Effective Date: 05/25/2026
This Data Processing Addendum ("DPA") supplements and forms part of the CampusAI Terms of Service, Services Agreement, Order Form, or other agreement governing Customer's use of the Services (the "Agreement") entered into between CampusAI Global LLC ("CampusAI") and the customer identified in the applicable Agreement ("Customer").
This DPA applies where CampusAI Processes Personal Data on behalf of Customer in connection with the Services.
Capitalized terms not defined in this DPA have the meanings given in the Agreement.
CampusAI and Customer are each referred to as a "Party" and collectively as the "Parties."
This DPA applies to the Processing of Personal Data by CampusAI on behalf of Customer in connection with the Services.
To the extent Customer Personal Data is processed by CampusAI on behalf of Customer, Customer acts as a Controller or Processor (as applicable), and CampusAI acts as a Processor or Sub-Processor.
The Parties acknowledge that certain processing activities performed by CampusAI may be conducted as an independent Controller, including for:
The Agreement, this DPA, applicable configurations, settings, documentation, and Customer's use of the Services constitute Customer's documented instructions regarding the Processing of Customer Personal Data.
CampusAI will Process Customer Personal Data only in accordance with Customer's documented instructions unless otherwise required by applicable law.
For purposes of this DPA:
"Controller" means the entity that determines the purposes and means of Processing Personal Data.
"Processor" means the entity that Processes Personal Data on behalf of a Controller.
"Data Protection Laws" means all applicable privacy and data protection laws and regulations applicable to the Processing of Personal Data under the Agreement, including where applicable GDPR, UK GDPR, Swiss data protection laws, U.S. privacy laws, and similar laws.
"GDPR" means Regulation (EU) 2016/679.
"Customer Personal Data" means Personal Data Processed by CampusAI on behalf of Customer in connection with the Services.
"Personal Data" means information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data.
"Sub-Processor" means a third party authorized by CampusAI to Process Customer Personal Data.
"AI Providers" means third-party providers of AI models, AI systems, inference systems, APIs, orchestration systems, hosting systems, or related AI infrastructure used in connection with the Services.
"Services" has the meaning given in the Agreement and includes District, DistrictOS, AI Systems, MultiBot functionality, Digital Doubles, workflows, virtual environments, collaboration systems, and related functionality.
Customer acknowledges that the Services may involve:
Depending on the functionality used by Customer, Customer Personal Data may include:
Customer acknowledges that certain Services may involve Processing by multiple AI Providers depending on the AI Systems or functionality selected or used by Customer.
CampusAI will ensure that persons authorized to Process Customer Personal Data are subject to confidentiality obligations.
CampusAI will implement and maintain reasonable and appropriate technical and organizational security measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
Taking into account the nature of the Processing, CampusAI will provide reasonable assistance to Customer in responding to requests from Data Subjects under applicable Data Protection Laws.
CampusAI will notify Customer without undue delay and, where feasible, within forty-eight (48) hours after becoming aware of a Personal Data Breach affecting Customer Personal Data.
Taking into account the nature of the Processing and the information available to CampusAI, CampusAI will provide reasonable assistance to Customer regarding:
Upon termination or expiration of the Agreement, CampusAI will delete or return Customer Personal Data within a commercially reasonable period unless retention is required by applicable law, security obligations, backup systems, dispute resolution requirements, or legitimate business purposes.
Customer authorizes CampusAI to engage Sub-Processors and AI Providers in connection with the Services.
Customer acknowledges that certain Services, including MultiBot, DistrictOS and AI-powered functionality, may involve Processing by third-party AI Providers located in multiple jurisdictions, including outside the European Economic Area.
Such AI Providers may include providers of:
CampusAI will impose contractual obligations on Sub-Processors that are materially consistent with the obligations imposed under this DPA.
CampusAI may make available a list of Sub-Processors and AI Providers through its legal documentation or website.
CampusAI may update its Sub-Processors and AI Providers from time to time.
Customer acknowledges that Customer Personal Data may be Processed in the United States and other jurisdictions where CampusAI, its Sub-Processors, or AI Providers operate.
Where required under applicable Data Protection Laws, CampusAI will implement appropriate safeguards for international transfers of Customer Personal Data, including the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum, Swiss transfer mechanisms, or other equivalent lawful transfer mechanisms under applicable Data Protection Laws.
Customer represents and warrants that:
Customer is solely responsible for:
Unless expressly stated otherwise in the Agreement, Privacy Policy, applicable Additional Terms, or specific Service settings, CampusAI does not intentionally use Customer Personal Data submitted through the Services for training Customer-specific AI models owned or controlled by CampusAI.
Customer acknowledges that certain third-party AI Providers may Process, retain, analyze, improve, or use data in accordance with their own policies, terms, retention practices, and model improvement procedures depending on the AI Systems or functionality selected by Customer.
Customer is responsible for determining whether specific AI Systems or AI Providers are appropriate for Customer's intended use cases.
Unless expressly authorized in writing by CampusAI, Customer shall not submit through the Services:
Customer acknowledges that AI Systems and third-party AI Providers may not be appropriate for sensitive or regulated data.
CampusAI shall make available to Customer reasonable information necessary to demonstrate compliance with this DPA and applicable Data Protection Laws.
Upon reasonable written request and no more than once annually, Customer may conduct an audit or inspection of CampusAI's compliance with this DPA, subject to the following conditions:
CampusAI may satisfy audit obligations through third-party certifications, summaries, reports, or similar documentation where appropriate.
The liability limitations and exclusions set forth in the Agreement apply to this DPA.
In the event of a conflict between this DPA and the Agreement, this DPA controls solely with respect to the Processing of Customer Personal Data.
This DPA shall be governed by the governing law provisions set forth in the Agreement unless otherwise required by applicable Data Protection Laws.
Provision of the Services under the Agreement, including AI Systems, District functionality, collaboration systems, Digital Doubles, workflows, analytics, orchestration, and related functionality.
For the duration of the Agreement and such additional period as necessary to comply with legal obligations, security requirements, dispute resolution obligations, backup systems, and legitimate business purposes.
Depending on Customer's use of the Services and enabled functionality:
May include:
No sensitive data is intentionally required for use of the Services unless expressly agreed otherwise.
Continuous and event-driven depending on Customer's use of the Services.
Sub-Processors and AI Providers may Process Customer Personal Data as necessary to provide the Services.
CampusAI may update Sub-Processors and AI Providers from time to time.