Signature-Ready Template
DrawSplatTM District Data Privacy Addendum
Use this template when a school or district wants written deployment documentation for browser-only, Google Apps Script, MySQL, standalone, SSO-enabled, hosted, or managed DrawSplatTM use. Legal teams may adapt it to local requirements.
1. Parties
| School/District/Organization | ____________________________________________ |
|---|---|
| DrawSplatTM Deployment Owner | ____________________________________________ |
| Effective Date | ____________________________________________ |
| Privacy/Security Contact | ____________________________________________ |
| Privacy/Security Email | Use your local contact email or generate one with the privacy notice builder. |
| Breach Notice Contact Method | ____________________________________________ |
2. Approved Educational Purpose
DrawSplatTM will be used only for the following school-authorized educational purpose:
______________________________________________________________________________
______________________________________________________________________________
3. Approved Deployment Configuration
| Storage Mode | Browser-only / Google Apps Script / MySQL / Standalone backend / Hosted or managed service |
|---|---|
| Hosting/Data Location | Country, region, cloud provider, district server, data center, and backup location when known: ____________________________________________ |
| SSO Enabled? | Yes / No. Provider: ____________________________________________ |
| Student Uploads Enabled? | Yes / No |
| Audio Recording Enabled? | Yes / No |
| Turn-ins Enabled? | Yes / No |
| Approved Age/Grade Bands | ____________________________________________ |
4. Data Use Commitments
- Student data will be used only for the school-authorized educational purpose.
- Student data will not be sold, leased, rented, or shared as defined by applicable state student privacy laws.
- Student data will not be used for targeted advertising, behavioral profiling, cross-context advertising, data mining except for authorized educational purposes, or AI model training.
- De-identified or aggregate data will not be re-identified or used to identify students.
5. Retention, Return, and Destruction
| Retention Schedule | ____________________________________________ |
|---|---|
| Temporary Session TTL | 24 hours / Other: _____________________________ |
| Deletion Process | ____________________________________________ |
| Return/Export Process | ____________________________________________ |
| Termination Destruction Timeline | Active systems within 30 calendar days unless otherwise required; backups no later than 90 calendar days when technically feasible. |
6. Security and Breach Notification
- Production deployments must use HTTPS and encrypted transport.
- Hosted, MySQL, and standalone deployments must use encryption at rest for databases, disks, object storage, and backups.
- Least-privilege access, MFA where available, secure backups, patching, and audit logging are required for backend/admin systems.
- Security review is required before student use and at least annually for hosted, MySQL, SSO-enabled, or managed deployments.
- Confirmed breaches involving student personal information must be reported through the breach notice contact method without unreasonable delay and no later than 72 hours after confirmation.
7. FERPA/COPPA and Student Personal Information
For this addendum, student personal information includes information that identifies, relates to, describes, or can reasonably be linked to a student or student household, including student names, account identifiers, student-created board content, uploaded media, audio recordings, submissions, comments, room participation data, and logs tied to a student.
When DrawSplatTM is used for the approved educational purpose, the deployment owner or service operator may be treated as a school official or authorized service provider under FERPA and similar student privacy laws, acting under the direct control of the school. For COPPA-covered students, the school or district may provide consent on behalf of parents when permitted by law and when DrawSplatTM is used solely for the approved educational purpose.
8. Subprocessors
Approved subprocessors and service providers:
| Provider | Purpose | Data Processed | Privacy/Security Documentation |
|---|---|---|---|
| Google Apps Script/Drive/Sheets | Optional storage | Board data, templates, turn-ins | ________________________________ |
| PayPal | Optional payments | Payment metadata outside DrawSplatTM student workspace | ________________________________ |
| Hosting Provider | Optional hosting | Deployment files, logs, backend data where enabled | ________________________________ |
| SSO Provider | Optional authentication | Login identifiers and roles | ________________________________ |
Material new subprocessors for student-data processing require at least 30 calendar days’ notice when feasible and a reasonable opportunity to object, disable the affected integration, or terminate the affected hosted service.
9. Signatures
| School/District Authorized Signature | ____________________________________________ |
|---|---|
| Name and Title | ____________________________________________ |
| Date | ____________________________________________ |
| Deployment Owner / DrawSplatTM Representative | ____________________________________________ |
| Name and Title | ____________________________________________ |
| Date | ____________________________________________ |
Compliance Features Available to the District
The deployment owner configures the following controls through the Compliance Console (Teacher Admin → Compliance Console). The District Privacy Packet download bundles the live configuration, the last 90 days of Activity Records, and the parent-request log in a single ZIP for review.
- Activity Records (audit log) — immutable Sheet tab tracking every compliance-relevant action.
- Safety Review — text keyword filter and link allowlist, server-enforced on every save. Board / room freeze blocks further writes.
- Student Age Band Lock —
under_13/13_to_17/18_plus/unknown_minor. Server-locked, admin-only changes, reason required, audited. Aligned with Texas SCOPE Act age-registration provisions. - Family Access Tools — parent request form, teacher-issued one-time verification code, admin Approve / Deny / Done queue.
- Student data rights — one-click ZIP export of a student’s boards and turn-ins; one-click data deletion of the same.
- Retention policy — archive boards after N days, delete after M days, prune Activity Records after K days. Daily Apps Script trigger or manual run.
- Time limits — daily seconds, session seconds, allowed hours, weekend toggle. Browser locks; server gate on save.
- District Privacy Packet — one-click ZIP for reviewers.
Configuration is server-side via the COMPLIANCE_CONFIG Script Property and cascades to every classroom on the deployment. See docs/COMPLIANCE.md for the operator guide.