Clever Additional Terms of Use for Developers

Effective Date: October 20, 2025

Welcome to Clever’s Additional Terms of Use for Developers (the “Additional Terms for Developers”). If you are a Developer, please also review our General Terms of Use and our Privacy Policy. If you’re not a Developer (as defined in the General Terms of Use), these Additional Terms for Developers do not apply to you.

Capitalized terms that are not defined below have the definitions given them in the General Terms of Use.

SECTION 1. DEFINITIONS

“Application” means your products and services that are listed on each Order Form.

“Documentation” means the manuals, specifications, requirements, support documentation, example code, tools, any and all of the application programming interface(s) that Clever makes generally available to Developers for access and use hereunder (collectively the “APIs”) and other instructions regarding the capabilities, operation, integration and use of the Services that Clever makes generally available to all of its Developers at https://dev.clever.com, or such future location as Clever chooses.

“Marks” means a party’s corporate name, logo(s), product name, or product logo(s), as applicable.

“New Module” means any new feature, functionality, module or product that we may, in our sole discretion, release from time to time to all of our Developers for purchase for an additional fee as an add-on to the Services or as a separate product or service.

“Order Form” means an ordering document or online order specifying the Services to be provided hereunder that is mutually agreed upon and executed between you and us, including any addenda and supplements thereto.

SECTION 2. ADDITIONAL RIGHTS AND RESTRICTIONS FOR DEVELOPERS

Your Clever account gives you access to our Services. We maintain different types of accounts for different types of Users. If you open a Clever account on behalf of a Developer, then: (i) “you” includes you and that entity, and (ii) you represent and warrant that you are an authorized representative of the entity with the authority to bind the entity to this Agreement and that you agree to this Agreement on the entity’s behalf.

Schools may use the Services to authorize you and other third-party Developers to securely access Student Data and to access your Application through the Services using a single set of access credentials to the Services. We will not send Student Data to you unless a School has explicitly authorized such transfer. We will always transfer Student Data to you over an encrypted connection. You must use the Student Data in accordance with the terms and conditions of the agreement between you and the applicable School, this Agreement, and all applicable laws, rules and regulations.

Subject to the terms of the Agreement, Clever hereby grants to you a personal, limited, nonexclusive, nontransferable, revocable, non-sublicensable right and license to access and use the Documentation, and to modify such example code included therein, for the sole purpose of developing, supporting and maintaining the Data Integration (as defined below).

In addition to the restrictions regarding your use of the Services set forth in the General Terms of Use, you will not, and will not permit others to: (i) modify, translate, reproduce, or create derivative works based on the Services or components thereof, (ii) modify, translate, reverse engineer, decompile, disassemble or otherwise attempt to derive the source code or the underlying ideas, algorithms, structure or organization from the Services or components thereof (except to the extent expressly permitted by herein or as permitted by law), or (iii) distribute, rent, loan, lease, transfer, use in a service bureau or grant any rights in the Services or components thereof in any form to any person except to the extent expressly permitted under this Agreement or with the prior written consent of Clever.

You may order a New Module at the then-current list price and subject to a separate Order Form, provided that you are in compliance with the terms and conditions of this Agreement. Until you have purchased the rights to access and use a New Module, you do not have any right hereunder to receive or use New Modules.

SECTION 3. DATA INTEGRATION AND APPLICATION OBLIGATIONS

When you sign up for a Developer account (the “Developer Account”), Clever will provide you with a private development account that will allow you to access the Services with simulated data for the purposes of completing and testing your Data Integration (as defined below). You agree to use the Developer Account in accordance with the Agreement and the applicable Documentation.

You agree to build and maintain a data integration between your Application and the Services with the APIs that either meets or exceeds the standards of our integration requirements available at: https://dev.clever.com/docs/certification-overview. You agree to: (i) develop the Data Integration in a professional and workman like manner, utilizing secure software design and testing procedures, (ii) update (either periodically or upon our request) the Data Integration to support any

API Updates (as defined below), and (iii) perform regular security audits of the Data Integration.

Upon your completion of the Data Integration, you will notify us. We will evaluate and test the Data Integration to ensure that it meets or exceeds the standards of the Integration Requirements. If the Data Integration does not pass the Integration Requirements, then we will provide you with a written report of any required improvements. Upon your completion of these improvements, you will again notify us of your readiness for further integration testing.

Upon our determination that the Data Integration has successfully passed the Integration Requirements, we will enable your Developer Account with production capabilities for the Services, provided you use the Services to provision a sandbox School-level account in the Application that is kept active during the term of this Agreement for Clever’s testing purposes. The Developer Account with production capabilities will allow your Application to receive Student Data when Schools authorize us to transfer such Student Data to your Application.

We grant you permission during the term of this Agreement to access and use the APIs made available by us, solely for the purpose of developing, maintaining and supporting the Data Integration in accordance with the Integration Requirements and Documentation. We may, in our sole discretion, update the APIs for product improvements, including but not limited to performance enhancements, new features, or new functionality (collectively, the “API Update(s)”). We will give you notice of each API Update and within six months of such notice, you will update the Data Integration to the then-current version of the APIs. For each API Update, we may evaluate and test your updates to the Data Integration to ensure they successfully meet the Integration Requirements. Ongoing non-conformity to the Integration Requirements could result in your Developer Account losing production capabilities with the Services.

You are solely responsible for hosting any Application that is a “software as a service” application and for all associated network connectivity, maintenance, backup, and other hardware, software, and support and other services required to provide the Application to Users pursuant to the Application’s own support terms and policies, and shall bear all costs and expenses associated therewith. In addition, you will adequately train your sales team members on the availability and benefits of using the Services.

SECTION 4. APPLICABLE FEES AND PAYMENT TERMS

Importantly, in addition to your regular fees charged to Schools for use of the Application(s), you will not charge Schools a premium charge or any additional fee that acts as a premium for use of the Application(s) via the Services.

As consideration for your use of the Services, you will pay all fees specified in each Order Form. Except as otherwise specified herein or in an Order Form, your payment obligations are non-cancelable and fees paid are non-refundable and must be in U.S. dollars.

Developer authorizes Clever to charge its payment method for all applicable fees in accordance with the applicable Order Form and these Additional Terms of Use for Developers. The fees set forth in the Order Form and all applicable taxes are invoiced annually in advance unless the applicable Order Form states otherwise. Any monthly overage will be invoiced in arrears. Developer must provide a valid credit card and/or ACH and enroll in auto-payment and maintain a valid form of payment at all times until the General Terms of Use and these Additional Terms of Use for Developers are terminated. Clever reserves the right to suspend the Service until Developer provides a valid method of payment. Developer is liable for all applicable fees and charges while the Service is suspended. If you provide a purchase order, we can reasonably accommodate your invoicing process, however there shall be no force or effect to any different legal terms of any related purchase order or similar form even if signed by the parties after the date of your Order Form(s). “Order Form” means the order document that is executed by Clever and Developer and that references the General Terms of Use and Additional Terms of Use for Developers.

Developer understands that this authorization will remain in effect until termination of the General Terms of Use and Developer agrees to make changes in payment information at least ten (10) business days before the last business day of the month. If the invoice due date falls on a weekend or holiday, credit card payments and/or ACH debits to Developer’s checking/savings account may be executed on the next business day.

If an ACH Transaction is rejected for Non-Sufficient Funds (“NSF”), Clever may, at its discretion, process the charge again within 30 days. Developer agrees to a transaction charge of $25 for each attempt returned NSF which will be initiated as a separate transaction from the authorized auto payment.

Developer must notify Clever in writing within forty-five (45) days after the payment is processed if Developer disputes any Clever charges. Developer acknowledges that the origination of ACH transactions to the account complies with the provisions of U.S. laws. Bank account/credit card information will be stored by Clever’s payment processor for recurring charges and Developer certifies that Developer is an authorized user of this credit card/bank account and will not dispute these scheduled transactions with the bank or credit card company; so long as the transactions correspond to the terms of the contract.

If any charge owing by Developer under this or any other agreement for Services is 30 days or more overdue, (or 10 or more days overdue in the case of amounts Developer has authorized Clever to charge to Developer’s credit card), Clever may, without limiting its other rights and remedies, suspend Service until such amounts are paid in full, provided that, other than for Developers paying by credit card or direct debit whose payment has been declined, Clever will give Developer at least 10 days’ prior notice that its account is overdue.

SECTION 5. SECURITY

We take very seriously the security of our Users, including Schools, teachers, parents, and students. You represent and warrant that you will access and use Student Data: (i) in accordance with the terms of the agreement(s) between you and each School, and this Agreement, (ii) in compliance with all applicable federal, state and local laws, rules and regulations, including the applicable of FERPA, PPRA, COPPA, and 15 U.S.C. §§ 6501-6506, and (iii) at all times over a secure, industry-standard encrypted connection.

For the duration of this Agreement, you will maintain and implement an effective information security program that requires reasonable and appropriate administrative, technical, physical, organizational and operational safeguards and other security measures (“Security Safeguards”) against unlawful or unauthorized access to or use, destruction, loss, alteration, disclosure, transfer, or processing of Student Data. The Security Safeguards will ensure a level of security appropriate to the risks and harm that might result from unauthorized access or use and will be consistent with industry best practices and standards. In the event either party becomes aware of any potential or actual unauthorized access or use of Student Data, such party will: (a) notify the other party promptly but no later than is reasonably required to enable the other party to comply with data breach notification requirements under applicable law, (b) investigate such security breach, and (c) reasonably cooperate with the other party and any law enforcement or regulatory official.

SECTION 6. INTELLECTUAL PROPERTY RIGHTS

The Application(s), your Marks (as defined below), your Confidential Information and the software or other technology that you develop in connection with the Data Integration, and all related Intellectual Property Rights are your and your licensors’ exclusive property.

As set forth in the General Terms of Use, as between each School, you, and us, each School owns and retains all right, title and interest in the applicable School Data.

The APIs (including any and all API Updates), the Documentation, Clever’s Marks and Clever’s Confidential Information and the software or other technology that Clever develops in connection with the Data Integration, and all related Intellectual Property Rights are the exclusive property of Clever and its licensors. All rights not granted are expressly reserved. Except as expressly stated herein, nothing in this Agreement shall confer to Developer or any other party any license or right of ownership in material owned by Clever, whether by implication, estoppel, or otherwise.

The parties agree that any signup forms, documentation and other materials pertaining directly to the Application’s integration with the Services will be co-branded with the Marks of both Developer and Clever. Subject to the terms and conditions of the Agreement, and prior written authorization, each party hereby grants to the other party a worldwide, nonexclusive, nontransferable license to use its Marks in connection with co-branded promotional materials.

You hereby grant to Clever a limited, nonexclusive, nontransferable license to use your Marks in connection with Clever’s internal presentations, customer lists, and financial reports, in any format, relating to the Services. All use of the other party’s Marks will be in accordance with the branding requirements and instructions that are provided from time to time. Each party acknowledges and agrees that: (i) no right, title or interest in such Marks are granted to it by the other party, (ii) it will not claim any right, title or interest in or to the other party’s Marks, and (iii) it will not, at any time, challenge or attack the other party’s rights in or to the Marks for any reason whatsoever. Any use by one party of the other party’s Marks under this Agreement inures to the benefit of the other party. The parties further agree to protect and promote the good will attached to the Marks and to include notice of the registered status of the Marks, as applicable.

SECTION 7. CONFIDENTIAL INFORMATION OBLIGATIONS

In connection with this Agreement, each party may disclose Confidential Information to the other party. For purposes of these Additional Terms for Developers, the term “Confidential Information” will be deemed to include personally identifiable information (as defined in FERPA) from student education records (as defined in FERPA), and all information and materials furnished by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) that is of a proprietary or confidential nature, including but not limited to, software, technology, data, all financial and cost information, business information, trade secrets relating to sales, client lists, research or business of the parties, and any other personal or intellectual property relating to the parties, their parent or subsidiaries. Confidential Information also includes information that is intended to be confidential that: (i) is disclosed in oral, visual or magnetic form, if identified as being “Confidential” at the time of the disclosure or so identified in writing within thirty (30) days of disclosure, (ii) marked as confidential or proprietary if in writing, or (iii) under the circumstances, a reasonable person would understand to be confidential.

Notwithstanding the foregoing, the following will not be considered “Confidential Information” as defined herein: information that: (a) is approved for release by prior written authorization of the Disclosing Party, (b) Receiving Party can reasonably show was already known to the Receiving Party at the time of the disclosure, (c) is independently developed or formulated by or for the Receiving Party without reliance on Confidential Information, or (d) is received by the Receiving Party from a third party who is not under an obligation of confidence to the Disclosing Party.

The Receiving Party agrees not to use any Confidential Information for any purpose other than in the performance of its rights and obligations under this Agreement and will not disclose any such Confidential Information, except: (I) to its employees, agents, independent contractors, lawyers and other advisers who are bound by confidentiality obligations no less stringent than those contained herein, and (II) pursuant to, and to the extent of, a request or order by a governmental authority, provided that the Receiving Party has first given the Disclosing Party notice of such request or order and the opportunity for the Disclosing Party to seek a court order or other protection against the disclosure of such Confidential Information. The Receiving Party agrees to take all reasonable measures to protect the secrecy and confidentiality of, and avoid disclosure or unauthorized use of, the Confidential Information, but in any event will exercise the degree of care exercised by a reasonable business person in the protection of its valuable confidential information. Without limiting the foregoing, each Party will advise the other Party immediately in the event that it learns or has reason to believe that any person who has had access to the Confidential Information of the other Party has violated or intends to violate the terms of this Agreement, and the Receiving Party will, at its own expense, cooperate with the Disclosing Party in seeking injunctive or other equitable relief against any such person.

Subject to retaining one copy of the Confidential Information solely for the purpose of compliance with any legal requirement in relation to the retention of records or in the event of litigation, and subject to the following sentence, within 30 days of the termination or expiry of this Agreement for any reason, a Receiving Party must: (x) cease the use of all Confidential Information of or relating to the Disclosing Party (or any affiliate of the Disclosing Party), (y) deliver to the Disclosing Party all documents and other materials in its possession or control containing, recording or constituting that Confidential Information or, at the option of the Disclosing Party, securely destroy, and certify to the Disclosing Party that it has destroyed, those documents and materials. Copies of the Confidential Information can be retained on a confidential basis if they are electronically archived and not readily accessible, or contained in board papers or other internal senior management reports. In the event of expiration or termination of this Agreement, the Receiving Party shall not develop any software, devices, components or assemblies utilizing the Disclosing Party’s Confidential Information.

SECTION 8. TERM AND TERMINATION

This Agreement commences on the date you first access or use the Services, checking the box marked “I Agree”, or otherwise affirmatively stating your desire to use the Services, and continues for the term specified in the Order Form or until it is terminated as provided for herein.

Either party may terminate this Agreement for cause: (i) upon 30 days’ written notice to the other party of a material breach if such breach remains uncured at the expiration of such period (“Uncured Material Breach”), or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. If this Agreement is terminated by you due to our Uncured Material Breach, we will refund you any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination. If this Agreement is terminated by us for your Uncured Material Breach, you will pay any unpaid fees covering the remainder of the term of all Order Forms. In no event will termination relieve you of your obligation to pay any fees payable to us for the period prior to the effective date of termination. Provisions that by their nature should survive termination will survive termination, such as provisions relating to warranty disclaimers, representations and warranties, confidential information, export controls limitations of liability, indemnities, and governing law.

SECTION 9. REPRESENTATIONS AND WARRANTIES

Clever and Developer each represent and warrant that: (i) it has the right and authority to enter into this Agreement and perform its obligations hereunder, (ii) there is no outstanding commitment or agreement to which it is a party that conflicts with this Agreement or could be reasonably expected to limit, restrict or impair the rights granted to the other party hereunder, and (iii) it has the necessary licenses, rights, consents, and permissions to grant and authorize the other party, Schools and Users (as applicable) to access and use the Applications and Marks as necessary to exercise the rights and licenses granted in this Additional Terms for Developers or the agreement between you and the applicable School.

You further represent and warrant that: (a) to your knowledge, the Application(s) and Marks do not infringe, violate or misappropriate upon any third-party Intellectual Property Rights, (b) your performance related to this Agreement and the Application(s) will not slander, defame, libel, or invade the right of privacy, publicity or other rights of any person or entity, or contain false or misleading information, (c) your performance related to this Agreement and the Application(s) will not violate any law or governmental rule or regulation, including without limitation any laws related to the collection, storage, processing, use, and disclosure of personal information, (d) your marketing and promotional materials related to the Application(s) are not false or misleading, (e) the Application(s) does not contain any viruses, adware, spyware, back door, time bomb, drop dead device, worms, or other malicious code or any content or file or system that provides a method to circumvent any security features of the Services (including without limitation any School privacy settings), or obtain unauthorized access to any device or computer, and (f) you and the Application(s) will comply with all applicable export and reexport control laws and regulations, including the EAR, trade and economic sanctions maintained by OFAC, and the ITAR. You agree to indemnify, to the fullest extent permitted by law, Clever from and against any fines or penalties that may arise as a result of your breach of this provision.

SECTION 10. CLEVER COMPLETE

The following applies to purchasers of the Clever Complete Services:

The “Clever Complete Services” shall mean, for a school that connected via a Connection, one or more of the features below (the term “School” or “school” shall refer to either a Connected School or a Non-Shared Schools, or both, depending on context):

1. Rostering: the ability to maintain updated rostering information in the learning applications used by (a) shared Connected School,  and/or (b) a Non-Shared School (such subsection (b) shall be known as the “AnySchool Secure Sync Feature”) by securely transferring roster uploads or connecting directly with Integration Points of supported parties across a number of categories including, but not limited to, schools’ student information systems, other rostering solutions; together with SSO which enables users (usually students and teachers) to securely authenticate into connected applications via SSO to the Clever Platform’s portal.
   
2. LMS: grade syncing, lesson assignment and content integration functionality with certain learning management systems used by (a) a shared Connected School, and/or (b) a Non-Shared School (such subsection (b) shall be known as the “AnySchool LMS Connect Feature”, and together with the AnySchool Feature, shall be known as the “AnySchool Features”), allowing Developer to support gradebook sync and SSO with certain learning management systems.
   
3. SSO: A service that allows end users to access Developer’s Applications using login credentials of the Clever Platform. Once authenticated into the Clever Platform, end users can access Developer’s Applications (among other connected applications) without needing to log in again during their session.
   
4. “Clever Google Classroom Add-On Assistance” shall mean, upon request for activation by Developer, the ability for authorized teachers to embed a Single Sign-On (SSO) entry point for the Application(s) within a Google Classroom course item. This functionality will permit students to access the Application directly from the Google Classroom interface without requiring authentication through the Clever Portal.

A “Connected School” refers to a school that is connected to Developer via Clever’s Clever Complete Services as a direct rostering customer of Clever. A “Non-Shared School” refers to a school for which Clever accesses its student information systems for services on a subprocessor and/or other indirect basis. The term “School” or “school” shall refer to either a Connected School or a Non-Shared School or both, depending on context. An “Integration Point” refers to any data point of access that Developer would like to receive data from, such as an API, that is supported by Clever. 

SECTION 11. NON-SHARED SCHOOLS DATA PROCESSING AGREEMENT

This Non-Shared Schools Data Processing Agreement (the “DPA”) is supplementary to and forms part of any Order Form entered between Clever and Developer in connection with the AnySchool Features. This DPA applies where and to the extent that Clever processes Personal Data, including Student Data, that is collected, downloaded, or otherwise received by Developer by or through the AnySchool Features (“School Personal Data”). Except as they may be modified herein, the terms of the Order Form will continue in full force and effect as specified in the Order Form and will apply to this DPA. If there is an inconsistency or conflict between the terms and conditions of this DPA and the Order Form, the terms of this DPA shall control with respect to the subject matter of this DPA. Capitalized terms not defined herein have the meaning given in the Order Form.

1. Definitions

1.1 In this DPA, the following terms have the following meanings:

(a) “Applicable Data Protection Laws ” means all applicable data privacy and protection laws and regulations which apply to the Processing of School Personal Data under the Agreement, including without limitation Canadian Data Protection Laws, European Data Protection Laws, and US Data Protection Laws, in each case as may be amended or superseded from time to time.

(b) “Canadian Data Protection Laws” means: (i) with respect to Clever or private educational institutions, the Personal Information Protection and Electronic Documents Act, SC 2000, c 5, the Personal Information Protection Act, SBC 2003, c 63, the Personal Information Protection Act, SA 2003, c P-6.5 and the Act respecting the protection of personal information in the private sector, CQLR c P-39.1, each as amended from time to time and the regulations made pursuant thereto and (ii) the Freedom of Information and Protection of Privacy Act, RSO 1990, c F.31, Freedom of Information and Protection of Privacy Act, RSBC 1996, c 165, Freedom of Information and Protection of Privacy Act, RSA 2000, c F-25, Act respecting Access to documents held by public bodies and the Protection of personal information, CQLR c A-2.1, and other similar provincial or territorial acts, each as amended from time to time and the regulations made pursuant thereto.

(c) “European Data Protection Laws” means: (i) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”); (ii) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (collectively the “UK GDPR”); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); (iv) the Swiss Federal Data Protection Act (“Swiss DPA”), and (v) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii) (iii) or (iv).

(d) “Restricted Transfer” means a transfer of Personal Data originating from the European Economic Area, United Kingdom, or Switzerland to a country that does not provide an adequate level of protection for Personal Data within the meaning of applicable European Data Protection Laws.

(e) “Standard Contractual Clauses” means the contractual clauses annexed to the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021.

(f) “Personal Data Breach” means any unauthorized or unlawful breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to School Personal Data. A “Personal Data Breach” does not include unsuccessful attempts or activities that do not compromise the security of School Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

(g) “School Personal Data” means any Personal Data, including Student Data, that is protected by Applicable Data Protection Laws and which Clever processes on Developer’s behalf as a Processor, as more particularly described in Schedule 1.

(h) “Sub-processor” means any third party Processor engaged by Clever to process School Personal Data. A “Sub-processor” may include a Clever Subsidiary but does not include Clever employees, contractors or consultants.

(h) “UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018.

(i) “US Data Protection Laws” means: (i) the Family Educational Rights and Privacy Act (“FERPA”); (ii) the Children’s Online Privacy Protection Act (“COPPA”); (iii) the California Student Online Personal Information Protection Act (“SOPIPA”); (iv) the Illinois Student Online Personal Protection Act (“SOPPA”); (v) New York Education Law §2-d; (vi) the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Connecticut Data Privacy Act (“CTDPA”), the Colorado Privacy Act (“CPA”), and all other federal and state data protection and privacy laws that are applicable to the Processing of School Personal Data under the Agreement.

(j) The terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Supervisory Authority” and “processing” have the meanings given to them in European Data Protection Laws (and “process”, “processes” and “processed” will be interpreted accordingly).

2. Role and Scope of Processing

2.1 Scope. This DPA sets forth the rights and obligations of the Parties with respect to the processing of School Personal Data that is collected, downloaded, or otherwise received by Developer by or through the AnySchool Features and which is governed by Applicable Data Protection Laws. This DPA does not apply to (i) Personal Data that Clever collects and uses for its own purposes; or (ii) Personal Data processed by Clever on behalf of Schools that are existing users of the Clever Services (“Clever Schools”). Any Personal Data processed by Clever on behalf of Clever Schools is governed by the applicable agreement between Clever and the relevant Clever School. 

2.2 Details of Processing. The subject matter, nature, purpose, and duration of the Processing, as well as the types of Personal Data processed and categories of Data Subjects, are described in Schedule 1 to this DPA. Developer acknowledges that Clever may disclose this DPA and any relevant privacy provisions in the Agreement to a Supervisory Authority, or any other judicial or regulatory body upon their request.

2.3 Processing Relationship . The Parties acknowledge and agree that Developer is acting as a Processor on behalf of one or more third-party Controllers, which are Non-Clever Schools. Accordingly, Clever will process School Personal Data solely on behalf of Developer and in accordance with Developer’s documented instructions, which reflect the instructions given by the relevant Controller. Developer represents and warrants that (i) its instructions and actions with respect to School Personal Data, including the appointment of Clever to process the data, have been authorized by the relevant Controller; and (ii) Developer will serve as Clever’s sole point of contact for all matters related to the processing of School Personal Data, including providing any necessary information, support, or cooperation.

2.4 Developer Responsibilities. Developer represents and warrants that all necessary consents, permissions, and rights required for Clever, its Affiliates, and Subprocessors to lawfully process School Personal Data for the purposes described in this Order Form have been obtained either by Developer or by the applicable Controller. Where required, Developer further confirms that valid authority has been obtained to provide consent on behalf of parents or guardians.

3. Processing of School Personal Data

3.1 Processing Instructions. Clever will process School Personal Data only in accordance with Developer’s lawful documented instructions and will not process School Personal Data for its own purposes, except where required by applicable laws. The Agreement, including this DPA, constitute Developer’s complete and final instructions to Clever regarding the processing of School Personal Data (including for purposes of the Standard Contractual Clauses). Clever shall promptly notify Developer if it determines that Developer’s instructions infringe Appliable Data Protection Laws, but without obligation for Clever to actively monitor Developer’s compliance with Applicable Data Protection Laws. Clever will not: (i) “sell” or “share” School Personal Data within the meaning of US Data Protection Laws (including the CCPA); (ii) retain, use, or disclose School Personal Data for any purpose other than the business purposes specified under the Order Form and this DPA; (iii) use School Personal Data outside of the relationship between Clever and Developer; or (iv) combine School Personal Data with information that Clever has received from other sources; in each case except as permitted under the Order Form and Applicable Data Protection Laws.

3.2 Confidentiality of processing. Clever will ensure that any person it authorizes to process School Personal Data is subject to an appropriate duty of confidentiality (whether a contractual or statutory duty) and that they process School Personal Data only as necessary for the purpose described in the Agreement and this DPA.

3.3 Security. Clever will implement and maintain reasonable and appropriate technical and organizational security measures with the aim of protecting School Personal Data from Personal Data Breaches. At a minimum, such measures will include the measures set out in Schedule 2 (“Security Measures”). Developer acknowledges that the Security Measures are subject to technical progress and development and that Clever may update or modify the Security Measures from time to time, provided that such updates and modifications do not degrade or diminish the overall security provided.

3.4 Personal Data Breaches. In the event of a Personal Data Breach, Clever will inform Developer without undue delay and provide Developer with written details of the Personal Data Breach, including the type of data affected and the identity of affected Data Subjects, once such information becomes known or available to Clever. Clever will, to the extent possible, provide Developer with timely information and cooperation to enable Developer (or the Controller) to fulfil its data breach reporting obligations under Applicable Data Protection Laws and will take reasonable steps to remedy or mitigate the effects of the Personal Data Breach.

3.5 Audit Rights. Upon request, Clever will provide copies of any certifications, audit report summaries and/or other relevant documentation it possess, where reasonably required by Developer (or the Controller) to verify Clever’s compliance with this DPA. Any certifications, audit report summaries and/or other relevant documentation provided by Clever will be subject to the confidentiality provisions of the Agreement.

3.6 Requests by Public Authorities. If Clever receives a valid and binding subpoena, warrant, order or other legally binding request (“Request”) from a law enforcement or other government authority (“Requesting Party”) for disclosure of School Personal Data, Clever will use all reasonable efforts to redirect the Requesting Party to request School Personal Data directly from Developer. If Clever is compelled to disclose School Personal Data to a Requesting Party, Clever will promptly notify Developer of the Request to allow Developer (or the relevant Controller) to seek a protective order or other appropriate remedy. If Clever is prohibited from providing such notification, Clever will use reasonable and lawful efforts to obtain a waiver of prohibition to allow Clever to communicate as much information as soon as possible.

3.7 Sub-processors. Developer grants Clever a general authorization to engage Sub-processors. A list of Clever’s current Sub-Processors is found at https://www.clever.com/trust/subprocessors, as well as the following:

Clever will: (i) notify Developer in the event of the engagement of any new or replacement Sub-processor; (ii) impose substantially the same data protection terms on any Sub-processor it engages as contained in this DPA; and (iii) remain liable for any breach of this DPA caused by an act, error or omission of its Sub-processors.

3.8 Objection to Sub-processors. Developer may object to Clever’s appointment of any new or replacement Sub-processor in writing within ten (10) days after receiving notice in accordance with Section 3.7 and on reasonable grounds related to the Sub-processor’s ability to ensure compliance with this DPA. In such case, Clever and Developer will discuss the concerns in good faith with a view to achieving a commercially reasonable resolution.

3.9 Cooperation and Data Subject Requests. Clever will reasonably cooperate to enable Developer (or the relevant Controller) to respond to any requests, complaints or other communications from Data Subjects, Supervisory Authorities or other regulatory or judicial bodies relating to the processing of School Personal Data by Clever, including requests from Data Subjects seeking to exercise their rights under Applicable Data Protection Laws. In the event that any such request, complaint or communication is made directly to Clever, Clever will pass on the request to Developer and will not respond directly without Developer’s authorization (unless required to do so in order to comply with applicable law(s)).

3.10 Data Protection Impact Assessments. To the extent required under Applicable Data Protection Laws, Clever will provide Developer with reasonable assistance to enable the relevant Controller to conduct data protection impact assessments and consulting with Supervisory Authorities in respect of any proposed processing activity that presents a high risk to Data Subjects.

3.11 Deletion. Upon termination or expiry of the Agreement, Clever will delete or return all School Personal Data in Clever’s possession in accordance with the Agreement and Clever’s then-current data deletion timelines and policies. This requirement will not apply to the extent that Clever is required by applicable law(s) to retain some or all of the School Personal Data or to School Personal Data archived on back-up systems, in which event Clever shall isolate and protect such School Personal Data from any further processing except to the extent required by such law.

4. International Data Transfers

4.1 Processing Location. Clever may transfer and process School Personal Data in the United States and any other country in which Clever, Clever Subsidiaries and Sub-processors maintain processing facilities.

4.2 Standard Contractual Clauses. To the extent that the transfer of School Personal Data involves a Restricted Transfer, the Standard Contractual Clauses shall be incorporated and form an integral part of this DPA as follows:

(a) In relation to School Personal Data that is subject to the GDPR: (i) the Module Three terms apply; (ii) in Clause 7, the optional docking clause applies; (iii) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the ‘Sub-processors’ section of this DPA; (iv) in Clause 11, the optional language is deleted; (v) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes will be the Republic of Ireland; (vi) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Schedule to this DPA; (vii) the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR; and (viii) in the event that any provision of this DPA contradicts, directly or indirectly, the Standard Contractual Clauses, the Standard Contractual Clauses will prevail.

(b) In relation to School Personal Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Schedules to this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.

(c) In relation to School Personal Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) references to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA; (ii) references to “EU,” “Union,” and “Member State law” will be interpreted as references to Swiss law; and (iii) references to the “competent supervisory authority” and “competent courts” will be replaced with the “the Swiss Federal Data Protection and Information Commissioner” and the “relevant courts in Switzerland.”

4.3 Alternative Transfer Mechanism. If Clever adopts an alternative lawful data export mechanism for the transfer of Personal Data not described in this DPA (“Alternative Transfer Mechanism“), the Alternative Transfer Mechanism will apply instead of any applicable transfer mechanism described in this DPA (but only to the extent such Alternative Transfer Mechanism complies with European Data Protection Laws and extends to the countries to which the relevant School Personal Data is transferred).

5. General Provisions

5.1 Limitations of Liability. The liability of each Party under this DPA (including the Standard Contractual Clauses) shall be subject to the exclusions and limitations of liability set out in the Agreement and Order Form. 

5.2 Term and Termination.  The DPA shall remain in effect for as long as Clever processes School Personal Data on behalf of Developer for the purposes described in this DPA and in connection with the Order Form.

Schedule 1 – Details of the Processing 

This Schedule describes the processing of School Personal Data by the parties in connection with the Services and forms an integral part of the Agreement. Capitalized terms not defined herein have the meaning given in the Agreement.

Schedule 2: Security Measures

Clever’s technical and organisational security measures designed to protect School Personal Data can be found at https://clever.com/trust/security/practices

SECTION 12. INDEMNIFICATION OBLIGATIONS

You agree to defend any and all claims, suits, actions or proceedings brought by third parties (including government entities) against Clever, our affiliates, officers, directors, agents, and employees (each a “Claim Against Clever”) alleging or related to: (i) any breach of any agreement between you and a School, (ii) your breach of your representations and warranties under this Agreement, (iii) your gross negligence or willful misconduct with respect to your obligations under this Agreement, (iv) infringement by your Application(s) of a third party’s United States Intellectual Property Right; and with respect to each of (i) through (iv) you will pay all fines assessed, damages finally awarded (including payment of reasonable attorneys’ fees, court costs and costs of professionals) or settlement amounts entered into to the extent based upon a Claim Against Clever provided that: (a) we promptly notify you in writing of any Claim Against Clever, and (b) give you sole discretion and control to defend, compromise, or settle (except that you may not settle any Claim Against Clever unless it unconditionally releases Clever of all liability) such claim and provide you with full information and reasonable assistance and cooperation (at your cost and expense). We may participate with counsel of our own choosing at our own expense. Any portion of any compromise or settlement entered into by you that would adversely prejudice us, constitutes an admission of fact by us, or requires contribution from us will be subject to our prior written consent.

SECTION 13. QUESTIONS

We here at Clever hope that you will have the best possible experience when using our Services. If you have any questions or concerns about our Services or anything in our General Terms of Use, these Additional Terms for Developers, or our Privacy Policy, please don’t hesitate to contact us by visiting our Help Center and we’ll do our best to promptly respond to you.

Thanks for reading!