School Data Processing Addendum

The school is the data controller for student information. NextGenCyberEd (Praxis) is the data processor, processing student data only on documented instructions from the school for educational exercise delivery.

Includes participant aliases, optional display names, votes, and response text submitted during exercises. See the Privacy Policy for retention and deletion.

• Process student data only to provide the Praxis service
• Not sell student data or use it for targeted advertising
• Maintain appropriate security safeguards (see Security page)
• Delete participant session data per the retention schedule in the Privacy Policy
• Notify the school of confirmed breaches without undue delay

Listed on the Sub-processors page. Schools will be notified of material changes.