Primary use
District and school review
Best for procurement teams, legal reviewers, privacy leads, and technology buyers.
Procurement PacketUpdated March 28, 2026
Buyer-facing trust packet for legal, privacy, and security review
This page packages the public trust materials most often requested by schools, districts, and procurement reviewers. Use it for internal handoff, print-to-PDF workflows, or to route legal and security review.
Delivery options
HTML, PDF, and CSV
Download the public packet PDF, security summary PDF, or the current subprocessors CSV.
Escalation path
Structured intake
Use the contact workflow to request a signed DPA, state addendum review, or security questionnaire support.
Document library
These are the public materials most often requested during buyer review. Each item reflects the current public date shown in the Trust Center.
HTML + PDF download
Procurement packet
Printable trust overview with procurement contacts, core documents, security review notes, and state addenda workflow.
Open documentHTML
Data Processing Agreement
Processor and service-provider terms for school, district, and institutional review.
Open documentHTML + PDF download
Security summary
Operational controls, incident handling, and security review notes.
Open documentHTML + PDF download
Privacy summary
Overview of product, website, billing, and student-related data handling.
Open documentHTML + CSV download
Subprocessors
Public list of primary vendors used for hosting, billing, and transactional operations.
Open documentHTML
State addenda support
Overview of state-specific addendum workflows and what districts should send for review.
Open documentSecurity review snapshot
Hosting and data location
Production services are operated through U.S.-based infrastructure providers used for hosting, authentication, storage, and transactional operations.
Customer data is primarily processed in the United States unless a customer-specific agreement states otherwise.
Encryption
Product traffic is encrypted in transit, and platform providers supply encryption at rest and managed storage protections where supported.
Refer to the Security Practices page and DPA for the contractual summary rather than treating this line as a certification statement.
Authentication and access
Authenticated accounts, role-based permissions, and need-based administrative access are used to limit access to customer workspaces and support tools.
Google and email-based sign-in paths are supported in the current product stack.
Monitoring and logging
Operational logging and monitoring support service health review, abuse detection, troubleshooting, and incident investigation.
Logs are used for operational security and support workflows, not targeted advertising.
Backup and recovery
Backup, resilience, and restoration depend on infrastructure-managed capabilities plus internal operating procedures for service recovery.
Schools with stricter continuity requirements should request contract language or questionnaire support through procurement intake.
Incident notice
Confirmed incidents affecting customer personal data are investigated, contained, and notified without undue delay when required by law or contract.
Customer-specific agreements may impose narrower timeframes or additional notice obligations.
Vendor management
Approved subprocessors are published publicly and are expected to operate under confidentiality and data protection obligations.
The public subprocessor list is intended for vendor due diligence and contract routing.
State addenda support
District and state templates often supplement the public DPA. Send the actual exhibit or district form with a deadline so the request can be routed correctly.
| State or program | Framework | Typical artifact | Notes |
|---|---|---|---|
| New York | Education Law 2-d and district privacy exhibits | District student data privacy addendum or state exhibit | Provide the district template or required exhibit and the legal review timeline. |
| Illinois | Student Online Personal Protection Act and local district addenda | District-specific SOPPA or student data addendum | Districts often request a local exhibit even when a public DPA already exists. |
| California | State student privacy terms and district purchasing addenda | District privacy addendum or services agreement attachment | Share the district paper and any required incident notice or deletion clauses up front. |
| Other U.S. states | District or cooperative purchasing templates | State-specific or district-specific addendum | Classroom Pulse can review state and district forms through the procurement intake workflow. |