Data Processing Agreement (DPA)

A Data Processing Agreement is a legally required contract between Cognistase (the data processor) and your organization (the data controller) when we process personal data on your behalf under GDPR.

When you need a DPA

You need a DPA with Cognistase if your organization (school, practice, clinic, or institution) creates accounts for users, processes student or client data through our platform, or integrates Cognistase into your workflow. Individual parents using Cognistase for their own family do not need a separate DPA, our terms of service cover that relationship.

What the DPA covers

• What data we process and why (the scope of processing)
• How we protect that data (security measures)
• What happens if there is a data breach (notification procedures)
• Your rights to audit our practices (inspection rights)
• What happens when the agreement ends (data return or deletion)

Sub-processors

Our DPA includes a complete list of sub-processors, any third-party service that processes personal data on our behalf. We notify you before adding any new sub-processor so you can assess the impact.

Download DPA

Our standard DPA is available as a PDF. It meets GDPR Article 28 requirements and can be signed digitally. Contact us at legal@cognistase.com to initiate the signing process.

Custom DPA requests

If your organization requires specific clauses or modifications to the standard DPA, we are happy to work with your legal team. Large institutions and government organizations often have their own DPA templates, and we can accommodate those as well.