Data Processing Agreement
This agreement formally designates DetermiNext (Serbesa Software LLC) as a school official under FERPA (34 CFR § 99.31(a)(1)). It defines what student data is processed, how it is protected, and the rights of the school.
Required for all campus and district accounts. Individual teacher trial accounts are governed by the Privacy Policy and Terms of Service.
Executed agreements are countersigned by Serbesa Software LLC and returned within 5 business days.
This Data Processing Agreement ("Agreement") is entered into between Serbesa Software LLC, a Nevada limited liability company operating as DetermiNext ("Processor"), and the school, district, educational institution, or educational agency identified in the signature block below ("Controller"). This Agreement becomes effective upon execution by both parties ("Effective Date").
1.1 "FERPA" means the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and its implementing regulations.
1.2 "Education Records" means records, files, documents, and other materials containing information directly related to a student and maintained by the Controller, as defined under FERPA.
1.3 "Student PII" means personally identifiable information from education records as defined under FERPA, including but not limited to student names, usernames, assessment responses, reports, and educational planning information.
1.4 "IDEA" means the Individuals with Disabilities Education Act, 20 U.S.C. § 1400 et seq., and its implementing regulations.
1.5 "COPPA" means the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506, and its implementing regulations.
1.6 "Service" means the DetermiNext AI-assisted post-secondary transition planning and career exploration platform provided by Serbesa Software LLC.
1.7 "Legitimate Educational Interest" means the interest the Processor has in processing Student PII solely for the purpose of providing the Service under the direction of the Controller.
1.8 "Subprocessor" means any third party engaged by Processor to process Student PII in connection with providing the Service.
2.1 The Controller designates Serbesa Software LLC as a "school official with a legitimate educational interest" pursuant to FERPA (34 CFR § 99.31(a)(1)).
2.2 Processor agrees to:
2.3 The Controller retains ownership of all Education Records and Student PII.
2.4 Student data, assessment responses, AI-generated reports, transition planning recommendations, educational planning documents, and all educational records created through the Service remain the property of the Controller. Nothing in this Agreement transfers ownership of Student PII or educational records to Processor.
Processor may process:
Processor may process Student PII solely to:
5.1 DetermiNext is designed to support post-secondary transition planning, career exploration, self-determination development, self-advocacy instruction, and educational planning activities.
5.2 The Service may assist educators in organizing student information, generating planning recommendations, and supporting student participation in educational planning processes.
5.3 The Service does not:
5.4 All educational decisions remain the responsibility of the Controller and qualified educational personnel.
Processor shall not:
7.1 DetermiNext utilizes artificial intelligence solely to generate draft educational recommendations and post-secondary transition planning support materials.
7.2 All AI-generated outputs are advisory in nature.
7.3 AI-generated outputs must be reviewed by qualified educational personnel prior to implementation.
7.4 AI-generated recommendations do not constitute legal, educational, psychological, medical, or compliance advice.
7.5 Student PII shall not be used to train, retrain, fine-tune, benchmark, test, or improve any public or private AI model.
The Controller consents to Serbesa Software LLC engaging the following subprocessors to process Student PII:
| Subprocessor | Purpose | Location |
|---|---|---|
| Google LLC (Gemini API) | AI-assisted transition planning report generation | United States |
| Railway Inc. | Database hosting and infrastructure | United States |
Processor requires all subprocessors to be contractually bound by confidentiality, security, and privacy obligations no less protective than those set forth in this Agreement. Processor will provide Controller with at least thirty (30) days' prior written notice before engaging any new subprocessor that may process Student PII.
Processor maintains:
In the event of a confirmed security breach affecting Student PII, Processor shall:
Controller may request:
Requests must be submitted to teng.bernabe@determinext.com and will be honored within thirty (30) days when reasonably practicable.
12.1 Student PII shall be retained while the Controller's account remains active.
12.2 Within ninety (90) days after account closure or termination, Processor shall permanently delete Student PII from production systems and backups.
12.3 Upon request, Processor shall provide written confirmation of deletion.
12.4 Controller may request deletion before the ninety-day period.
12.5 Controller may request an export of Student PII before deletion.
13.1 DetermiNext is intended for educational use under the supervision of authorized educational personnel.
13.2 Where Student PII from children under thirteen (13) is processed, Controller represents that it has obtained any required parental consent or possesses authority to provide such consent consistent with COPPA.
Controller represents and warrants that it:
15.1 Processor shall comply with applicable federal and state laws governing Student PII.
15.2 The Service is designed to support IDEA-aligned post-secondary transition planning activities but does not guarantee compliance with IDEA, FERPA, Section 504, COPPA, or state educational regulations.
15.3 Responsibility for educational compliance remains with the Controller.
This Agreement remains in effect while the Controller uses the Service. Either party may terminate with thirty (30) days written notice. Confidentiality, deletion, and breach notification obligations survive termination.
This Agreement shall be governed by the laws of the State of Nevada. Venue shall be Clark County, Nevada.
This Agreement, together with DetermiNext's Terms of Service and Privacy Policy, constitutes the entire agreement regarding the processing of Student PII.
By signing this Agreement, each party acknowledges that it has read, understood, and agrees to be bound by the terms and conditions set forth herein. Each party further represents and warrants that it has the legal authority to enter into this Agreement on behalf of its respective organization. The Controller acknowledges that it has reviewed the data collection, processing, security, retention, deletion, and privacy practices described in this Agreement and authorizes Serbesa Software LLC to process Student PII solely for the purposes outlined herein. The Controller further designates Serbesa Software LLC as a school official with a legitimate educational interest under FERPA for the purpose of providing the Service. The parties acknowledge that DetermiNext is an AI-assisted post-secondary transition planning and career exploration platform intended to support educational planning activities and student-centered transition services. The parties further understand and agree that the Service does not make educational, legal, medical, psychological, placement, eligibility, disciplinary, or compliance determinations. Each party agrees to comply with its respective obligations under FERPA, IDEA, COPPA, applicable state student privacy laws, and this Agreement.
The Controller acknowledges that the Service utilizes artificial intelligence to generate draft post-secondary transition planning recommendations, career exploration guidance, educational support materials, and other related outputs based on information submitted by authorized users. The Controller further acknowledges and agrees that all AI-generated outputs are advisory in nature and are intended solely to support educational planning and decision-making processes. Such outputs must be reviewed and evaluated by qualified educational personnel prior to implementation or inclusion in any educational record, Individualized Education Program (IEP), transition plan, or related document. The Controller understands that educational decisions remain the responsibility of authorized educational personnel and that AI-generated content does not constitute legal, medical, psychological, educational compliance, or professional advice.
Download the PDF to obtain a signable copy. Email the signed copy to teng.bernabe@determinext.com.
DetermiNext (Serbesa Software, LLC)
Signature
Printed Name
Date
School/District Representative
Signature
Printed Name
Position
Institution
Date
Ready to sign?
Download the PDF above and email the signed copy to teng.bernabe@determinext.com. We countersign and return within 5 business days.