related to the post-secondary education admissions and enrollment process. The Services include a guidance management system that enables school counselors and administrators to monitor and assist students in their post-secondary planning; to engage and collaborate with students, parents and guardians, and representatives of post-secondary educational institutions; to manage the creation and delivery of documents related to applications for admission to institutions of higher education; and to collect, analyze, and report on student engagement, academic achievements, and post-secondary enrollment outcomes.
2.2. Additional Products. During the Subscription Term, Customer may add Products to the Services by executing one or more additional Order Form(s). Unless stated otherwise on an additional Order Form, this Agreement will apply to all Products and Services that Scoir provides Customer during the Subscription Term.
2.3. Customer’s Use. Subject to the terms and conditions of this Agreement, Scoir grants Customer the non-exclusive, non-transferrable, non-sublicensable, worldwide right to access and use, and to grant Invitees access to use, the Services for Customer’s own lawful and legitimate business or organizational purposes.
2.4. Use by Invitees. Customer acknowledges and agrees that it is solely responsible for (i) determining who is an Invitee; (ii) informing each Invitee that their use of the Services is subject to this Agreement; and (iii) controlling each Invitee’s level of access to relevant portions of the Services.
2.5. Account Ownership. Customer shall, at all times during the Subscription Term, designate and have designated: (i) one Invitee as an "account owner" authorized to serve as primary liaison to Scoir for account-related communications; and (ii) no less than one Invitee as "account administrator" authorized to create accounts for and manage permissions of other Invitees.
2.6. Access Control. Customer shall take reasonable precautions to require its Invitees to secure usernames, passwords, and any other means of gaining access to the Services. Without limiting the foregoing, Customer agrees to not require Invitees to disclose their passwords and will promptly revoke any Invitee's access to the Services following the termination of such Invitee's employment or engagement by Customer. Customer will promptly notify Scoir of any suspected unauthorized access to, or use of, the Services known to Customer.
2.7. Restrictions of Use. When using the Services, Customer shall not knowingly (and shall use commercially reasonable efforts to prohibit any Invitee to):
(a) attempt to gain unauthorized access to any Personally Identifiable Information of a User;
(b) attempt to undermine the security or integrity of the Website and the Services, and, where the Services are hosted by a third party, that third party's computing systems and networks;
(c) use, or misuse, the Services in any way which would reasonably be expected to impair or degrade the functionality of the Services or Website, or other systems used to deliver the Services, or impair or degrade the ability of any other User to use the Services or Website;
(d) attempt to gain unauthorized access to any portions of the Services other than those expressly provisioned pursuant to a valid Order Form;
(e) transmit via, or input into, the Website, anything that directly or indirectly (i) knowingly contains any viruses, worms or other malicious computer programming codes intended or likely to damage Scoir’s or any User’s system or data; (ii) may reasonably be deemed to be offensive to a preponderance of Users; (iii) is deceptive, defamatory, obscene, pornographic, or unlawful; or (iv) knowingly infringes or misappropriates any Intellectual Property Rights of a third party;
(f) sublicense, lease, sell, resell, rent, loan, distribute, transfer or otherwise allow the use of the Services for the benefit of any unauthorized third party;
(g) access or use the Services to build a similar or competitive product or service; or
(h) attempt to modify, copy, adapt, create derivative works of, reproduce, disassemble, decompile or reverse engineer the Services or any computer programs used to deliver the Services or to operate the Website.
3. SCOIR’S RESPONSIBILITIES.
3.1. Provision of Services. During the Subscription Term, Scoir will provide Customer and its Invitees access to use the Services as described in this Agreement and all applicable Order Forms. Scoir reserves the right to provide some or all elements of the Services through third-party service providers. Scoir shall be responsible for the acts or omissions of any third-party service providers as if they were the acts or omissions of Scoir.
3.2. User-Generated Content. Scoir may, but is not obligated to, monitor or review Content uploaded by Users to ensure that it is not inappropriate, erroneous, defamatory, libelous, slanderous, obscene, or profane. Scoir, in its sole discretion, may remove any Content from the Website. Notwithstanding the foregoing, Scoir will not be liable for the accuracy or appropriateness of any Content. In addition, certain portions of the Services may contain functionality by which Users may post reviews, make recommendations, or give ratings of Content. No review, recommendation, or rating provided within the Services shall be deemed to be either an endorsement by Scoir or an accurate statement of quality, competency, experience, or qualification pertaining to the subject matter thereof.
3.3. Data Privacy and Data Security. Scoir will safeguard the confidentiality of Customer Data in accordance with the Data Processing Addendum attached hereto as Appendix A.
3.4. Accessibility. Scoir shall use reasonable efforts to ensure that the Services maintain, at all times during the Subscription Term, compliance with all applicable federal and state laws and regulations providing for equally effective and substantially equivalent ease of use for persons with disabilities, including but not limited to those set forth in the Americans with Disabilities Act (ADA). The Web Content Accessibility Guidelines (WCAG) 2.1 Level AA shall be used to evaluate conformance of the Services with this Section 3.4.
3.5. Service Reliability. Subject to the terms and conditions of this Agreement, Scoir will use commercially reasonable efforts to make the Services generally available for use by Customer and its Invitees at any time, excluding planned downtime and any unavailability caused by circumstances beyond our reasonable control, including without limitation, acts of God, acts of government, floods, fires, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Scoir’s own employees), Internet service provider failures or delays, denial of service attacks, or any other force majeure event or factors. Scoir acknowledges that Customer may consider a failure to reasonably meet its service reliability commitments to be a material breach of this Agreement. Accordingly, and notwithstanding anything to the contrary in this Agreement, Customer's sole remedy for Scoir’s failure to reasonably meet its service reliability commitments shall be to terminate this Agreement for cause pursuant to Section 7.3.
3.6. Support Services. During the Subscription Term, Scoir will provide Customer and its Invitees with “help desk support” of the Products via email to support@scoir.com during customary business hours and via access to Scoir’s online self-service support portal available at https://scoir.helpdocs.io. Scoir will use reasonable practices to respond to email support queries within one business day. Scoir reserves the right, in its sole discretion, to limit or deny access to support services to any Invitee who acts or who has acted in a way that might reasonably be determined to be harassing or abusive of Scoir’s support representatives.
4. THIRD PARTY SERVICES. Through the Services, Customer and Invitees may be able to elect to receive services from partners of Scoir (each such service, a “Third-Party Service”, and each such partner, a “Partner”). Third-Party Services are not provided on the Website and they are not considered part of the Services covered by this Agreement. Scoir is not responsible for Third-Party Services or any material, information or results available through Third-Party Services. Partners may require Customer and Invitees to agree to terms and conditions or agreements with respect to their provision of the Third-Party Services. Customer or Invitees are solely responsible for, and assume all risk arising from, Customer’s or Invitees’ election and receipt of any Third-Party Service. If Customer or Invitees elect to receive a Third-Party Service, Customer or Invitees, as the case may be, authorize Scoir to submit to the applicable Partner certain information about Customer or Invitees that such Partner may reasonably request in order to provide the Third-Party Service to Customer or Invitees, provided that Scoir’s sharing of such information is (i) authorized by Customer or Invitees, as the case may be, and (ii) not otherwise prohibited by applicable law or regulation (the “Shared Information”). Customer is responsible for the accuracy of all Shared Information provided to Scoir and approved to be submitted to Partners. Customer represents and warrants that Customer have all the rights in and to any Shared Information necessary to provide Shared Information, and that Scoir’s use of Shared Information as contemplated hereunder will not violate any rights of privacy or other proprietary rights, or any applicable local, state or federal laws, regulations, orders or rules. Customer and Invitees agree that, by electing to receive a Third-Party Service and consenting and authorizing Scoir to submit your Shared Information to a Partner, Customer and Invitees have waived and released any claim against Scoir arising out of a Partner’s use of Shared Information. The foregoing will not apply to the extent prohibited by law.
5. FEES AND PAYMENTS.
5.1. Subscription Fees. In consideration for the access rights granted to Customer and the Services made available by Scoir under this Agreement, Customer will pay to Scoir the fees set forth in the Order Form(s) in accordance with the fee schedule(s) specified therein. Unless otherwise provided for in an Order Form, all undisputed fees are due and payable within thirty (30) days of the Customer’s receipt date of the invoice. All fees paid are non-refundable except as otherwise provided for herein. Customer agrees to provide Scoir with complete, accurate, and current billing and contact information at all times. Customer and Scoir agree to work together in good faith to resolve any disputed fees in a timely manner.
5.2. Non-Payment. If Customer fails to pay undisputed amounts due under this Section 5, then Scoir’s sole recourse is to suspend Services pursuant to Section 6.2 and to terminate this Agreement pursuant to Section 7.3 Notwithstanding the foregoing, if any Customer payment is dishonored or returned because it cannot be processed by a bank, Scoir reserves the right to charge Customer any bank fees or charges for return items that Scoir incurs.
5.3. Taxes. Scoir may charge, and Customer agrees to pay, any applicable sales, use, or value-added taxes applicable to the provision of the Services. Customer shall have no liability for any taxes based upon Scoir’s gross revenues or net income.
(a) If Customer is a tax-exempt organization, Customer agrees to provide Scoir with a valid and accurate certificate of sales tax exemption within seven (7) days of submitting an Order Form.
(b) Scoir is solely responsible for timely remittance to state and/or local authorities of any sales and use taxes it collects from Customer related to the sale of goods and services under this Agreement.
5.4. Payment by Credit Card. If paying by credit card, Customer authorizes Scoir to charge its credit card or bank account for all fees payable. Customer further authorize Scoir to use a third party to process payments for fees payable, and consent to the disclosure of payment information to such third party as required to process such payments.
6. SERVICE SUSPENSIONS
6.1. Suspension for Prohibited Acts. Scoir may suspend any User’s access to any or all Services without notice for use of the Services in a manner that Scoir deems, at its reasonable and sole discretion, to: (i) violate applicable local, state, or federal laws or regulations; or (ii) violate any restrictions of use contained in Section 2.9. If Scoir suspends an Invitee’s access pursuant to this Section 6.1, Scoir shall, as soon as commercially practical, provide Customer prior written notice describing the violation and, for violations capable of being resolved, Scoir shall provide Customer a thirty-day period to cure such violation and restore said Invitee’s access promptly after the cause of the violation has been resolved.
6.2. Suspension for Non-Payment. In the event that any undisputed fees due and payable hereunder remain unpaid for a period of thirty (30) days or more after the due date specified on the corresponding invoice, Scoir may suspend Customer’s (and its Invitees’) access to any or all of the Services until such amounts are paid in full. Scoir will notify Customer at least fourteen (14) days before suspension.
6.3. Suspension for Present Harm. If Customer’s website or use of the Service is (i) being subjected to denial-of-service attacks or other disruptive activity; (ii) being used to engage in denial-of-service attacks or other disruptive activity; (iii) creating a security vulnerability for the Services or others; or (iv) causing harm to Scoir or any Users, then Scoir may, with written electronic and telephonic notice to Customer, suspend all or any access to the Service. Scoir will try to limit the suspension to the affected portion of the Services and promptly resolve the issues causing the suspension.
7. SUBSCRIPTION TERM; TERMINATION.
7.1. Subscription Term. This Agreement shall commence on the date of Customer’s first acceptance of an Order Form and shall continue, unless lawfully terminated sooner as permitted herein, until the latest subscription period end date set forth in an Order Form.
7.2. Termination for Convenience. Customer may terminate this Agreement at any time for any reason, or for no reason, by providing Scoir with 30 days’ advance written notice. No prepaid fees shall be or become refundable upon termination pursuant to this Section 7.2.
7.3. Termination for Cause. Either party may terminate this Agreement for cause if the other party materially breaches any provision of this Agreement and such breach, if capable of being cured, is not cured within thirty (30) days of receiving written notice of such breach from the other party.
7.4. Post-Termination Rights. Upon any termination of this Agreement, all licenses, rights, and permissions granted to Customer hereunder will immediately terminate. If this Agreement is terminated by Customer pursuant to Section 7.3, Scoir will promptly refund Customer any prepaid fees relating to Customer’s access and use of the Services after the effective date of termination. Upon request by Customer made within 30 days of the effective date of termination of this Agreement, Scoir will make the Customer Data available to Customer for export or download. After such 30-day period, Scoir will have no obligation to retain or make available to Customer any Customer Data, unless legally required, and Scoir will dispose of such Customer Data as provided in Appendix A. Except as provided in Section 9 of this Agreement, and to the extent permitted by law, Scoir shall not be liable for any costs, losses, damages, or liabilities arising out of or related to a lawful termination of this Agreement.
7.5. Surviving Provisions. Section 5 (Fees and Payments), Section 7.4 (Post-Termination Rights), Section 7.5 (Surviving Provisions), Section 8 (Proprietary Rights), Section 9 (Indemnification), Section 10 (Disclaimers; Limitation of Liability), and Section 11 (General Provisions) will survive any terminated of this Agreement.
8. PROPRIETARY RIGHTS
8.1. Scoir Ownership. Scoir, or its licensors, owns all worldwide right, title, and interest (including all Intellectual Property Rights) in and to the Website, Services, Content, and software applications used to provide the Services. This Agreement does not convey any proprietary interest in or to any of Scoir’s Intellectual Property Rights or rights of entitlement to the use thereof except as expressly set forth herein.
8.2. Customer Ownership. Customer owns all worldwide right, title, and interest (including all Intellectual Property Rights) in and to the Customer Data. Customer hereby grants Scoir a non-exclusive, limited right to use, copy, transmit, store, and back-up Customer Data for the sole purpose of providing the Services to Customer.
8.3. User Feedback. Any feedback, comments and suggestions Customer or its Invitees may provide for improvements to the Services shall be deemed to have been given voluntarily and Scoir will be free to use, disclose, reproduce, license or otherwise distribute, and exploit such feedback as Scoir sees fit, entirely without obligation or restriction of any kind.
9. INDEMNIFICATION
9.1. Indemnification. Scoir shall indemnify, defend, protect, and hold harmless Customer, its Affiliates, trustees, officers, directors, and employees, from and against any and all damages awarded by a court, arbitration, or settlement, including associated penalties, fines, and expenses arising out of or incurred by the Customer as a result of (A) the gross negligence or willful misconduct of Scoir, its employees, or agents; (B) Scoir’s breach of this Agreement or applicable law; or (C) any actual or threatened claim alleging that the licensing, use, or other exploitation of the Services by Customer in accordance with the rights granted hereunder constitutes, under applicable laws of any jurisdiction within the United States of America, an infringement, dilution, or unauthorized use of any patent, copyright, trademark, or trade secret of any third-party. In the event that (i) some or all of the Services is held by a court of competent jurisdiction to infringe; (ii) an injunction is obtained against use of any material portion of the Services; or (iii) Customer believes in its good faith judgment that the Services is infringing, then Scoir shall promptly, at its sole option and expense, (a) procure for Customer the right to continue to use the infringing Services; (b) replace or modify the infringing Services to make its use non-infringing while being capable of performing essentially the same functions; or (c) require Customer to return or remove the infringing Services and cancel all rights thereto. If Scoir implements option (iii) above, then Customer may, at its option, terminate this Agreement, with immediate effect upon written notice to Scoir, and Scoir shall promptly refund Customer all prepaid fees relating to Customer’s access to and use of the Services after the effective date of termination. Notwithstanding the foregoing, Customer may participate at its own expense in any claim to which it is a party.
9.2. Exclusions. Notwithstanding the foregoing, Scoir will have no obligation under this Section 9 or otherwise with respect to any infringement claim based upon (i) any use of the Services not in accordance with this Agreement; (ii) any use of the Services in combination with other products, equipment, software, or data not supplied by Scoir where the cause of the infringement is the use of the Services in combination with any such products, equipment, software or data; or (iii) any modification of the Services by any person other than Scoir or its authorized agents.
9.3. Obligations. Scoir’s indemnifying obligations set forth above are expressly conditioned upon each of the following: (i) Customer will promptly notify Scoir in writing of any threatened or actual claim; (ii) Scoir will have sole control of the defense and settlement, if any, of any claim giving rise to the indemnity obligations herein; provided, however, that no settlement will be binding against Customer without Customer’s prior written consent; and (iii) Customer will cooperate with Scoir to facilitate the defense and settlement, if any, of any claim.
9.4. Exclusive Remedy. This Section 9 states the entire liability of Scoir and the sole and exclusive remedy of Customer and any of its affiliates, officers, directors, and employees for infringement claims and actions related hereto.
10. DISCLAIMERS; LIMITATION OF LIABILITY.
10.1. Disclaimer of Warranties. Customer’s use of the Services is entirely at Customer’s own risk. Scoir is not in the business of providing student counseling, college guidance, or any other professional advisory services. The Services are provided "AS IS" and on an “AS AVAILABLE” basis. EXCEPT AS OTHERWISE SPECIFIED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SCOIR DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER STATUTORY, EXPRESS OR IMPLIED, INCLUDING THOSE OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, NON-INFRINGEMENT, OR THE ACCURACY, RELIABILITY, QUALITY OF ANY CONTENT, DATA, OR INFORMATION MADE AVAILABLE VIA THE SUBSCRIPTION SERVICES. EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS. SCOIR DOES NOT WARRANT THAT THE SUBSCRIPTION SERVICES WILL BE COMPLETELY SECURE, FREE FROM BUGS, VIRUSES, INTERRUPTION, ERRORS, THEFT OR DESTRUCTION.
10.2. No Indirect Damages. TO THE EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, OR BUSINESS OPPORTUNITY, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.
10.3. Limitation of Liability. EXCEPT FOR CUSTOMER’S LIABILITY FOR THE PAYMENT OF FEES, SCOIR’S INDEMNIFICATION OBLIGATIONS IN SECTION 9, AND EITHER PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR VIOLATION OF INTELLECTUAL PROPERTY RIGHTS, IF, NOTWITHSTANDING THE OTHER TERMS OF THIS AGREEMENT, EITHER PARTY OR ITS AFFILIATES IS DETERMINED TO HAVE ANY LIABILITY TO THE OTHER PARTY, ITS AFFILIATES OR ANY THIRD PARTY, THE PARTIES AGREE THAT, TO THE EXTENT PERMITTED BY LAW, THE AGGREGATE LIABILITY OF A PARTY AND ITS AFFILIATES WILL BE LIMITED TO A SUM EQUAL TO THE GREATER OF (A) TOTAL AMOUNTS PAID OR PAYABLE BY CUSTOMER FOR THE SUBSCRIPTION SERVICES IN THE TWELVE-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO A CLAIM AND (B) ONE HUNDRED U.S. DOLLARS.
10.4. Third Party Products. TO THE EXTENT PERMITTED BY LAW, SCOIR AND ITS AFFILIATES DISCLAIM ALL LIABILITY WITH RESPECT TO THIRD-PARTY PRODUCTS MADE AVAILABLE THROUGH THE SUBSCRIPTION SERVICES. OUR LICENSORS SHALL HAVE NO LIABILITY OF ANY KIND UNDER THIS AGREEMENT.
10.5. Agreement to Liability Limit. CUSTOMER UNDERSTANDS AND AGREES THAT ABSENT ITS AGREEMENT TO THIS LIMITATION OF LIABILITY, SCOIR WOULD NOT PROVIDE THE SUBSCRIPTION SERVICES TO CUSTOMER.
10.6. Exceptions. EXCLUSIONS AND LIMITATIONS SET FORTH IN THIS SECTION 10 WILL NOT APPLY TO CLAIMS AND DAMAGES RESULTING FROM SCOIR’S UNAUTHORIZED DISCLOSURE OF DATA IN VIOLATION OF THE DATA PRIVACY ADDENDUM (APPENDIX A), AND DAMAGES RESULTING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.
11. GENERAL PROVISIONS
11.1. Publicity. Customer hereby grants Scoir the limited right to display, in accordance with Customer’s published trademark usage guidelines (if any), Customer’s name and logo on Scoir’s digital properties. Customer may limit or withdraw this permission at any time by completing and submitting a “Publicity Restrictions” form located at https://www.scoir.com/publicity-restrictions. Scoir hereby grants Customer permission to display, in accordance with Scoir’s published trademark usage guidelines, Scoir’s name, logo, and links to the Website on Customer websites and other materials as Customer may reasonably deem appropriate to promote the Services. The rights granted under this Section 11.1 shall expire upon termination of this Agreement.
11.2. Governing Law and Jurisdiction. This Agreement shall be interpreted, governed, and construed in accordance with the laws of the state where Customer is principally located; provided, however, that, if Customer is principally located outside the United States of America, then this Agreement shall be interpreted, governed, and construed in accordance with the laws of the State of Delaware. The parties hereby agree, to the extent not barred by immunity, that any dispute must be heard by any state court located within the capital city or principal city of such state, and the Parties hereby consent to the personal jurisdiction and exclusive venue of such courts.
11.3. Relationship of the Parties. Scoir is an independent contractor to Customer. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.
11.4. No Agency. For the avoidance of doubt, each of Scoir and Customer are entering into this Agreement as principals and not as an agent for any other company. Subject to any permitted assignment under Section 11.6, the obligations owed by Scoir under this Agreement shall be owed to Customer solely by Scoir and the obligations owed by Customer under this Agreement shall be owed solely to Scoir.
11.5. No Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement.
11.6. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (together with all Order Forms) without the other party’s consent in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
11.7. Notice. Except for the service of legal documents required to be delivered in physical form, the parties agree to use email to satisfy required or permitted written approvals, notices, and consents under this Agreement. Scoir will provide all notices to Customer by sending an email to Customer’s identified account owner. Customer shall provide all notices to Scoir by sending an email to legal-notices@scoir.com. Email notices will be treated as received when sent.
11.8. Waiver. No delay or omission of a party to exercise any right hereunder shall be construed as a waiver of any such. Each party may exercise its rights granted herein at any time.
11.9. Severability. Any provision of this Agreement that is prohibited or unenforceable in any jurisdiction shall, as to such jurisdiction, be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions of this Agreement, and any such prohibition or unenforceability in any jurisdiction shall not invalidate or render unenforceable such provision in any other jurisdiction. Notwithstanding the foregoing, if such provision could be more narrowly drawn so as not to be prohibited or unenforceable in such jurisdiction while, at the same time, maintaining the intent of the parties, it shall, as to such jurisdiction, be so narrowly drawn without invalidating the remaining provisions of this Agreement or affecting the validity or enforceability of such provision in any other jurisdiction.
11.10. Entire Agreement. This Agreement, including all schedules and Order Forms and lawful modifications hereto, constitutes the entire agreement between Customer and Scoir regarding Customer’s use of Services and it supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Any provision of this Agreement may be waived only with the signed written consent of both parties. Neither failure nor delay on the part of any party in exercising any right, power, or privilege hereunder shall operate as a waiver of such right, nor shall any single or partial exercise of any such right, power, or privilege preclude any further exercise thereof or the exercise of any other right, power, or privilege.
11.11. Public Inspection of Agreement. Scoir acknowledges and agrees that this Agreement and all documents Scoir provides Customer as required herein, may, if and to the extent deemed public records under applicable law, be public records and may at all times be subject to public inspection.
11.12. Electronic Signatures. Each of the parties consents to the use of electronic signatures as valid execution and delivery of this Agreement and any other document relating thereto.
11.13. Counterparts. This Agreement may be executed in any number of identical counterparts. If so executed, each of such counterparts shall constitute this Agreement. In proving this Agreement, it shall not be necessary to produce or account for more than one such counterpart. Execution and delivery of this Agreement by electronic format shall constitute valid execution and delivery and shall be effective for all purposes.
11.14. Authority. Each party represents to the other that it has full power and authority to enter into this Agreement and that it is binding upon such party and enforceable in accordance with its terms. Customer further represents that it has the authority to procure its Affiliates’ compliance with the terms of this Agreement.
APPENDIX A
DATA PRIVACY ADDENDUM
This Data Privacy Addendum (“DPA”) forms a part of and is incorporated into the High School Terms of Service agreement between Scoir, Inc. and Customer. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. The parties agree as follows:
ARTICLE I: DEFINITIONS
“Applicable Law” means the federal and state statutes and regulations applicable to Customer Data and Student Data including the following, to the extent applicable: Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (“FERPA”); Children’s Online Privacy Protection Act, 15 U.S.C. § 6501-6502 (“COPPA”); Protection of Pupil Rights Amendment, 20 U.S.C. 1232h (“PPRA”); Individuals with Disabilities Education Act, 20 U.S.C. § 1400 et seq. (“IDEA”); and each specifically applicable state regulation, as provided in Exhibit A hereto.
“Data Breach” means an unauthorized release, access to, disclosure, or acquisition of Student Data that compromises the security, confidentiality, or integrity of the Student Data maintained by Scoir in violation of Applicable Law.
“De-Identified Information” means data from which all Personally Identifiable Information has been removed or obscured in a way that reasonably removes the risk of disclosure of the identity of the individual and information about them (e.g., by blurring, masking, or perturbation). De-identification should ensure that any information when put together cannot reasonably indirectly identify the student, not only from the viewpoint of the public, but also from the vantage of those who are familiar with the individual. Information cannot be de-identified if there are fewer than twenty (20) students in the samples of a particular field or category, e.g., fewer than twenty students in a particular grade or fewer than twenty students of a particular ethnicity.
“Personally Identifiable Information” means any Student Data and metadata obtained by reason of the use of the Services, whether gathered by Scoir or provided by Customer or its Invitees. Personally Identifiable Information includes, without limitation, indirect identifiers that, either alone or in aggregate, would allow a reasonable person to be able to identify a student to a reasonable certainty. For purposes of this DPA, Personally Identifiable Information shall include the categories of information listed in the definition of Student Data.
“School Official” means, consistent with 34 CFR 99.31(a)(1)(i)(B), a contractor that: (1) performs an institutional service or function for which the agency or institution would otherwise use employees; (2) is under the direct control of the agency or institution with respect to the use and maintenance of education records; and (3) is subject to 34 CFR 99.33 governing the use and re-disclosure of Personally Identifiable Information from student records.
“Student Data” means any Personally Identifiable Information, whether gathered by Scoir or provided by Customer or its Invitees, that is descriptive of Customer’s student Invitees, including, but not limited to, information in the student’s educational record or email, first and last name, home address, telephone number, email address, or other information allowing online contact, discipline records, videos, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security numbers, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information, text messages, documents student identifies, search activity, photos, voice recordings or geolocation information. Student Data includes Student Records and Student-Generated Content (to the extent identifiable to a User) for the purposes of this DPA and for the purposes of Applicable Law. De-Identified Information or anonymous usage data regarding a User’s use of the Services shall not be considered Student Data.
“Student-Generated Content” means materials or content created by a student during and for the purpose of education including, but not limited to, essays, research reports, portfolios, creative writing, music or other audio files, photographs, videos, and account information that enables ongoing ownership of student content.
“Student Records” means (1) any information that directly relates to a student that is maintained by Customer; and (2) any information acquired directly from a student through the use of instructional software or applications assigned to the student by Customer or its Invitees.
“Subprocessor” means a Third Party that Scoir uses for data collection, analytics, storage, or other service to operate and/or improve its software, and who has access to Personally Identifiable Information, a list of which is publicly available at www.scoir.com/terms-of-service.
“Targeted Advertising” means presenting an advertisement to a student where the selection of the advertisement is based on Student Data or inferred over time from the usage of the Services by such student or the retention of such student’s online activities or requests over time. "Targeted advertising" does not include any advertising to a student on an Internet web site based on the content of the web page or in response to a student's response or request for information or feedback.
“Third Party” means an entity that is not Scoir or Customer.
ARTICLE II: PURPOSE AND SCOPE
1. Purpose of DPA. The purpose of this DPA is to describe the duties and responsibilities to protect Student Data transmitted to Scoir from the Customer pursuant to the Agreement, including compliance with Applicable Law. In performing the Services, to the extent Personally Identifiable Information from Student Data is transmitted to Scoir from Customer, Scoir shall be considered a School Official with a legitimate educational interest, and performing services otherwise provided by the Customer. Scoir shall be under the direct control and supervision of the Customer, with respect to its use of Student Data.
2. Nature of Services Provided. Scoir has agreed to provide the Services described in the Agreement.
3. Student Data to Be Provided. In order to perform the Services described in this Article and the Agreement, Customer or Invitees may provide some or all of the data described in the Schedule of Data, attached hereto as Exhibit B.
4. Governing Terms. In the event of a conflict with the Agreement, the terms and conditions of this DPA shall prevail with regards to the subject matter hereof.
ARTICLE III: DATA OWNERSHIP AND AUTHORIZED ACCESS
1. Student Data Property of Customer. All Student Data transmitted to Scoir pursuant to this DPA is and will continue to be the property of and under the control of the Customer or the party who provided such data (such as the Invitee). Scoir further acknowledges and agrees that all copies of such Student Data transmitted to Scoir, including any modifications or additions or any portion thereof from any source, are also subject to the provisions of this DPA in the same manner as the original Student Data. The parties agree that as between them, all rights, including all Intellectual Property Rights in and to Student Data contemplated pursuant to this DPA shall remain the exclusive property of the Customer. For the purposes of Applicable Law, Scoir shall be considered a School Official, under the control and direction of Customer as it pertains to the use of Student Data notwithstanding the above. Scoir may transfer certain Student Data to a separate account according to the procedures set forth below.
2. Parent, Legal Guardian, and Student Access. To the extent required by law, Customer shall establish reasonable procedures by which a parent, legal guardian, or eligible student (as defined in FERPA) may review Student Data maintained by Scoir, correct erroneous information, and procedures for the transfer of Student-Generated Content to a personal account, consistent with the functionality of the Services. Scoir will cooperate and respond within five (5) days to Customer’s request to view or correct Student Data maintained by Scoir. In the event that a parent of a student or other individual contacts Scoir to review any of the Student Records or Student Data accessed pursuant to the Services, Scoir shall refer the parent or individual to the Customer, and Customer will follow the necessary and proper procedures regarding the requested information.
3. Separate Account. Scoir shall transfer Student Data transmitted to Scoir by a student to a separate User account for each student Invitee upon termination of the Agreement or a student’s earlier graduation from Customer; provided, however, that such transfer shall only apply to such Student Data that is severable from the Services.
4. Third Party Request. Should a Third Party, including, but not limited to law enforcement, former employees of the Customer, current employees of the Customer, and government entities, contact Scoir with a request for Student Data held by Scoir pursuant to the Services, Scoir shall, to the extent permitted by Applicable Law, redirect the Third Party to request the Student Data directly from the Customer and shall cooperate with the Customer to collect the required information. Scoir shall notify the Customer in advance of a compelled disclosure to a Third Party, unless legally prohibited. Scoir will not disclose, lend, lease, transfer, or sell the Student Data or any portion thereof to any Third Party or allow any Third Party to use the Student Data and/or any portion thereof, without the express written consent of the Customer or without a court order or lawfully issued subpoena. Student Data shall not include De-Identified Information or anonymous usage data regarding a student’s use of the Services.
5. No Unauthorized Use. Scoir shall not use Student Data for any purpose other than as explicitly specified in this DPA.
6. Subprocessors. Scoir shall enter into written agreements with all Subprocessors performing functions pursuant to this DPA, whereby the Subprocessors agree to protect Student Data in manner consistent with the terms of this DPA.
ARTICLE IV: DUTIES OF CLIENT
1. Privacy Compliance. Customer shall provide Student Data for the purposes of the DPA in compliance with Applicable Law.
2. Annual Notification of Rights. If Customer is subject to FERPA, then Customer shall ensure that its annual FERPA notice designates Scoir as a “School Official” pursuant to 34 CFR § 99.31(a)(1)(i)(B) and that, in providing the Services, Scoir has a "legitimate educational interest" pursuant to 34 CFR §99.7(a)(3)(iii).
3. Reasonable Precautions. Customer shall employ administrative, physical, and technical safeguards designed to protect usernames, passwords, and any other means of gaining access to the Services and hosted Student Data from unauthorized access, disclosure, or acquisition by an unauthorized person.
4. Unauthorized Access Notification. Customer shall notify Scoir within seventy-two (72) hours of any known or suspected Data Breach or compromise of any Invitee’s account that poses a privacy or security risk to the Services. Customer will provide reasonable assistance to Scoir in any efforts by Scoir to investigate and respond to such actual or suspected Data Breach.
ARTICLE V: DUTIES OF PROVIDER
1. Privacy Compliance. Scoir shall comply with all Applicable Law with respect to the privacy and security of Student Data and, at the direction of Customer, shall cooperate with any state or federal government-initiated audit of Customer’s use of the Services.
2. Authorized Use. Student Data shared pursuant to this DPA, including persistent unique identifiers, shall be used for no purpose other than the Services stated in this DPA, as authorized by Customer, or as authorized by the applicable student or parent. Scoir also acknowledges and agrees that it shall not make any re-disclosure of any Student Data or any portion thereof, including without limitation, any meta data, user content or other non-public information and/or Personally Identifiable Information contained in the Student Data, unless the Customer has given express written consent, it is De-Identified Information, or this DPA otherwise allows its disclosure.
3. Employee Obligation. Scoir shall require all employees and agents who have access to Student Data to comply with all applicable provisions of this DPA with respect to the data shared under this DPA. Scoir agrees to require and maintain an appropriate confidentiality agreement from each employee or agent with access to Student Data pursuant to the DPA.
4. No Disclosure. Provider acknowledges and agrees that it shall not make any re-disclosure of any Student Data or any portion thereof, including without limitation, user content or other non-public information and/or Personally Identifiable Information contained in the Student Data, other than as directed or permitted by Customer or this DPA. This prohibition against disclosure shall not apply to De-Identified Information, Student Data disclosed pursuant to a lawfully issued subpoena or other legal process, or to Subprocessors performing services on behalf of Scoir pursuant to this DPA.
5. De-Identified Data. Scoir agrees not to attempt to re-identify De-Identified Information. De-Identified Information may be used by Scoir for those purposes allowed under FERPA and the following purposes: (a) assisting Customer or other governmental agencies in conducting research and other studies; (b) research and development of Scoir’s educational sites, services, or applications, and to demonstrate the effectiveness of the Services; and (c) for adaptive learning purposes and for customized student learning. Scoir’s use of De-Identified Information shall survive termination of this DPA or any request by Customer to return or destroy Student Data. Except for Subprocessors, Scoir agrees not to transfer De-Identified Information to any party unless (i) that party agrees in writing not to attempt re-identification, and (ii) prior written notice has been given to Customer who has provided prior written consent for such transfer. Prior to publishing any document that names Customer explicitly or indirectly, Scoir shall obtain Customer’s written approval of the manner in which De-Identified Information is presented.
6. Disposition of Data. Scoir shall dispose, delete, or de-identify, in accordance with NIST Special Publication 800-88, all Personally Identifiable Information obtained under the DPA when it is no longer needed for the purpose for which it was obtained. If requested by Customer in writing prior to the termination of the Agreement, Scoir shall first transfer a copy of said data to Customer, or Customer’s designee, according to a schedule and procedure reasonable agreed between the parties. Nothing in the DPA authorizes Scoir to maintain Personally Identifiable Information beyond the time period reasonably needed to complete the disposition. Scoir shall provide written notification to Customer when the data has been disposed. The duty to dispose of Student Data shall not extend to De-Identified Information or data placed in a separate User account, pursuant to the other terms of the DPA.
7. Advertising Prohibition. Scoir is prohibited from using, disclosing, or selling Student Data (a) to inform, influence, or enable Targeted Advertising; (b) to develop a profile of a student, family member/guardian or group, for any commercial purpose other than providing the Services; or (c) for any commercial purpose other than to provide the Services provided to Customer, or as authorized by the Customer or the parent/guardian.
ARTICLE VI: DATA SECURITY AND BREACH PROVISIONS
1. Data Security. Scoir agrees to maintain and abide by a comprehensive information security program that includes appropriate administrative, technological, and physical safeguards consistent with industry best practices to protect the security, privacy, confidentiality, and integrity of Student Data. General security duties of Scoir are as follows:
(a) Passwords and Employee Access. Scoir shall secure usernames, passwords, and any other means of gaining access to the Services or to Student Data, at a level suggested by Draft National Institute of Standards and Technology (“NIST”) Special Publication 800-63-3 Digital Authentication Guideline. Scoir shall only provide access to Student Data to employees or contractors that are performing the Services. Employees with access to Student Data shall have signed confidentiality agreements regarding said Student Data. All employees with access to Student Records shall, where permissible by law, be subject to criminal background checks.
(b) Security Protocols. Each party agrees to maintain security protocols that meet industry practices regarding the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Scoir shall not copy, reproduce, or transmit data obtained pursuant to the DPA, except as necessary to fulfill the purpose of data requests by Customer. The foregoing does not limit the ability of Scoir to allow any necessary service providers to view or access data as provided in this Agreement.
(c) Employee Training. Scoir shall provide periodic security training to those of its employees who operate or have access to the system. Further, Scoir shall provide Customer with contact information of an employee who Customer may contact if there are any security concerns or questions.
(d) Security Technology. When the Services are accessed using a supported web browser, Secure Socket Layer or equivalent technology shall be employed to protect data from unauthorized access. The Services security measures shall include server authentication and data encryption. All data shall be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended. Scoir shall host all Services data in SOC 2 compliant environments located within the United States of America.
(e) Subprocessors Bound. Scoir shall enter into written agreements whereby Subprocessors agree to secure and protect Student Data in a manner consistent with the terms of this Article VI and in accordance with Applicable Law. Scoir shall periodically conduct or review compliance monitoring and assessments of Subprocessors to determine their compliance with this Article.
(f) Periodic Risk Assessment. Scoir further acknowledges and agrees to conduct periodic risk assessments and remediate any identified security and privacy vulnerabilities in a timely manner.
(g) Backups. Scoir agrees to maintain backup copies, backed up at least daily, of Student Data in case of Scoir’s system failure or any other unforeseen event resulting in loss of Student Data or any portion thereof.
(h) Audits. Upon receipt of a reasonable request from the Customer, Scoir will allow the Customer to audit, at Customer’s expense, the security and privacy measures that are in place to ensure protection of the Student Record or any portion thereof. Scoir will cooperate fully with the Customer and any local, state, or federal agency with oversight authority/jurisdiction in connection with any audit or investigation of Scoir and/or delivery of Services to students and/or Customer, and shall provide full access to Scoir’s facilities, staff, agents and Customer’s Student Data and all records pertaining to Scoir, Customer and delivery of Services to Scoir.
2. Data Breach. In the event of a confirmed Data Breach, Scoir shall notify Customer within forty-eight (48) hours of its discovery of the Data Breach, unless notification within these time limits would disrupt investigation of the Data Breach by law enforcement. Scoir shall follow the following process:
(a) The Data Breach notification described above shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What Scoir Are Doing,” “What Customer Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
DATA PRIVACY ADDENDUM
This Data Privacy Addendum (“DPA”) forms a part of and is incorporated into the High School Terms of Service agreement between Scoir, Inc. and Customer. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. The parties agree as follows:
ARTICLE I: DEFINITIONS
“Applicable Law” means the federal and state statutes and regulations applicable to Customer Data and Student Data including the following, to the extent applicable: Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (“FERPA”); Children’s Online Privacy Protection Act, 15 U.S.C. § 6501-6502 (“COPPA”); Protection of Pupil Rights Amendment, 20 U.S.C. 1232h (“PPRA”); Individuals with Disabilities Education Act, 20 U.S.C. § 1400 et seq. (“IDEA”); and each specifically applicable state regulation, as provided in Exhibit A hereto.
“Data Breach” means an unauthorized release, access to, disclosure, or acquisition of Student Data that compromises the security, confidentiality, or integrity of the Student Data maintained by Scoir in violation of Applicable Law.
“De-Identified Information” means data from which all Personally Identifiable Information has been removed or obscured in a way that reasonably removes the risk of disclosure of the identity of the individual and information about them (e.g., by blurring, masking, or perturbation). De-identification should ensure that any information when put together cannot reasonably indirectly identify the student, not only from the viewpoint of the public, but also from the vantage of those who are familiar with the individual. Information cannot be de-identified if there are fewer than twenty (20) students in the samples of a particular field or category, e.g., fewer than twenty students in a particular grade or fewer than twenty students of a particular ethnicity.
“Personally Identifiable Information” means any Student Data and metadata obtained by reason of the use of the Services, whether gathered by Scoir or provided by Customer or its Invitees. Personally Identifiable Information includes, without limitation, indirect identifiers that, either alone or in aggregate, would allow a reasonable person to be able to identify a student to a reasonable certainty. For purposes of this DPA, Personally Identifiable Information shall include the categories of information listed in the definition of Student Data.
“School Official” means, consistent with 34 CFR 99.31(a)(1)(i)(B), a contractor that: (1) performs an institutional service or function for which the agency or institution would otherwise use employees; (2) is under the direct control of the agency or institution with respect to the use and maintenance of education records; and (3) is subject to 34 CFR 99.33 governing the use and re-disclosure of Personally Identifiable Information from student records.
“Student Data” means any Personally Identifiable Information, whether gathered by Scoir or provided by Customer or its Invitees, that is descriptive of Customer’s student Invitees, including, but not limited to, information in the student’s educational record or email, first and last name, home address, telephone number, email address, or other information allowing online contact, discipline records, videos, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security numbers, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information, text messages, documents student identifies, search activity, photos, voice recordings or geolocation information. Student Data includes Student Records and Student-Generated Content (to the extent identifiable to a User) for the purposes of this DPA and for the purposes of Applicable Law. De-Identified Information or anonymous usage data regarding a User’s use of the Services shall not be considered Student Data.
“Student-Generated Content” means materials or content created by a student during and for the purpose of education including, but not limited to, essays, research reports, portfolios, creative writing, music or other audio files, photographs, videos, and account information that enables ongoing ownership of student content.
“Student Records” means (1) any information that directly relates to a student that is maintained by Customer; and (2) any information acquired directly from a student through the use of instructional software or applications assigned to the student by Customer or its Invitees.
“Subprocessor” means a Third Party that Scoir uses for data collection, analytics, storage, or other service to operate and/or improve its software, and who has access to Personally Identifiable Information, a list of which is publicly available at www.scoir.com/terms-of-service.
“Targeted Advertising” means presenting an advertisement to a student where the selection of the advertisement is based on Student Data or inferred over time from the usage of the Services by such student or the retention of such student’s online activities or requests over time. "Targeted advertising" does not include any advertising to a student on an Internet web site based on the content of the web page or in response to a student's response or request for information or feedback.
“Third Party” means an entity that is not Scoir or Customer.
ARTICLE II: PURPOSE AND SCOPE
1. Purpose of DPA. The purpose of this DPA is to describe the duties and responsibilities to protect Student Data transmitted to Scoir from the Customer pursuant to the Agreement, including compliance with Applicable Law. In performing the Services, to the extent Personally Identifiable Information from Student Data is transmitted to Scoir from Customer, Scoir shall be considered a School Official with a legitimate educational interest, and performing services otherwise provided by the Customer. Scoir shall be under the direct control and supervision of the Customer, with respect to its use of Student Data.
2. Nature of Services Provided. Scoir has agreed to provide the Services described in the Agreement.
3. Student Data to Be Provided. In order to perform the Services described in this Article and the Agreement, Customer or Invitees may provide some or all of the data described in the Schedule of Data, attached hereto as Exhibit B.
4. Governing Terms. In the event of a conflict with the Agreement, the terms and conditions of this DPA shall prevail with regards to the subject matter hereof.
ARTICLE III: DATA OWNERSHIP AND AUTHORIZED ACCESS
1. Student Data Property of Customer. All Student Data transmitted to Scoir pursuant to this DPA is and will continue to be the property of and under the control of the Customer or the party who provided such data (such as the Invitee). Scoir further acknowledges and agrees that all copies of such Student Data transmitted to Scoir, including any modifications or additions or any portion thereof from any source, are also subject to the provisions of this DPA in the same manner as the original Student Data. The parties agree that as between them, all rights, including all Intellectual Property Rights in and to Student Data contemplated pursuant to this DPA shall remain the exclusive property of the Customer. For the purposes of Applicable Law, Scoir shall be considered a School Official, under the control and direction of Customer as it pertains to the use of Student Data notwithstanding the above. Scoir may transfer certain Student Data to a separate account according to the procedures set forth below.
2. Parent, Legal Guardian, and Student Access. To the extent required by law, Customer shall establish reasonable procedures by which a parent, legal guardian, or eligible student (as defined in FERPA) may review Student Data maintained by Scoir, correct erroneous information, and procedures for the transfer of Student-Generated Content to a personal account, consistent with the functionality of the Services. Scoir will cooperate and respond within five (5) days to Customer’s request to view or correct Student Data maintained by Scoir. In the event that a parent of a student or other individual contacts Scoir to review any of the Student Records or Student Data accessed pursuant to the Services, Scoir shall refer the parent or individual to the Customer, and Customer will follow the necessary and proper procedures regarding the requested information.
3. Separate Account. Scoir shall transfer Student Data transmitted to Scoir by a student to a separate User account for each student Invitee upon termination of the Agreement or a student’s earlier graduation from Customer; provided, however, that such transfer shall only apply to such Student Data that is severable from the Services.
4. Third Party Request. Should a Third Party, including, but not limited to law enforcement, former employees of the Customer, current employees of the Customer, and government entities, contact Scoir with a request for Student Data held by Scoir pursuant to the Services, Scoir shall, to the extent permitted by Applicable Law, redirect the Third Party to request the Student Data directly from the Customer and shall cooperate with the Customer to collect the required information. Scoir shall notify the Customer in advance of a compelled disclosure to a Third Party, unless legally prohibited. Scoir will not disclose, lend, lease, transfer, or sell the Student Data or any portion thereof to any Third Party or allow any Third Party to use the Student Data and/or any portion thereof, without the express written consent of the Customer or without a court order or lawfully issued subpoena. Student Data shall not include De-Identified Information or anonymous usage data regarding a student’s use of the Services.
5. No Unauthorized Use. Scoir shall not use Student Data for any purpose other than as explicitly specified in this DPA.
6. Subprocessors. Scoir shall enter into written agreements with all Subprocessors performing functions pursuant to this DPA, whereby the Subprocessors agree to protect Student Data in manner consistent with the terms of this DPA.
ARTICLE IV: DUTIES OF CLIENT
1. Privacy Compliance. Customer shall provide Student Data for the purposes of the DPA in compliance with Applicable Law.
2. Annual Notification of Rights. If Customer is subject to FERPA, then Customer shall ensure that its annual FERPA notice designates Scoir as a “School Official” pursuant to 34 CFR § 99.31(a)(1)(i)(B) and that, in providing the Services, Scoir has a "legitimate educational interest" pursuant to 34 CFR §99.7(a)(3)(iii).
3. Reasonable Precautions. Customer shall employ administrative, physical, and technical safeguards designed to protect usernames, passwords, and any other means of gaining access to the Services and hosted Student Data from unauthorized access, disclosure, or acquisition by an unauthorized person.
4. Unauthorized Access Notification. Customer shall notify Scoir within seventy-two (72) hours of any known or suspected Data Breach or compromise of any Invitee’s account that poses a privacy or security risk to the Services. Customer will provide reasonable assistance to Scoir in any efforts by Scoir to investigate and respond to such actual or suspected Data Breach.
ARTICLE V: DUTIES OF PROVIDER
1. Privacy Compliance. Scoir shall comply with all Applicable Law with respect to the privacy and security of Student Data and, at the direction of Customer, shall cooperate with any state or federal government-initiated audit of Customer’s use of the Services.
2. Authorized Use. Student Data shared pursuant to this DPA, including persistent unique identifiers, shall be used for no purpose other than the Services stated in this DPA, as authorized by Customer, or as authorized by the applicable student or parent. Scoir also acknowledges and agrees that it shall not make any re-disclosure of any Student Data or any portion thereof, including without limitation, any meta data, user content or other non-public information and/or Personally Identifiable Information contained in the Student Data, unless the Customer has given express written consent, it is De-Identified Information, or this DPA otherwise allows its disclosure.
3. Employee Obligation. Scoir shall require all employees and agents who have access to Student Data to comply with all applicable provisions of this DPA with respect to the data shared under this DPA. Scoir agrees to require and maintain an appropriate confidentiality agreement from each employee or agent with access to Student Data pursuant to the DPA.
4. No Disclosure. Provider acknowledges and agrees that it shall not make any re-disclosure of any Student Data or any portion thereof, including without limitation, user content or other non-public information and/or Personally Identifiable Information contained in the Student Data, other than as directed or permitted by Customer or this DPA. This prohibition against disclosure shall not apply to De-Identified Information, Student Data disclosed pursuant to a lawfully issued subpoena or other legal process, or to Subprocessors performing services on behalf of Scoir pursuant to this DPA.
5. De-Identified Data. Scoir agrees not to attempt to re-identify De-Identified Information. De-Identified Information may be used by Scoir for those purposes allowed under FERPA and the following purposes: (a) assisting Customer or other governmental agencies in conducting research and other studies; (b) research and development of Scoir’s educational sites, services, or applications, and to demonstrate the effectiveness of the Services; and (c) for adaptive learning purposes and for customized student learning. Scoir’s use of De-Identified Information shall survive termination of this DPA or any request by Customer to return or destroy Student Data. Except for Subprocessors, Scoir agrees not to transfer De-Identified Information to any party unless (i) that party agrees in writing not to attempt re-identification, and (ii) prior written notice has been given to Customer who has provided prior written consent for such transfer. Prior to publishing any document that names Customer explicitly or indirectly, Scoir shall obtain Customer’s written approval of the manner in which De-Identified Information is presented.
6. Disposition of Data. Scoir shall dispose, delete, or de-identify, in accordance with NIST Special Publication 800-88, all Personally Identifiable Information obtained under the DPA when it is no longer needed for the purpose for which it was obtained. If requested by Customer in writing prior to the termination of the Agreement, Scoir shall first transfer a copy of said data to Customer, or Customer’s designee, according to a schedule and procedure reasonable agreed between the parties. Nothing in the DPA authorizes Scoir to maintain Personally Identifiable Information beyond the time period reasonably needed to complete the disposition. Scoir shall provide written notification to Customer when the data has been disposed. The duty to dispose of Student Data shall not extend to De-Identified Information or data placed in a separate User account, pursuant to the other terms of the DPA.
7. Advertising Prohibition. Scoir is prohibited from using, disclosing, or selling Student Data (a) to inform, influence, or enable Targeted Advertising; (b) to develop a profile of a student, family member/guardian or group, for any commercial purpose other than providing the Services; or (c) for any commercial purpose other than to provide the Services provided to Customer, or as authorized by the Customer or the parent/guardian.
ARTICLE VI: DATA SECURITY AND BREACH PROVISIONS
1. Data Security. Scoir agrees to maintain and abide by a comprehensive information security program that includes appropriate administrative, technological, and physical safeguards consistent with industry best practices to protect the security, privacy, confidentiality, and integrity of Student Data. General security duties of Scoir are as follows:
(a) Passwords and Employee Access. Scoir shall secure usernames, passwords, and any other means of gaining access to the Services or to Student Data, at a level suggested by Draft National Institute of Standards and Technology (“NIST”) Special Publication 800-63-3 Digital Authentication Guideline. Scoir shall only provide access to Student Data to employees or contractors that are performing the Services. Employees with access to Student Data shall have signed confidentiality agreements regarding said Student Data. All employees with access to Student Records shall, where permissible by law, be subject to criminal background checks.
(b) Security Protocols. Each party agrees to maintain security protocols that meet industry practices regarding the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Scoir shall not copy, reproduce, or transmit data obtained pursuant to the DPA, except as necessary to fulfill the purpose of data requests by Customer. The foregoing does not limit the ability of Scoir to allow any necessary service providers to view or access data as provided in this Agreement.
(c) Employee Training. Scoir shall provide periodic security training to those of its employees who operate or have access to the system. Further, Scoir shall provide Customer with contact information of an employee who Customer may contact if there are any security concerns or questions.
(d) Security Technology. When the Services are accessed using a supported web browser, Secure Socket Layer or equivalent technology shall be employed to protect data from unauthorized access. The Services security measures shall include server authentication and data encryption. All data shall be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended. Scoir shall host all Services data in SOC 2 compliant environments located within the United States of America.
(e) Subprocessors Bound. Scoir shall enter into written agreements whereby Subprocessors agree to secure and protect Student Data in a manner consistent with the terms of this Article VI and in accordance with Applicable Law. Scoir shall periodically conduct or review compliance monitoring and assessments of Subprocessors to determine their compliance with this Article.
(f) Periodic Risk Assessment. Scoir further acknowledges and agrees to conduct periodic risk assessments and remediate any identified security and privacy vulnerabilities in a timely manner.
(g) Backups. Scoir agrees to maintain backup copies, backed up at least daily, of Student Data in case of Scoir’s system failure or any other unforeseen event resulting in loss of Student Data or any portion thereof.
(h) Audits. Upon receipt of a reasonable request from the Customer, Scoir will allow the Customer to audit, at Customer’s expense, the security and privacy measures that are in place to ensure protection of the Student Record or any portion thereof. Scoir will cooperate fully with the Customer and any local, state, or federal agency with oversight authority/jurisdiction in connection with any audit or investigation of Scoir and/or delivery of Services to students and/or Customer, and shall provide full access to Scoir’s facilities, staff, agents and Customer’s Student Data and all records pertaining to Scoir, Customer and delivery of Services to Scoir.
2. Data Breach. In the event of a confirmed Data Breach, Scoir shall notify Customer within forty-eight (48) hours of its discovery of the Data Breach, unless notification within these time limits would disrupt investigation of the Data Breach by law enforcement. Scoir shall follow the following process:
(a) The Data Breach notification described above shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What Scoir Are Doing,” “What Customer Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
(b) The security breach notification described above in section 2(a) shall include, at a minimum to the extent known by Scoir, the following information:
(i) The name and contact information of the reporting customer subject to this section.
(ii) A description of the Student Data reasonably believed to have been the subject of the Data Breach.
(iii) If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
(iv) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
(v) A general description of the Data Breach, if that information is possible to determine at the time the notice is provided.
(vi) Information about what Scoir has done to protect individuals whose information has been breached.
(vii) Identification of the Invitees whose Student Data was subject of the Data Breach.
(c) Scoir further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including Personally Identifiable Information and agrees to provide Customer, upon request, with a copy of said written incident response plan.
(d) Only upon the written request of, and with the assistance of, Customer shall Scoir notify the affected Invitee of the unauthorized access, which notice shall include the information listed in subsection (b) above.
(e) In the event of a Data Breach originating from Customer’s use of the Services or otherwise a result of Customer's actions or inactions, Scoir shall reasonably cooperate with Customer to the extent necessary to expeditiously secure Student Data and Customer shall reimburse Scoir for costs incurred as a result of such Data Breach.
(i) The name and contact information of the reporting customer subject to this section.
(ii) A description of the Student Data reasonably believed to have been the subject of the Data Breach.
(iii) If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
(iv) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
(v) A general description of the Data Breach, if that information is possible to determine at the time the notice is provided.
(vi) Information about what Scoir has done to protect individuals whose information has been breached.
(vii) Identification of the Invitees whose Student Data was subject of the Data Breach.
(c) Scoir further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including Personally Identifiable Information and agrees to provide Customer, upon request, with a copy of said written incident response plan.
(d) Only upon the written request of, and with the assistance of, Customer shall Scoir notify the affected Invitee of the unauthorized access, which notice shall include the information listed in subsection (b) above.
(e) In the event of a Data Breach originating from Customer’s use of the Services or otherwise a result of Customer's actions or inactions, Scoir shall reasonably cooperate with Customer to the extent necessary to expeditiously secure Student Data and Customer shall reimburse Scoir for costs incurred as a result of such Data Breach.
EXHIBIT “A”
APPLICABLE STATE LAW
|
If Customer is located in: |
the following laws will be included in “Applicable Law”: |
|
Alabama |
Ala. Code § 16-40A-1 et seq., Student Data Protection Act |
|
Arizona |
Ariz. Rev. Stat. § 15-1046 |
|
Arkansas |
AR Code § 6-18-109, Student Online Personal Information Protection Act (“SOPIPA”) |
|
California |
Cal. Ed. Code § 49073.1 Cal. Bus. & Prof. Code § 22584, Student Online Personal Information Protection Act (“SOPIPA”) Cal. Civ. Code § 1798.82 |
|
Colorado |
Colo. Rev. Stat. § 22-16-101 et seq., Student Data Transparency and Security Act (“SDTSA”) |
|
Connecticut |
Conn. Gen. Stat. §§ 10-234aa through 10-234dd |
|
Delaware |
Del. Code tit. 14 § 8101A et seq., Student Data Privacy Protection Act |
|
District of Columbia |
DC Code § 38-831.01 – 38-831.02 |
|
Florida |
Fla. Stat. § 1002.22 Fla. Stat. § 1006.1494, Student Online Personal Information Protection Act ("SOPIPA") |
|
Georgia |
GA Code § 20-2-660 et seq., Student Data Privacy, Accessibility, and Transparency Act |
|
Hawaii |
HI Rev. Stat. § 302A 499-500, Student Online Personal Information Protection Act (“SOPIPA”) |
|
Idaho |
Idaho Code § 33-133, Student Data Accessibility, Transparency, and Accountability Act |
|
Illinois |
105 Ill. Comp. Stat. § 10, Illinois School Student Records Act (“ISSRA”) 105 Ill. Comp. Stat. § 85, Student Online Personal Protection Act (“SOPPA”) |
|
Iowa |
IA Code § 279.70, Student Online Personal Information Protection Act (“SOPIPA”) |
|
Kansas |
Kan. Stat. § 72.6331 et seq., Student Online Personal Protection Act (“SOPPA”) |
|
Kentucky |
Ky. Rev Stat § 365.734 |
|
Louisiana |
La. Rev. Stat. § 17:3914, Student Information Privacy Act (“SIPA”) La. Rev. Stat. § 51:3071 et seq. |
|
Maine |
Me. Rev. Stat. tit. 20 § 951 et seq., the Student Information Privacy Act (“SIPA”) |
|
Maryland |
MD Educ. Code § 4-131 |
|
Massachusetts |
603 Code Mass. Regs. 23.00, Student Records Mass. Gen. Laws ch. 71, §§ 34D - 34H |
|
Michigan |
Mich. Comp. Laws §§ 388.1291 – 388.1295, Student Online Personal Protection Act (“SOPPA”) |
|
Minnesota |
Minn. Stat. § 13.32, Student Data Privacy Act |
|
Missouri |
Mo. Rev. Stat. § 161.096, Student Data Privacy Act |
|
Montana |
MCA § 20-7-1325 |
|
Nebraska |
NE Code § 79-2,153 – 79-2,155, Student Online Personal Protection Act (“SOPPA”) |
|
Nevada |
NV Rev Stat § 388.281 – 388.296 |
|
New Hampshire |
NH Rev. Stat. § 189:1-e NH Rev. Stat. §§ 189:65 - 189:68-a |
|
New Jersey |
N.J. Stat. §§ 56.8-215 - 56.8-220 |
|
New York |
N.Y. Ed. Law § 2-d |
|
North Carolina |
N.C. Gen. Stat. § 115C-401.2, Student Online Privacy Protection Act (“SOPPA”) |
|
Ohio |
Ohio Student Records Privacy Act, R.C. § 3319.321 |
|
Oklahoma |
70 O.S. § 3-168, Student Data Accessibility, Transparency, and Accountability Act of 2013 |
|
Oregon |
Or. Rev. Stat. § 336.184, Oregon Student Information Protection Act ("OSIPA”) Or. Rev. Stat. § 326.565, et seq. |
|
Rhode Island |
R.I. Gen. Laws § 16-104-1 |
|
South Carolina |
S.C. Code Ann. § 59-1-490, Student Data Transparency and Security Act |
|
Tennessee |
Tenn. Code Ann. § 49-1-708, Student Online Personal Protection Act (“SOPPA”) |
|
Texas |
Tex. Ed. Code ch. 32 §§ 151-157 |
|
Utah |
Utah Code § 53E-9-301 et seq. |
|
Virginia |
Va. Code § 22.1-289.01 |
|
Washington |
Wash. Rev. Code § 19.255.010 Wash. Rev. Code § 28A.604 et seq., Student User Privacy in Education Rights (“SUPER”) Act Wash. Rev. Code § 42.56.590 |
|
West Virginia |
W. Va. Code § 18-2-5h, Student Data Accessibility, Transparency, and Accountability Act |
|
Wisconsin |
Wis. Stat. § 118.125 Wis. Stat. § 134.98 |
EXHIBIT “B”
SCHEDULE OF DATA
|
Category of Data |
Elements |
Check (“X”) indicates potential use in Services |
|
Application Technology Meta Data |
IP Addresses, Use of cookies etc. |
X |
|
Other application technology meta data: N/A |
||
|
Application Use Statistics |
Meta data on user interaction with application |
X |
|
Assessment |
Standardized test scores |
X |
|
Observation data |
||
|
Other assessment data (specify): Student Personality & Career Assessments |
X |
|
|
Attendance |
Student school (daily) attendance data |
|
|
Student class attendance data |
||
|
Communications |
Online communications that are captured (emails, blog entries) |
X |
|
Conduct |
Conduct or behavioral data |
|
|
Demographics |
Date of Birth |
X |
|
Place of Birth |
||
|
Sex and/or Gender |
X |
|
|
Ethnicity and/or Race |
X |
|
|
Language information (native or primary language spoken by student) |
||
|
Other demographic information: N/A |
||
|
Enrollment |
Student school enrollment |
X |
|
Student grade level |
X |
|
|
Homeroom |
||
|
Guidance counselor |
X |
|
|
Specific curriculum programs |
||
|
Year of graduation |
X |
|
|
Other enrollment information: N/A |
||
|
Guardian / Parent Contact Information |
Address |
X |
|
|
X |
|
|
Phone |
X |
|
|
Guardian / Parent ID |
Parent ID number (created to link parents to students) |
X |
|
Guardian / Parent Name |
First and/or Last |
X |
|
Schedule |
Student scheduled courses |
|
|
Teacher names |
||
|
Special Indicator |
English language learner information |
|
|
Low income status |
||
|
Medical alerts |
||
|
Student disability information |
||
|
Specialized education services (IEP or 504) |
||
|
Living situations (homeless/foster care) |
||
|
Other indicator information(specify): “First Generation” student status |
X |
|
|
Student Contact Information |
Address |
X |
|
|
X |
|
|
Phone |
X |
|
|
Student Identifiers |
Local (School district) ID number |
X |
|
State ID number |
|
|
|
Vendor/App assigned student ID No. |
X |
|
|
Student app username |
X |
|
|
Student app passwords |
|
|
|
Student Name |
First and/or Last |
X |
|
Student In-App Performance |
Program/application performance (typing program-student types 60 wpm, reading program-student reads below grade level) |
|
|
Student Program Membership |
Academic or extracurricular activities a student may belong to or participate in |
X |
|
Student Survey Responses |
Student responses to surveys or questionnaires |
X |
|
Student work |
Student-generated content; writing, pictures etc. |
X |
|
Other student work data: N/A |
|
|
|
Transcript
|
Student course grades |
X |
|
Student course data |
X |
|
|
Student course grades/performance scores |
|
|
|
Other transcript data: entire official transcript document |
X |
|
|
Transportation |
Student bus assignment |
|
|
Student pick up and/or drop off location |
|
|
|
Student bus card ID number |
|
|
|
Other transportation data: N/A |
|
|
|
Other |
Please list each additional data element used, stored, or collected by your application: N/A |
|
# # # # #
Revision History to Scoir's K12 Terms of Service
We periodically make changes to the terms and conditions contained in our Terms of Service. Most of these changes are immaterial and are intended to provide greater clarity and/or to comply with the ever-changing landscape of laws and regulations across all 50 U.S. states. A revision history is contained below:
January 15, 2025
|
1. We revised these terms of service to make them applicable to all K-12 customers, not just high school customers. |
|
|
2. We redefined our "Services" by defining new capabilities, redefining modified features, and removing all specific references to "high schools" and "colleges." |
|
|
3. We updated language in our Data Privacy Addendum (Appendix A) to more closely align with the Student Data Privacy Consortium's revised National Data Privacy Agreement. |
|
|
4. We added references in Exhibit A to student data privacy laws in the following states: |
|
February 22, 2024
|
1. We removed the last line of Section 10.3 that is arguably an example of over-lawyering and was causing customers some concern. |
|
|
2. We're delighted to see more states passing student data privacy laws (!) and updated our Exhibit A accordingly. |
|
December 6, 2023
|
We significantly overhauled our High School Terms of Service agreement to provide greater detail regarding our obligations and responsibilities to our customers and to better align the contractual language used with our high school and district customers with the contractual language used with our college customers. Our Terms of Service continues to address all state laws regarding student data privacy and includes a Data Privacy Addendum modeled after the Student Data Privacy Consortium's National Data Privacy Agreement. Safeguarding personally identifiable information and protecting the privacy of users' data remains of paramount importance to us at Scoir. |
January 6, 2022
|
1. We added a new Section 9 to indemnify you, our customer, against any claims that our software infringes another party's intellectual property rights. |
|
|
2. We corrected an inaccurate state law reference in Exhibit A. |
|
July 26, 2021
|
We clarified language regarding fee-bearing services to stress that you will only be obligated to pay for what you order on an Order Form. |
|
October 9, 2020
|
We modified actions we might take in the event of non-payment to make them consistent with our handling of auto-renewals. Simply put, if you don't pay your invoices, we'll suspend or terminate your use of Scoir but we won't come after you for payment. |
|
November 20, 2019
|
We significantly overhauled our Terms of Service agreement with high schools and districts to address various state laws regarding student data privacy. The agreement now includes a Data Privacy Addendum, modeled after the Student Data Privacy Consortium's National Data Privacy Agreement. Safeguarding information and protecting the privacy of user data has always been of paramount importance to Scoir. These contractual changes were necessary to adapt to the increasing regulatory focus on data privacy and to ensure you, our Clients, remain compliant with your own state's laws. Material changes from the previous version of our Client Services Agreement are as follows:
|