DetermiNext markDetermiNext

Data Processing Agreement

School Data Processing Agreement

This agreement formally designates DetermiNext (Serbesa Software LLC) as a school official under FERPA (34 CFR § 99.31(a)(1)). It defines what student data is processed, how it is protected, and the rights of the school.

Required for all campus and district accounts. Individual teacher trial accounts are governed by the Privacy Policy and Terms of Service.

Sign our DPA →

Executed agreements are countersigned by Serbesa Software LLC and returned within 5 business days.

This Data Processing Agreement ("Agreement") is entered into between Serbesa Software LLC, a Nevada limited liability company operating as DetermiNext ("Processor"), and the school, district, educational institution, or educational agency identified in the signature block below ("Controller"). This Agreement becomes effective upon execution by both parties ("Effective Date").

1. Definitions

1.1 "FERPA" means the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and its implementing regulations.

1.2 "Education Records" means records, files, documents, and other materials containing information directly related to a student and maintained by the Controller, as defined under FERPA.

1.3 "Student PII" means personally identifiable information from education records as defined under FERPA, including but not limited to student names, usernames, assessment responses, reports, and educational planning information.

1.4 "IDEA" means the Individuals with Disabilities Education Act, 20 U.S.C. § 1400 et seq., and its implementing regulations.

1.5 "COPPA" means the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506, and its implementing regulations.

1.6 "Service" means the DetermiNext AI-assisted post-secondary transition planning and career exploration platform provided by Serbesa Software LLC.

1.7 "Legitimate Educational Interest" means the interest the Processor has in processing Student PII solely for the purpose of providing the Service under the direction of the Controller.

1.8 "Subprocessor" means any third party engaged by Processor to process Student PII in connection with providing the Service.

2. Designation as School Official

2.1 The Controller designates Serbesa Software LLC as a "school official with a legitimate educational interest" pursuant to FERPA (34 CFR § 99.31(a)(1)).

2.2 Processor agrees to:

  • a. Use Student PII solely to provide the Service;
  • b. Not re-disclose Student PII except as authorized by this Agreement or required by law;
  • c. Remain under the direct control of the Controller regarding the use and maintenance of education records;
  • d. Comply with FERPA requirements applicable to school officials.

2.3 The Controller retains ownership of all Education Records and Student PII.

2.4 Student data, assessment responses, AI-generated reports, transition planning recommendations, educational planning documents, and all educational records created through the Service remain the property of the Controller. Nothing in this Agreement transfers ownership of Student PII or educational records to Processor.

3. Categories of Student Data Processed

Processor may process:

  • Student first and last name
  • Student username
  • Assessment access codes
  • Career exploration responses
  • Post-secondary transition planning responses
  • Preferences, Interests, Strengths, and Needs (PINS) assessment information
  • AI-generated reports
  • Assessment completion status
  • Usage logs and timestamps
  • School and teacher associations
  • Educational planning information submitted by authorized users

4. Permitted Uses

Processor may process Student PII solely to:

  • a. Provide the Service;
  • b. Generate AI-assisted post-secondary transition planning reports for educator review;
  • c. Facilitate career exploration and self-determination activities;
  • d. Support self-advocacy development;
  • e. Support IDEA-aligned post-secondary transition planning activities;
  • f. Maintain records accessible to authorized educational personnel;
  • g. Provide technical support;
  • h. Improve platform security, reliability, and functionality without using Student PII to train AI models.

5. IDEA Support and Educational Decision-Making

5.1 DetermiNext is designed to support post-secondary transition planning, career exploration, self-determination development, self-advocacy instruction, and educational planning activities.

5.2 The Service may assist educators in organizing student information, generating planning recommendations, and supporting student participation in educational planning processes.

5.3 The Service does not:

  • Determine eligibility for special education services
  • Determine placement decisions
  • Determine accommodations or modifications
  • Determine transition services
  • Determine measurable annual goals
  • Determine graduation decisions
  • Determine disciplinary decisions

5.4 All educational decisions remain the responsibility of the Controller and qualified educational personnel.

6. Prohibited Uses

Processor shall not:

  • a. Sell Student PII;
  • b. Rent Student PII;
  • c. Use Student PII for advertising;
  • d. Use Student PII for marketing directed at students;
  • e. Use Student PII to create commercial profiles;
  • f. Use Student PII for targeted advertising;
  • g. Use Student PII for behavioral advertising;
  • h. Use Student PII for non-educational purposes;
  • i. Use Student PII to train, retrain, fine-tune, benchmark, test, or improve any artificial intelligence or machine learning model;
  • j. Use Student PII for automated educational decision-making without human review.

7. Artificial Intelligence Governance

7.1 DetermiNext utilizes artificial intelligence solely to generate draft educational recommendations and post-secondary transition planning support materials.

7.2 All AI-generated outputs are advisory in nature.

7.3 AI-generated outputs must be reviewed by qualified educational personnel prior to implementation.

7.4 AI-generated recommendations do not constitute legal, educational, psychological, medical, or compliance advice.

7.5 Student PII shall not be used to train, retrain, fine-tune, benchmark, test, or improve any public or private AI model.

8. Subprocessors

The Controller consents to Serbesa Software LLC engaging the following subprocessors to process Student PII:

SubprocessorPurposeLocation
Google LLC (Gemini API)AI-assisted transition planning report generationUnited States
Railway Inc.Database hosting and infrastructureUnited States

Processor requires all subprocessors to be contractually bound by confidentiality, security, and privacy obligations no less protective than those set forth in this Agreement. Processor will provide Controller with at least thirty (30) days' prior written notice before engaging any new subprocessor that may process Student PII.

9. Security Measures

Processor maintains:

  • TLS encryption in transit
  • Encryption of Student PII at rest
  • Tenant-scoped access controls
  • Role-based permissions
  • Administrative audit logging
  • Confidentiality obligations for personnel
  • Annual security and privacy reviews
  • Disaster recovery procedures
  • Backup procedures
  • United States-based data storage and processing unless otherwise authorized in writing

10. Breach Notification

In the event of a confirmed security breach affecting Student PII, Processor shall:

  • a. Notify Controller within seventy-two (72) hours;
  • b. Provide available information regarding the nature and scope of the incident;
  • c. Describe remediation efforts;
  • d. Cooperate with reasonable investigative requests;
  • e. Notify Controller before disclosing Student PII pursuant to legal process unless prohibited by law.

11. Controller Rights

Controller may request:

  • Access to Student PII
  • Correction of Student PII
  • Export of Student PII
  • Deletion of specific records
  • Deletion of all Student PII associated with its account

Requests must be submitted to teng.bernabe@determinext.com and will be honored within thirty (30) days when reasonably practicable.

12. Data Retention and Deletion

12.1 Student PII shall be retained while the Controller's account remains active.

12.2 Within ninety (90) days after account closure or termination, Processor shall permanently delete Student PII from production systems and backups.

12.3 Upon request, Processor shall provide written confirmation of deletion.

12.4 Controller may request deletion before the ninety-day period.

12.5 Controller may request an export of Student PII before deletion.

13. COPPA Compliance

13.1 DetermiNext is intended for educational use under the supervision of authorized educational personnel.

13.2 Where Student PII from children under thirteen (13) is processed, Controller represents that it has obtained any required parental consent or possesses authority to provide such consent consistent with COPPA.

14. Controller Obligations

Controller represents and warrants that it:

  • a. Has authority to disclose Student PII;
  • b. Has provided notices required by FERPA and applicable law;
  • c. Will use the Service only for lawful educational purposes;
  • d. Will notify Processor of unauthorized disclosures;
  • e. Will obtain any required parental consent under COPPA or applicable law.

15. Compliance with Applicable Law

15.1 Processor shall comply with applicable federal and state laws governing Student PII.

15.2 The Service is designed to support IDEA-aligned post-secondary transition planning activities but does not guarantee compliance with IDEA, FERPA, Section 504, COPPA, or state educational regulations.

15.3 Responsibility for educational compliance remains with the Controller.

16. Term and Termination

This Agreement remains in effect while the Controller uses the Service. Either party may terminate with thirty (30) days written notice. Confidentiality, deletion, and breach notification obligations survive termination.

17. Governing Law

This Agreement shall be governed by the laws of the State of Nevada. Venue shall be Clark County, Nevada.

18. Entire Agreement

This Agreement, together with DetermiNext's Terms of Service and Privacy Policy, constitutes the entire agreement regarding the processing of Student PII.

Acknowledgment and Acceptance

By signing this Agreement, each party acknowledges that it has read, understood, and agrees to be bound by the terms and conditions set forth herein. Each party further represents and warrants that it has the legal authority to enter into this Agreement on behalf of its respective organization. The Controller acknowledges that it has reviewed the data collection, processing, security, retention, deletion, and privacy practices described in this Agreement and authorizes Serbesa Software LLC to process Student PII solely for the purposes outlined herein. The Controller further designates Serbesa Software LLC as a school official with a legitimate educational interest under FERPA for the purpose of providing the Service. The parties acknowledge that DetermiNext is an AI-assisted post-secondary transition planning and career exploration platform intended to support educational planning activities and student-centered transition services. The parties further understand and agree that the Service does not make educational, legal, medical, psychological, placement, eligibility, disciplinary, or compliance determinations. Each party agrees to comply with its respective obligations under FERPA, IDEA, COPPA, applicable state student privacy laws, and this Agreement.

AI-Assisted Recommendations Acknowledgment

The Controller acknowledges that the Service utilizes artificial intelligence to generate draft post-secondary transition planning recommendations, career exploration guidance, educational support materials, and other related outputs based on information submitted by authorized users. The Controller further acknowledges and agrees that all AI-generated outputs are advisory in nature and are intended solely to support educational planning and decision-making processes. Such outputs must be reviewed and evaluated by qualified educational personnel prior to implementation or inclusion in any educational record, Individualized Education Program (IEP), transition plan, or related document. The Controller understands that educational decisions remain the responsibility of authorized educational personnel and that AI-generated content does not constitute legal, medical, psychological, educational compliance, or professional advice.

Signature Page

Download the PDF to obtain a signable copy. Email the signed copy to teng.bernabe@determinext.com.

DetermiNext (Serbesa Software, LLC)

Signature

Printed Name

Date

School/District Representative

Signature

Printed Name

Position

Institution

Date

Ready to sign?

Download the PDF above and email the signed copy to teng.bernabe@determinext.com. We countersign and return within 5 business days.