Featured Resource
SchoolStatus Launches Literacy Solution to Help Districts Engage Families in Improving Reading Outcomes
Read More >
-
-
When we took away the clerical piece of attendance interventions, principals became more connected to students and families. They started to recognize the real-life barriers to attendance. Now, they’re connected to people and not paper.Dr. Margie Boulware
Executive Director of Special Programs, Corsicana ISDHaving a student’s data and family communication on a single screen means that we’re seeing issues sooner, and then can address those issues immediately.Elizabeth Lalor
Elizabeth Lalor, Deputy Superintendent for Educational Support & School AdministrationSchoolStatus is a powerhouse data and communication tool.Chad Shealy
Superintendent, Vicksburg Warren School DistrictSchoolStatus is a powerhouse data and communication tool.Chad Shealy
Superintendent, Vicksburg Warren School DistrictWe’ve saved hundreds of hours of staff time, and I’m sure many more for our parent community. By digitizing and automating everything through [SchoolStatus Forms & Flows], there’s no more populating information from the DOE into forms by hand.Renny Fong
Principal at PS 130 Hernando De Soto (Manhattan)[SchoolStatus Boost: Inspire] has played a huge role in our continuous learning and coaching process, which has led to the observed professional growth of our teachers.Josh Snyder
Director of Learning, Wahoo Public Schools -
SchoolStatus has provided us a tool to make communication easier, more transparent, and quantifiable.Dr. Ron Brown
Former Superintendent, Lumpkin County SchoolsWe’ve seen an over 50% decrease in chronic absenteeism, which is the statewide goal. We’re already there, in just one year of work.Jessica Hull
Executive Director of Communication and Community Engagement, Roseville City School DistrictThe help [SchoolStatus] gave us was amazing; I’ve never before received help like that from any company. Honestly, we feel like we want to stay with [SchoolStatus] forever.Dina Testa
Assistant Principal, Intermediate School 7 at NYCDOEEveryone wins when you stay in the loop, and SchoolStatus Connect really helped me make that happen while also saving me time.Ellen Zissis
First Grade Teacher, Chartiers Valley Primary SchoolOur families now feel that they’re not alone. They know we want to talk with them. That’s why we’re using SchoolStatus Connect.Maureen Brown
Principal and Director of Outreach, Dove Schools -
-
It's exciting to contribute to something that supports both educators and students in such a direct, measurable way.Casey Bevins
Senior Visual DesignerI like the ease with which I can contact families using my own personal phone without giving out my personal number. I also like that the student's contacts are readily available. This platform works well for families to contact us, too. We can truly partner in the student's education and work towards a goal that works for all.Abigail S.
TeacherWe’ve seen an over 50% decrease in chronic absenteeism, which is the statewide goal. We’re already there, in just one year of work.Jessica Hull
Executive Director of Communication and Community Engagement, Roseville City School District
-
-
Data Processing Addendum
Last Revised April 22, 2026
This Data Processing Addendum (“DPA”) is between SchoolStatus (“SchoolStatus”), a Mississippi corporation, and the education-related entity ordering services from SchoolStatus (“Customer”). This DPA is hereby incorporated into and deemed part of that particular Order Form and Master Service Agreement entered by and between SchoolStatus and Customer (“Agreement”). Customer and SchoolStatus are each a “Party” and are collectively the exclusive “Parties” to this DPA. This DPA applies to SchoolStatus to the extent that SchoolStatus Processes Personal Data on behalf of Customer in order to provide the services under the Agreement (the “Services”). This DPA does not apply to Business Contact Data exchanged between the Parties except as set forth in section 2.4 below. This DPA applies to Customer in all cases according to its terms. Capitalized terms not specifically defined herein shall have the meaning set out in the Agreement. In the event of a conflict between the terms of the Agreement as they relate to the Processing of Personal Data and this DPA, the DPA shall prevail.
1. DEFINITIONS
1.1. “Data Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. “Data Controller” includes the meaning assigned to the term and similar terms under applicable Data Privacy Laws.
1.2. “Data Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Data Controller. “Data Processor” includes the meaning assigned to the term and similar terms under applicable Data Privacy Laws.
1.3. “Data Privacy Laws” means United States (“U.S.”) federal, state, and local laws, regulations, and rules that apply to SchoolStatus’s Processing of the Personal Data.
1.4. “Data Subject” has the meaning assigned to the term “data subject” or “consumer” under applicable Data Privacy Laws and shall include identified or identifiable natural persons to whom the Personal Data relates. For clarity, “Data Subject” includes student children and minors under the age of 18.
1.5. “Personal Data” means data that is linked or reasonably linkable to a Data Subject, and which is provided by (or on behalf of) Customer to SchoolStatus in connection with the Services. For clarity, “Personal Data” includes personal data that is categorized as “sensitive” under Data Privacy Laws or other related legal authorities.
1.6. “Process” and its derivatives means any operation or set of operations that are performed on Personal Data or sets of Personal Data, whether or not by automated means, including, collection, recording, organization, structuring, storage, analysis, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
1.7. “Security Incident” means any situation in which SchoolStatus confirms that Personal Data under SchoolStatus’s direct control has been disclosed to or acquired by unauthorized persons in an unauthorized manner having a material harmful impact on Customer or Data Subjects’ interests or rights. Notwithstanding the foregoing, a Security Incident shall not include (1) acquisition or disclosure of “directory information” as defined under 34 CFR § 99.3, and/or (2) acquisition or disclosure of Data Subject information to personnel, parents, teachers, or administrators of that Data Subject’s school.
1.8.“Subprocessor” means the service providers of SchoolStatus listed in the designated “Subprocessor List” located at SchoolStatus Privacy Notice (the “Subprocessor List”) and to whom SchoolStatus provides or makes available Personal Data for Processing in connection with the Services to be carried out on behalf of Customer. Customer acknowledges that Subprocessors do not include other third parties with whom Customer or its personnel directs SchoolStatus to interact or share Personal Data. Notwithstanding any other term of this or any other agreement, SchoolStatus shall have no responsibility for or obligations with respect to Customer’s chosen use of the Services, or of any SchoolStatus licensed software, to ingest data from or to share data with such third parties, including third parties connected to SchoolStatus cloud services or other SchoolStatus software and/or third parties with whom Customer maintains an independent contract.
2. RELATIONSHIP OF PARTIES
2.1. Appointment as Data Processor. Customer acknowledges and agrees that Customer will be considered the Data Controller and that Customer appoints SchoolStatus as Data Processor with respect to Personal Data provided to SchoolStatus in order for SchoolStatus to provide the Services to Customer. Notwithstanding any other term herein or in the Agreement, Customer acknowledges and agrees that, as part of providing the Services, SchoolStatus may Process Personal Data for business purposes, such as: (i) to enhance, analyze, develop or troubleshoot SchoolStatus’s products and services; (ii) to comply with applicable laws (including law enforcement requests or compulsory disclosures); (iii) to help ensure the internal security of SchoolStatus’s products and services, prevent fraud or mitigate risk, and for other information security purposes; (iv) to protect the interests of SchoolStatus or Customer; and (v) for any other purposes contemplated or permitted by the Agreement, this DPA, or by applicable law (each of the foregoing, along with the provision of Services, a “Permitted Service Purpose,” and collectively the “Permitted Service Purposes”).
2.2. Customer Obligations. Customer represents, warrants and covenants that: (i) the Documented Instructions comply with all law; (ii) Customer has at all times complied, does now comply, and will at all times comply with its legal obligations, including but not limited to any obligations as a Data Controller under Data Privacy Laws, any obligations under laws protecting the data of children and minors under the age of 18, any obligations under laws regulating social media technologies, features, and/or services, and any obligations under the TCPA, CAN-SPAM, Telemarketing Sales Rule and/or state laws regulating messaging; and (iii) Customer has complied with all legal obligations, including by providing all notices and obtaining all consents, and all rights, necessary under law for SchoolStatus to Process Personal Data and to provide the Services as contemplated in the Agreement and herein. Customer will in all cases limit its provision of Personal Data to SchoolStatus to the amount and kinds of data adequate, relevant, and necessary for performing the Permitted Service Purposes. Without limiting any payment obligations under the Agreement, Customer shall immediately notify SchoolStatus and cease use of the Services in the event and to the extent any required authorization or legal basis for Processing is revoked or terminated. SchoolStatus may thereafter suspend Processing and/or the provision of the Services and will have no liability for such actions.
2.3. Compliance with Law / Authority. Customer is solely responsible for determining the lawfulness of the Documented Instructions it provides to SchoolStatus and shall only provide SchoolStatus with instructions that are lawful under Data Privacy Laws. Customer acknowledges and agrees that it is solely responsible for determining whether the SchoolStatus Services are sufficient to comply with Customer’s legal obligations. Customer acknowledges and agrees that it has had an opportunity to assess whether the Services meet Customer’s legal obligations, and that the Services are in fact sufficient to meet such obligations. Authorization and permissions in this DPA extended to SchoolStatus shall also include SchoolStatus’s affiliates.
2.4. Compliance with TCPA. Customer is solely responsible for ensuring that the content and delivery of any text messages sent to or viewed by an end user using the Services meet all legal obligations under the Telephone Consumer Protection Act (“TCPA”) and other similar state laws, including by providing all required notices and obtaining all required consents under such laws. Customer is solely responsible for the transmission of text messages via the Services. Customer hereby authorizes and permits SchoolStatus to alter and encode the text messages into other formats, store it, and transmit it via third parties to mobile devices (and any other means of viewing the messages). Notwithstanding the foregoing or any other activities taken by SchoolStatus to transmit or facilitate the delivery of messages, SchoolStatus shall never be considered a “sender,” “transmitter,” “initiator,” “telemarketer,” or any other related term as defined under law. Customer acknowledges and agrees that, notwithstanding any other provision in the Agreement or this DPA, SchoolStatus will have no liability of any kind to Customer or any Customer clients or end users for claims, complaints, or any other actions arising under the TCPA or similar state laws.
2.5. Business Contact Data. For clarity, Customer acknowledges and agrees that SchoolStatus does not act as a Data Processor with respect to business contact information of Customer’s employees and representatives with whom SchoolStatus interacts for purposes of managing or communicating about SchoolStatus services generally (the “Business Contact Data”). With respect to Business Contact Data, the Parties each act as independent Data Controllers each responsible for their own compliance with their respective obligations under law. No joint controller relationship is established between the Parties.
3. OBLIGATIONS OF SCHOOLSTATUS
3.1. Customer Instructions. Customer hereby authorizes SchoolStatus to Process Personal Data for the Permitted Service Purposes and for the purposes set forth in the Agreement and permitted hereunder (“Documented Instructions”), and which include the provision of the Services. SchoolStatus shall only Process Personal Data according to the Documented Instructions and for the Permitted Service Purposes. In addition, SchoolStatus may rely upon, but will not be required to comply with, any additional instructions provided by Customer outside the scope of the Documented Instructions.
3.2. Notices. As required by applicable Data Privacy Laws and as permitted by law, SchoolStatus shall: (i) notify Customer if SchoolStatus determines in its sole discretion that it can no longer meet its obligations under Data Privacy Laws or this DPA in such a manner as renders it incapable of providing the Services, and (ii) notify Customer promptly prior to any Processing by SchoolStatus outside of the Documented Instructions.
3.3. SchoolStatus Personnel. As required under applicable Data Privacy Laws, SchoolStatus shall be responsible for ensuring that its personnel involved in the Processing of Personal Data have signed a confidentiality agreement, are otherwise bound by a duty or ethical rule of confidentiality, or are under an appropriate statutory obligation requiring the same. Customer will ensure that its employees, contractors, and other personnel accessing the Services and/or any SchoolStatus platform or SchoolStatus confidential information have committed themselves to confidentiality or are under a statutory obligation of confidentiality.
3.4. Retention, Use, and Disclosure of Personal Data. To the extent required to ensure compliance with applicable Data Privacy Laws, with respect to its Processing of Personal Data, SchoolStatus shall not: (i) “sell” or “share” the Personal Data, as those terms are defined under applicable Data Privacy Laws; (ii) retain, use or disclose the Personal Data for any purpose other than the Permitted Service Purposes; (iii) retain, use, or disclose the Personal Data outside of the direct business relationship between SchoolStatus and Customer except at Customer’s direction; or (iv) combine Personal Data with personal data that it receives from another source or collects from interactions on its own behalf with individuals, unless permitted by law. SchoolStatus certifies that it understands the obligations listed in this paragraph and will comply with them. Customer acknowledges and agrees that SchoolStatus may host Personal Data with commercial cloud service providers, including those in the SchoolStatus Subprocessor List available at SchoolStatus Privacy Notice.
3.5. Demonstrate Compliance. As required by applicable Data Privacy Laws, at Customer’s reasonable request and with at least thirty (30) days advance written notice, SchoolStatus shall make available to Customer such records and information as is necessary to demonstrate that its use of Personal Data is compliant with this DPA and applicable Data Privacy Laws [by providing or making available, as and if available, to Customer, not more than once annually, copies of SchoolStatus’s most recent SOC2 Type 2 audit report or penetration test summaries].
3.6. Stop and Remediate Processing. As required by applicable Data Privacy Laws, Customer shall have the right to take reasonable and appropriate steps to stop and remediate use of Personal Data by SchoolStatus that violates this DPA or Data Privacy Laws, solely by notifying SchoolStatus of the proposed stoppage or remediation. SchoolStatus shall consider such requests in good faith and inform Customer of its proposed response, which may include no action in its discretion. SchoolStatus may rely upon but will have no liability for following any such proposals of Customer.
3.7. Cooperation. As required by applicable Data Privacy Laws, SchoolStatus shall provide reasonable cooperation to Customer to respond to Data Subject rights requests under Data Privacy Laws and/or SchoolStatus shall provide tools that permit Customer to manage such requests itself. In the event that SchoolStatus receives a Data Subject rights request which it identifies as relating to Customer, SchoolStatus shall promptly inform Customer of the same, including via email. Customer acknowledges and agrees that SchoolStatus may respond to such Data Subject rights requests as required of it by law, to acknowledge receipt, and/or to direct the request to Customer.
3.8. Comparable Protection. As required by applicable Data Privacy Laws, SchoolStatus shall provide the same level of privacy protection to Personal Data as Customer is required to provide such data under Data Privacy Laws, by adhering to the standards set forth above and any additional standards agreed upon between the Parties in writing.
3.9. Information Security. As required by applicable Data Privacy Laws, SchoolStatus shall implement reasonable information security procedures and practices including technical and organizational measures appropriate to the nature of the Personal Data to protect the same from unauthorized or illegal access, destruction, use, modification, disclosure, or any Security Incident. Notwithstanding the foregoing, Customer acknowledges that it has been afforded an opportunity to conduct its own diligence review of SchoolStatus’s information security procedures and concluded that the same are adequate.
4. SUBPROCESSING
4.1. Authorized Subprocessors. Customer authorizes SchoolStatus to share Personal Data with Subprocessors included in the Subprocessor List available here: SchoolStatus Privacy Notice. Customer agrees that SchoolStatus may share Personal Data with Subprocessors added to the Subprocessor List after the date of the execution of this DPA. SchoolStatus shall provide Customer an opportunity to object to such additional Subprocessors by providing prior notice of such proposed additional Subprocessors to the Customer. Such notice may be made available by SchoolStatus updating its Subprocessors List, or by other reasonable means (such as email notice). Customer may notify SchoolStatus of any objections to such new Subprocessors via written notice.
4.2. Subprocessor Obligations. As required by applicable Data Privacy Laws, SchoolStatus shall enter into written contracts with its Subprocessors that Process Personal Data which are designed to ensure that Subprocessors meets the obligations of SchoolStatus with respect to Processing of Personal Data under the Agreement.
4.3. Other disclosures. SchoolStatus may provide its Services via websites or other online technologies. In some cases, these websites or online technologies may be made available to Customer’s personnel, students, parents, administrators, or others with whom customer interacts (collectively, Customer’s “Users”). Customer acknowledges and agrees on behalf of itself and its Users that these websites or online technologies may include cookies, widgets, components, and/or other functionality that involves sharing usage data about Users with third parties, and that, in some cases, these third parties may not be identified as Subprocessors.
5. DATA DELETION AND RETURN
SchoolStatus shall delete or return Personal Data as specified under the Agreement. Notwithstanding any other term of the Agreement, Customer acknowledges and agrees that SchoolStatus does not provide a system of record and that SchoolStatus may delete Personal Data upon termination of expiration of the Agreement, or upon termination or expiration of any service term to which such Personal Data relates, or upon non-payment of owed amounts, without liability to Customer. Customer, not SchoolStatus, is solely responsible for maintaining legally required records or copies of records required to be maintained under law, including school records. Customer represents, warrants, and covenants that it shall at all times maintain records or copies of records required to be maintained under law, including education or school records. In any case, SchoolStatus may retain Personal Data as permitted or required by law.
6. LIMITATION OF LIABILITY
SCHOOLSTATUS WILL NOT BE LIABLE IN CONNECTION WITH THIS DPA OR UNDER ANY LEGAL THEORY (WHETHER IN CONTRACT, TORT OR OTHERWISE) FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF DATA, REVENUES OR PROFITS, EVEN IF SCHOOLSTATUS KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANY OTHER TERM OR AGREEMENT BETWEEN THE PARTIES, SCHOOLSTATUS’S TOTAL AGGREGATE LIABILITY UNDER THIS DPA OR ITS SUBJECT MATTER WILL NOT EXCEED THE AMOUNT PAID OR PAYABLE BY CUSTOMER TO SCHOOLSTATUS DURING THE SIX (6) MONTH PERIOD PRIOR TO THE FIRST EVENT GIVING RISE TO SUCH LIABILITY. SCHOOLSTATUS MAKES NO WARRANTY WITH RESPECT TO, AND DISCLAIMS ALL LIABILITY PERTAINING TO, THE DOCUMENTED INSTRUCTIONS AND SCHOOLSTATUS’S ACTS AND OMISSIONS IN ACCORDANCE THEREWITH.
7. INDEMNITY
7.1. Customer will: (a) defend and hold harmless SchoolStatus and its officers, directors, employees, agents, affiliates, successors, and permitted assigns (collectively, “Indemnified Party”) against all actions, claims, litigation, arbitration, disputes, investigations, inquiries, allegations, or accusations (collectively, “Actions”); and (b) indemnify the Indemnified Party for all losses, damages, liabilities, deficiencies, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including attorneys’ fees, that are incurred by Indemnified Party (collectively, “Losses”), in each case arising out of or related to any third-party Action regarding Customer’s actual or alleged: (a) operations or use of the Services; (b) failure to comply with federal, state, or local laws, regulations, or codes; (c) breach or non-fulfillment of any provision of this DPA or any representation, covenant, and/or warranty of Customer hereunder; (d) negligent or more culpable act or omission (including any reckless or willful misconduct) in connection with the performance of its obligations under this DPA; (e) failure to maintain school or education records as required by law; (f) failure to comply with any laws regarding the transmission of messages or content; or (h) failure to comply with any laws regarding collection, use, disclosure, or other processing of data of children or minors under the age of 18.
7.2. Indemnified Party may at any time and in its sole discretion assume control of the defense of any Action, with counsel of its choosing and at Customer’s sole expense, immediately upon written notice to Customer. Customer agrees to participate with Indemnified Party as requested and at Customer’s sole expense in any Action impacting Indemnified Party that arises under or relates to Customer’s use of the Services.
8. MISCELLANEOUS PROVISIONS
8.1. Governing Law and Jurisdiction. Customer and SchoolStatus hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity.
8.2. Changes in Data Privacy Laws. If any variation to this DPA is required as a result of a change in Data Privacy Laws, then either SchoolStatus or Customer may provide written notice to the other Party of that change in law. No additional terms shall be effective or binding on SchoolStatus unless agreed by SchoolStatus in a signed writing.
8.3. Notices. Any notices from SchoolStatus under this DPA may be provided by SchoolStatus via any means SchoolStatus deems reasonable and appropriate, including via email to Customer contact. Notices to SchoolStatus under this DPA shall be directed to [email protected].
8.4. Severability. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be construed in a manner as if the invalid or unenforceable part had never been contained therein.
8.5. Counterparts. This DPA may be executed in counterparts, each of which shall be deemed an original, but all of which together shall be deemed to be one and the same agreement. Delivery of an executed counterpart of a signature page to this DPA by fax or by email of a scanned copy, or execution and delivery through an electronic signature service (such as DocuSign), shall be effective as delivery of an original executed counterpart of this DPA.
8.6. Construal. In interpreting the provisions of this DPA, no adverse inference shall be drawn against a Party by reason of that Party being a drafting Party of this DPA. The word “including” shall be construed to mean “including without limitation.”
Ready to learn more about our suite of solutions?