EduPress logo
Public home Privacy Terms Download app
EduPress Legal

Data Protection Addendum

These terms are tailored for the EduPress school publishing, mobile app, community, listings, admin, and public website platform.

Privacy Policy Terms of Service Data Protection info@ugacares.org

EduPress Data Protection Addendum

Effective date: May 7, 2026

This Data Protection Addendum describes how EduPress handles school-controlled personal information, including student information, when a school or institution uses EduPress.

This document is a working addendum draft for EduPress and should be reviewed by a qualified legal adviser before formal adoption.

1. Roles

For school-controlled data, the school or institution is generally the data controller or equivalent decision-maker. EduPress acts as a service provider or processor that handles information according to the school's instructions and the EduPress service design.

EduPress may act as an independent controller for limited platform operations such as account security, billing administration, legal compliance, product diagnostics, abuse prevention, and system-level service management.

2. Scope of Processing

EduPress may process account records, student records, school membership, posts, media, comments, quiz activity, rewards, listings, events, moderation records, notifications, billing references, support communications, device data, and usage logs.

Processing is performed to provide the EduPress website, mobile app, admin console, APIs, notifications, public publishing, school communities, analytics, security, support, billing, and related services.

3. School Instructions

EduPress will process school-controlled data according to:

  • The school's configuration and role assignments inside EduPress.
  • Actions taken by authorized school or system administrators.
  • The EduPress Privacy Policy and Terms of Service.
  • Written agreements or support instructions accepted by EduPress.
  • Legal obligations that apply to the service.

4. Confidentiality

EduPress will limit access to school-controlled data to personnel, contractors, and service providers who need access to operate, secure, support, or improve the service.

People with access to school-controlled data must handle it confidentially.

5. Security Measures

EduPress uses reasonable safeguards designed for an education platform, including role-based access controls, authentication, server-side authorization, encrypted transport where supported, operational logs, backup controls, and separation of public and private surfaces.

EduPress will continue improving security measures as the platform develops.

6. Subprocessors and Service Providers

EduPress may use service providers for hosting, storage, databases, email, notifications, authentication, analytics, payments, media handling, security, and support.

EduPress remains responsible for selecting providers that are appropriate for the service and requiring them to protect information they process for EduPress.

7. Student Data

Student data is processed only for educational, school-community, safety, administrative, support, security, and platform operation purposes.

EduPress does not sell student personal information and does not use student personal information for targeted advertising.

Schools are responsible for required notices and consents for students, parents, guardians, staff, and community users.

8. Public Content Controls

EduPress separates public publishing surfaces from private school and admin surfaces.

Authorized administrators are responsible for deciding which school profiles, posts, events, listings, images, and other records may be public.

EduPress may remove public content that appears unlawful, unsafe, unauthorized, or inconsistent with platform standards.

9. Data Subject Requests

Schools are the first point of contact for student and school-controlled data requests.

EduPress will provide reasonable support for verified school requests to access, correct, export, delete, restrict, or deactivate records where technically feasible and legally permitted.

10. Security Incidents

If EduPress becomes aware of a confirmed security incident affecting school-controlled personal information, EduPress will notify affected schools without undue delay after reasonable investigation, unless prohibited by law.

Notification may include the nature of the incident, affected data categories where known, mitigation steps, and recommended school actions.

11. Return and Deletion

At the end of service, schools may request return, export, deletion, or deactivation of school-controlled records, subject to legal, backup, audit, billing, security, and operational requirements.

Backup copies may persist for a limited period before routine deletion.

12. Contact

Data protection questions can be sent to:

EduPress Support
admin@edupress.ugacares.org