Terms and Conditions

These Terms and Conditions and any order form or ordering document executed by the parties that references these Terms and Conditions (such ordering document, an "Order Form" and the Order Form together with these Terms and Conditions, the "Agreement") collectively constitute a binding agreement between BrainScience Works, Inc., a Delaware corporation ("BrainScience"), and the legal entity you represent, such as a school or school district ("Customer"). Each of BrainScience and Customer may be referred to individually as a "Party" and collectively as the "Parties." The "Effective Date" of this Agreement will be the earlier of (a) Customer's acceptance of the terms of this Agreement by checking the box indicating acceptance of this agreement, or (b) Customer's use of the Service (defined below).

PLEASE READ THIS AGREEMENT CAREFULLY. THIS AGREEMENT GOVERNS YOUR USE OF THE SERVICE. BY CHECKING ON THE BOX INDICATING ACCEPTANCE OF THE AGREEMENT, COMPLETING THE REGISTRATION PROCESS OR ACCESSING OR USING ANY OF PORTION OF THE SERVICE, YOU REPRESENT AND WARRANT THAT (1) YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS AGREEMENT, (2) YOU ARE OF LEGAL AGE TO FORM A BINDING CONTRACT WITH BRAINSCIENCE, AND (3) YOU HAVE THE AUTHORITY TO ENTER INTO THE AGREEMENT PERSONALLY AND ON BEHALF OF THE ENTITY YOU HAVE NAMED AS THE CUSTOMER, AND TO BIND THAT ENTITY TO THE AGREEMENT. THE TERM "CUSTOMER" REFERS TO THE INDIVIDUAL OR LEGAL ENTITY, AS APPLICABLE, IDENTIFIED WHEN YOU REGISTERED FOR THE SERVICES. IF YOU DO NOT AGREE TO BE BOUND BY THIS AGREEMENT, YOU MAY NOT ACCESS OR USE THE SERVICE.

Definitions

Definitions.

"Anonymized or Deidentified Data" means aggregated, anonymized or deidentified data or information of similar form, derived from Customer Content, that is created by or on behalf of BrainScience, by excluding information (including Customer's name) that make the data contained therein personally identifiable to Customer or any Authorized User.

"Authorized Account Administrators" means Authorized Users with administrative credentials for Customer's account.

"Authorized User" means any individual authorized by Customer to access and use the Service including employees, teachers, aides, other school personnel and students.

"Customer Content" means all data, images, and content submitted, transmitted, or uploaded by or on behalf of Customer and its Authorized Users into the Service.

"Output" means analytical results, output data, and other content generated by the Service, including physical materials.

"Service" means BrainScience's proprietary web-based literacy platform delivered through a secure portal login, including the instructional programs Learning Letters, Seeing Words, and Knowing Words (with Growing Words anticipated), which combines digital instruction with neuroscience-backed, visual-spatial methods and hands-on materials, and any physical materials provided to Customer or Authorized Users in connection with the foregoing.

"Student Data" means Customer Content relating to students, including first and last name, grade level, date of birth, race/ethnicity, primary language, 504/IEP status, last login time, time-on-task, teacher lesson reassignments, pre- and post-assessment scores, and progress metrics.

"Third-Party Services" means any third party-provided applications, software, products, or services which BrainScience embeds in, incorporates into, or otherwise leverages in connection with its provision of, the Service.

"Third-Party Service Provider" means the applicable third-party provider of a Third-Party Service.

BrainScience Responsibilities

2.1 Provision of the Service. Subject to the terms and conditions of this Agreement and during the Term, BrainScience will: (a) make the Service available to Customer for use by Authorized Users solely for educational purposes; and (b) provide Customer with BrainScience's standard support services to assist Customer in its use of the Service. The terms of this Agreement will also apply to updates and upgrades of the Service subsequently provided by BrainScience to Customer. BrainScience may update the functionality, user interfaces, and usability from time to time in its sole discretion as part of its ongoing mission to improve the Service.2.2. Support. Subject to the terms of this Agreement and the applicable Order Form, BrainScience shall use commercially reasonable efforts designed to maintain the availability of the Service.2.3. Training and Professional Services. Subject to the terms of this Agreement, if set forth in an Order Form, BrainScience will provide onboarding training to certain of Customer's Authorized Users and email support with respect to the Service during standard business hours. BrainScience may provide in-person training by mutual agreement for an additional fee.2.4. Compliance with Laws. BrainScience will comply with all laws applicable to BrainScience's provisioning of the Service.

Access to and Use of the Service

3.1. Account Creation and Subscriptions. BrainScience will establish one initial Authorized Account Administrator for Customer. Customer's administrators may then add teachers and administrators via CSV upload or manual entry and assign appropriate role-based permissions. Students access the Service through a separate student portal using both a class passcode and an individual student passcode and do not have access to teacher or administrator dashboards. Authorized User accounts are individual and may not be shared. Customer is responsible for promptly deactivating accounts for individuals no longer affiliated with Customer. Customer is responsible for maintaining the confidentiality of all logins, usernames, passwords and accounts and for all activities occurring under its Authorized User accounts. Customer will properly deactivate the account of any Authorized User who is no longer a student, employee or contractor of Customer.3.2. Customer Responsibilities. Customer will: (a) obtain any licenses, permissions and consents required for Authorized Users to submit, access, and use the Customer Content in connection with the Service; (b) be responsible for Authorized Users' compliance with this Agreement; (c) be responsible for the accuracy, completeness, appropriateness, and legality of Customer Content; (d) use commercially reasonable efforts to prevent unauthorized access to or use of the Service, and promptly notify BrainScience of any such unauthorized access or use; (e) provide feedback to BrainScience regarding the Services from time to time as reasonably requested by BrainScience, including, as applicable, on the schedule or in the format as may be specified in an Order Form; and (f) use the Service only in accordance and compliance with all applicable laws and government regulations. Customer and its Authorized Users will have access to the Customer Content and will be responsible for all changes to and/or deletions of Customer Content and the security of all passwords and other usernames and passwords required in order the access the Service. Customer is encouraged to make its own back-ups of the Customer Content and Output. Any act or omission by an Authorized User that, if done by Customer, would constitute a breach of this Agreement, shall be deemed a breach of this Agreement by Customer.

3.3. Necessary Equipment and System Requirements. Customer must provide all equipment necessary to connect to the Service, including but not limited to a device that is suitable to connect with and use the Service. A high-speed Internet connection is required for proper use of the Service. Customer is responsible for procuring and maintaining the network connections that connect its network to the Service, including, but not limited to, browser software that supports protocols used by BrainScience, and following procedures for accessing services that support such protocols. BrainScience assumes no responsibility for the reliability or performance of any connections as described in this Section.

3.4. Usage Restrictions. Customer will not, and will not permit any Authorized User or third party to directly or indirectly: (a) make the Service or Output available to, or use the Service for the benefit of, anyone other than Customer and the Authorized Users; (b) upload, post, transmit, or otherwise make available to the Service any content that (i) is unlawful or tortious, or (ii) infringes, misappropriates, or otherwise violates any intellectual property, privacy, publicity, or other proprietary rights of any person; (c) sublicense, rent, resell, time share, or similarly exploit the Service or Output; (d) upload, post, transmit, or otherwise make available any content or information designed to interrupt, interfere with, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (e) decompile, disassemble, reverse engineer, modify, adapt, or hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks, source code, algorithms, or associated know-how of the Service; (f) copy or modify the Services, or create any derivative works from either of the foregoing; (g) alter or remove any trademarks or proprietary notices contained in or on the Service; (h) circumvent or otherwise interfere with any authentication or security measures of the Service or otherwise interfere with or disrupt the integrity or performance of the foregoing; (i) write or develop any program based on the Service or any portion of the foregoing, or otherwise access or use the Service in any manner for the purpose of developing, distributing or making available products or services that compete with the Service; (j) otherwise use the Service for any purpose other than as expressly permitted hereunder; or (k) use Student Data for targeted advertising or permit any third party to use Student Data for targeted or behavioral advertising, or for training generalized advertising models.

3.5. Third-Party Services; Disclaimers. The Service may include certain features that leverage Third-Party Services, some of which may utilize artificial intelligence technology ("AI Features"). Customer acknowledges and agrees that certain Customer Content or usage data may be transmitted to Third-Party Service Providers solely as necessary for BrainScience to provide the Service. As of the Effective Date, BrainScience's UX/UI vendor may receive usage data necessary to support design and performance refinement but is not provided access to personally identifiable Student Data. . Customer further agrees that, as between the Parties, Customer is solely responsible for its and its Authorized Users' use of all AI Features. Customer accepts that, as AI Features utilize artificial intelligence technology, such features may provide Output that is inaccurate or inappropriate as a response to the input provided. Due to the nature of machine learning, Output may not be unique across users and the Service may generate the same or similar output for BrainScience or a third party. Customer is responsible for evaluating the accuracy and suitability of Output as appropriate for Customer's use case, assessing any potential biases, and subjecting Output to Customer's standard quality control procedures within its business, including by using human review of Output. Customer agrees, and shall cause its Authorized Users to agree, that BrainScience shall have no responsibility or liability arising from the provision of inaccurate or inappropriate Output or any decisions made in reliance on such Output, and that such decisions are made at its own risk. Customer acknowledges and agrees that the use of Third-Party Services, including the transmission of certain Customer Content to such Third-Party Services, is an integral and necessary part of BrainScience's delivery of the Service. Customer agrees that BrainScience shall have no responsibility or liability arising from any use, storage, data breach, or deletion of such Customer Content by Third-Party Service Providers. BrainScience cannot guarantee the continued availability of Third-Party Services and may temporarily or permanently cease providing, without entitling Customer to refund, credit, or compensation, any particular Third-Party Services if the applicable Third-Party Service Provider suspends, modifies, or alters such Third-Party Services.

Pilot Period.

If Customer signs up for a pilot, free trial, or otherwise uses the Service for free, BrainScience will provide the Service to Customer at no charge until the sooner of (a) the end of the pilot period set forth on the applicable Order Form ("Pilot Period"), or (b) the start date of any subscriptions ordered for such Service. NOTWITHSTANDING ANYTHING TO THE CONTRARY, DURING THE PILOT PERIOD, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY REPRESENTATION OR WARRANTY OF ANY KIND. BRAINSCIENCE EXPRESSLY DISCLAIMS ANY AND ALL INDEMNIFICATION OR SUPPORT OBLIGATIONS WITH RESPECT TO ANY PILOT PERIOD OR FREE TRIAL SERVICE.

Fees

5.1. Fees, Invoicing, and Payment. Customer will pay all fees specified in the Order Form. Payment obligations are non-cancelable and, except as expressly set forth herein, fees paid are non-refundable. All fees will be invoiced by BrainScience in accordance with the terms set forth in the Order Form. Full payment for invoices issued must be received within thirty (30) days from Customer's receipt of the invoice. If any fees owed by Customer (excluding amounts disputed in reasonable and good faith) have not been paid by the applicable due date, BrainScience reserves the right to apply a finance charge of one and a half percent (1.5%) per month on any outstanding balance, or the maximum permitted by law, whichever is lower, and be reimbursed for all expenses of collection.

5.2. Taxes. The fees are exclusive of, and Customer will be solely responsible for, all applicable taxes in connection with this Agreement, including any sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties (but excluding taxes based on BrainScience's net income). Should any payment for the services provided by BrainScience be subject to withholding tax by any taxing authority, Customer will reimburse BrainScience for such withholding tax.

5.3. Payment via Credit Card. If Customer is purchasing a subscription to the Service via credit card, debit card or other payment card ("Payment Card"), the following terms apply:

5.3.1. Recurring Billing Authorization. Customer's credit card agreement governs its use of the designated credit card or account. By providing BrainScience with credit card information, Customer agrees that BrainScience is authorized to invoice and charge Customer's account for all fees and charges due and payable to BrainScience and that no additional notice or consent is required.

5.3.2. Invalid Payment. If a payment is not successfully settled due to expiration of a Payment Card, insufficient funds, or otherwise, Customer remains responsible for any amounts not remitted to BrainScience and BrainScience may, in its sole discretion, (a) invoice Customer directly for the deficient amount, (b) continue billing the Payment Card once it has been updated by Customer (if applicable), or (c) terminate this Agreement.

BrainScience Proprietary Rights.

6.1. BrainScience Property. Subject to Customer's rights in the Customer Content, BrainScience reserves and retains, and as between BrainScience and Customer, BrainScience exclusively owns, all rights, title, and interest in and to the Service, and all other Output generated in connection with the Services (collectively, "BrainScience Materials"), including all modifications, derivative works, upgrades, and updates thereto, and all related intellectual property rights therein. No rights are granted by BrainScience hereunder other than as expressly set forth herein. To the extent that Customer has or acquires any right (including intellectual property rights), title or interest in or to such BrainScience Materials, or any improvements or derivatives thereof, Customer hereby assigns the same to BrainScience, and covenants to execute all documents reasonably requested by BrainScience to confirm the same. If Customer or any Authorized User provides BrainScience with any feedback or suggestions regarding the Service, then Customer grants BrainScience an unlimited, irrevocable, perpetual, sublicensable, royalty-free license to use any such feedback or suggestions for any purpose without any obligation or compensation to Customer or any Authorized User.

6.2. Generic Tools. Prior hereto and/or during the course of this Agreement, BrainScience has and/or will develop certain coding, programming or designing techniques, architecture, trade secrets, methodology, APIs, functions, applications, knowledge, experience, skills, templates, other know-how and related intellectual property rights, which BrainScience may use on other projects as part of the tools of BrainScience's business and that such developments and intellectual property rights shall constitute "Generic Tools," so long as, and to the extent that, they do not include any Customer Content. The Parties acknowledge and agree that BrainScience's other customers may modify (or request modification of) the Generic Tools in similar manners and nature as Customer and nothing in this Agreement prohibits such activities. BrainScience retains all right, title and interest in and to Generic Tools and associated intellectual property rights as may be made available to Customer under this Agreement.

6.3. Performance Data. BrainScience may create, generate, and use general performance and usage data in connection with Customer's use of the Service (such as technical logs, account and login data, and processed volumes) ("Performance Data"), in each case, for the purposes of training, improving and analyzing the Service and its associated software, technology and algorithmic models. BrainScience retains all right, title, and interest, including all intellectual property rights, in and to Performance Data. For purposes of this Agreement, Performance Data does not contain any and does not constitute Personal Data (as defined in Exhibit A).

Customer Proprietary Rights

7.1. Customer Content. As between Customer and BrainScience, Customer owns all rights, title, and interest in and to the Customer Content. Customer grants to BrainScience a worldwide, non-exclusive, royalty-free limited license during the Term to access, use, copy, store, distribute, transmit, modify, perform, display, and create derivative works of Customer Content only: (a) to provide, maintain, and update the Service and other BrainScience offerings; (b) to prevent or address service or technical problems; (c) as compelled by law; (d) as expressly permitted in writing by Customer; (e) to create Performance Data and Aggregated or Deidentified Data and to use such data during and after the Term, for any legal purpose, including to improve the Service and BrainScience's offerings; (f) to create Deidentified Data and use such data during and after the Term for research, validation studies, and academic publication; provided no such publication identifies Customer or any individual; and (g) to provide necessary access to Third-Party Service Providers acting on BrainScience's behalf, such as providers of AI Features, provided that such Customer Content shall not be used by BrainScience's providers as training data for AI models. Subject to the limited licenses granted herein, BrainScience acquires no right, title or interest under this Agreement in or to any Customer Content.

Confidentiality

8.1. Definition. "Confidential Information" means all confidential information disclosed by a Party ("Disclosing Party") to the other Party ("Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including all copies thereof. Confidential Information of BrainScience includes the Service (including its software and content), and Confidential Information of each Party includes the terms of this Agreement. However, Confidential Information will not include any information that: (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without use of or reliance on the Confidential Information of the Disclosing Party.

8.2. Protection. The Receiving Party will: (a) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care); (b) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (c) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of the Receiving Party's employees, contractors, and agents who need such access for purposes consistent with this Agreement and who are subject to confidentiality obligations at least as restrictive as those herein. The Receiving Party will provide prompt written notice to the Disclosing Party of any unauthorized use or disclosure of the Disclosing Party's Confidential Information. Upon request of the Disclosing Party during the Term, the Receiving Party will promptly return, or at the Disclosing Party's option destroy, any or all Confidential Information of the Disclosing Party in the Receiving Party's possession or under its control.

8.3. Compelled Disclosure. The Receiving Party may access or disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled access or disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's expense, if the Disclosing Party wishes to contest the access or disclosure.

8.4. Privacy and Security. The Parties agree that they each will comply with their respective obligations as required under the Data Protection Addendum, ("DPA"), attached as Exhibit A, and which is incorporated into and forms part of this Agreement. To the extent the DPA conflicts with the provisions of this Agreement, the DPA will prevail.

Representations, Warranties, and Disclaimers

9.1. Mutual Representations. Each Party represents that: (a) it is duly organized, validly existing, and in good standing under its jurisdiction of organization and has the right to enter into this Agreement; and (b) the execution, delivery, and performance of this Agreement are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party, and constitute a valid and binding agreement of such Party.

9.2. By Customer. Customer represents and warrants that (a) it has obtained and will maintain all rights, consents, and permissions necessary for Customer to make available the Customer Content to BrainScience for its use as contemplated herein; (b) the Customer Content does not include any of the following: (i) export controlled materials; or (ii) data regulated by the Health Insurance Portability and Accountability Act, the Gramm Leach Bliley Act, or the EU General Data Protection Regulation or any successor laws; and (c) that no Customer Content will violate or infringe any third-party intellectual property, publicity, privacy or other rights, or any applicable laws.

9.3. Disclaimer. TO THE MAXIMUM EXTENT PERMITTED BY APPLCIABLE LAW, THE SERVICE, OUTPUT, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND BRAINSCIENCE EXPRESSLY DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. BRAINSCIENCE DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE OR WILL MEET CUSTOMER'S OR ANY AUTHORIZED USERS' REQUIREMENTS. CUSTOMER ACKNOWLEDGES AND AGREES THAT (I) BRAINSCIENCE AND THE SERVICE ONLY PROVIDE INFORMATION AND OUTPUT TO ASSIST CUSTOMER; AND (II) CUSTOMER BEARS ALL RESPONSIBILITY, AND BRAINSCIENCE WILL HAVE NO LIABILITY FOR, DECISIONS BASED ON ANY OUTPUT OR ANY OTHER INFORMATION PROVIDED TO CUSTOMER VIA THE SERVICE OR BY BRAINSCIENCE.

THE SERVICE IS INTENDED AS AN OUTPUT GENERATION TOOL ONLY AND DOES NOT CONSTITUTE ADVICE OF A CERTIFIED OR QUALIFIED EDUCATIONAL PROFESSIONAL AND BRAINSCIENCE MAKES NO WARRANTY OR GUARANTY THAT THE OUTPUT OR PUBLIC APPS WILL PROVIDE ACCURATE, TAILORED, OR INFORMATIVE RESULTS OR BE FIT FOR ANY PARTICULAR PURPOSE. BRAINSCIENCE DOES NOT REPRESENT OR WARRANT THAT THE OUTPUT OR PUBLIC APPS DO NOT INCORPORATE, INFRINGE OR MISAPPROPRIATE THE INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS OF ANY THIRD PARTY. CUSTOMER ACKNOWLEDGES THAT THE AI FEATURES LEVERAGE THIRD-PARTY SERVICES AND THAT BRAINSCIENCE IS NOT LIABLE, AND CUSTOMER AGREES NOT TO SEEK TO HOLD BRAINSCIENCE LIABLE, FOR THIRD-PARTY SERVICES, AND THAT THE RISK OF INJURY FROM SUCH THIRD-PARTY SERVICES RESTS ENTIRELY WITH CUSTOMER. CUSTOMER SHALL BE SOLELY RESPONSIBLE FOR CUSTOMER'S AND AUTHORIZED USERS' USE OF THE SERVICE AND ANY OUTPUT RESULTING THEREFROM. CUSTOMER SHOULD EVALUATE THE FITNESS OF ANY OUTPUT AS APPROPRIATE FOR CUSTOMER'S SPECIFIC USE CASE.

FROM TIME TO TIME, BRAINSCIENCE MAY OFFER NEW "BETA" FEATURES OR TOOLS WITH WHICH ITS CUSTOMERS AND THEIR AUTHORIZED USERS MAY EXPERIMENT. SUCH FEATURES OR TOOLS ARE OFFERED SOLELY FOR EXPERIMENTAL PURPOSES AND WITHOUT ANY WARRANTY OF ANY KIND, AND MAY BE MODIFIED OR DISCONTINUED AT BRAINSCIENCE'S SOLE DISCRETION. THE PROVISIONS OF THIS SECTION APPLY WITH FULL FORCE TO SUCH FEATURES OR TOOLS.

Indemnification

10.1. BrainScience Indemnification. BrainScience will defend Customer from and against any lawsuit or proceeding brought by a third party to the extent alleging that Customer's use of the Service as permitted hereunder infringes or misappropriates such third party's intellectual property rights, and BrainScience will indemnify Customer for any damages and any reasonable attorneys' fees finally awarded against it arising from such lawsuit or proceeding; provided, however, that BrainScience will have no liability under this Section to the extent any such lawsuit or proceeding arises from: (a) Customer Content, any Third-Party Services, or any other third party-provided products, services, or data; (b) Customer's or any of its Authorized Users' negligence, misconduct, or breach of this Agreement; or (c) any modification or combination of the Service that is not performed by BrainScience.

10.2. Customer Indemnification. Customer will, to the extent permitted by applicable law, defend BrainScience from and against any lawsuit or proceeding brought by a third party to the extent alleging (a) Customer's breach of Sections 3.2, 3.4, 9.1 or 9.2, (b) that any Customer Content infringes, misappropriates, or otherwise violates the rights, including privacy and publicity rights, of any other party, or (c) Customer's or any Authorized User's particular use of the Service or use or provision of any Customer Content violates any applicable laws or government regulations, and Customer will indemnify BrainScience for any damages and any reasonable attorneys' fees finally awarded against it arising from such lawsuit or proceeding; provided, however, that Customer will have no liability under this Section to the extent any such lawsuit or proceeding arises from BrainScience's negligence, misconduct, or breach of this Agreement.

10.3. Procedures. The indemnified Party will provide the indemnifying Party with: (a) prompt written notice of any matter that is subject to indemnification hereunder; (b) the right to assume the exclusive defense and control of any such matter (provided that the indemnified Party may participate in the defense at its own expense); and (c) cooperation with any reasonable requests assisting the indemnifying Party's defense of such matter. The indemnifying Party may not settle any such lawsuit or proceeding without the indemnified Party's prior written consent.

10.4. Exclusive Remedy. This Section 9.3 states the indemnifying Party's sole liability, and the indemnifying Party's exclusive remedy, for any type of claim described in this Section 9.3.

Limitation of Liability

11.1. Exclusion of Certain Damages. SUBJECT TO SECTION 11.2, IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

11.2. Liability Cap. SUBJECT TO SECTION 11.2, IN NO EVENT WILL EITHER PARTY'S AGGREGATE LIABILITY RELATING TO THIS AGREEMENT EXCEED THE FEES PAID BY CUSTOMER TO BRAINSCIENCE IN THE TWELVE MONTHS PRECEDING THE EVENT THAT GAVE RISE TO THE CLAIM.

11.3. Exclusions. THE LIMITATIONS OF LIABILITY IN SECTION 11 AND THE CAP ON LIABILITY IN SECTION 11.1 DO NOT APPLY TO (A) DAMAGES ARISING FROM A BREACH BY A PARTY OF SECTION 3.2, 3.4, 7.1, OR 9.1; (B) A PARTY'S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9.3; AND (C) ANY DEATH OR PERSONAL INJURY CAUSED BY EITHER PARTY'S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.

11.4. Scope. For the avoidance of doubt, the exclusions and limitations set forth in this Section 1110.4 will apply with respect to all legal theories of liability, whether in contract, tort, or otherwise . The Parties agree that the exclusions and limitations set forth in this Section 10.4 allocate the risks between the Parties under this Agreement, and that they have relied on these exclusions and limitations in determining whether to enter into this Agreement.

Term, Termination, and Suspension

12.1. Term of the Agreement. This Agreement commences on the Effective Date and, unless earlier terminated in accordance with the terms of this Agreement, will continue through the end of the school year specified in the Order Form (the "Initial Term"). Thereafter, this Agreement (including the Order Form) will automatically renew for successive additional periods of one (1) year each (each, a "Renewal Term") unless either Party provides the other with written notice of non-renewal at least thirty (30) days prior to the expiration of the Initial Term or the then-current Renewal Term. Customer agrees that BrainScience may implement or modify the fees for each Renewal Term by providing Customer with written notice of such modification at least thirty (30) days prior to the expiration of the Initial Term or the then-current Renewal Term, as applicable. The Initial Term and each Renewal Term, if any, are collectively referred to herein as the "Term."12.2. Suspension. BrainScience may suspend Customer's or any or all Authorized Users' access to the Service, in whole in part, if: (a) Customer or any Authorized User is using the Service in violation of this Agreement or any applicable law; (b) Customer's or any Authorized Users' systems or accounts have been compromised or unlawfully accessed; (c) suspension of the Service is necessary, in BrainScience's reasonable discretion, to protect the security of the Service or BrainScience's infrastructure; (d) suspension is required by applicable law; or (e) if applicable, any fees owed by Customer (excluding amounts disputed in reasonable and good faith) are thirty (30) days or more overdue.

12.3. Termination for Cause. Either Party may terminate this Agreement effective after thirty (30) days' written notice if the other Party materially breaches this Agreement and such breach is not cured within such thirty (30)-day period. Upon any termination for cause by Customer, BrainScience will promptly refund Customer any prepaid fees covering the period remaining in the Term after the effective date of such termination. Upon any termination for cause by BrainScience, Customer will promptly pay BrainScience any unpaid fees covering the period remaining in the Term after the effective date of such termination.

12.4. Effects of Termination. In no event will any termination of this Agreement relieve Customer of its obligation (if applicable) to pay any fees payable to BrainScience for the period of time prior to the effective date of such termination. Upon any termination of this Agreement, Customer and all Authorized Users must immediately cease all use of the Service. For a period of thirty (30) days following any termination of this Agreement, BrainScience will, upon Customer's request, provide Customer with an export of all current Customer Content in the format agreed by the Parties. After such thirty (30)-day period, BrainScience will have no obligation to maintain or provide any Customer Content and BrainScience may, unless prohibited by applicable law, delete all Customer Content in its systems or otherwise in its possession or under its control in accordance with BrainScience's then-current data retention and deletion policies. Subject to this Section, upon any termination of this Agreement and the Disclosing Party's request, the Receiving Party will promptly return, or at the Disclosing Party's option destroy, any or all Confidential Information of the Disclosing Party in the Receiving Party's possession or under its control.

12.5. Survival. The following sections will survive any termination or expiration of this Agreement: 1, 3.2, 3.4, 3.5, 5, 6, 7, 8, 9, 10, 11, 12.5, and 13.

General Provisions

13.1. Dispute Resolution & Governing Law. This Agreement and any dispute arising from or relating to this Agreement are governed by the laws of the State of California, without regard to its conflict of law principles. Customer further agrees to accept service of process by mail. To the extent the Parties are permitted under this Agreement to initiate litigation in court, the Parties' consent to exclusive personal jurisdiction and venue in the state and federal courts located in San Mateo County, California. If Customer is a United States public educational institution, domiciled in a state within the United States that expressly requires a choice of law other than California state law, then the laws of Customer's state will apply. If Customer is a United States public educational institution domiciled in a state within the United States that expressly requires venue or jurisdiction of a state other than California, then the required venue and jurisdiction so required by Customer's state will apply.

13.2. Force Majeure. Neither Party will be liable hereunder by reason of any failure or delay in the performance of its obligations due to events beyond the reasonable control of such Party, which may include natural disasters, fires, epidemics, pandemics, riots, war, terrorism, denial of service attacks, internet outages, labor shortages, and judicial or government action.

13.3. Assignment. Neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other Party. Notwithstanding the foregoing, either Party may assign or transfer this Agreement in its entirety, without the consent of the other Party, in connection with a merger or sale of all or substantially all of its assets. Any purported assignment in violation of this Section will be null and void. This Agreement will bind and inure to the benefit of the Parties, their respective successors, and permitted assigns.

13.4. Export Control. In its use of the Services, Customer agrees to comply with all export and import laws and regulations of the United States and other applicable jurisdictions. Without limiting the foregoing, (a) Customer represents and warrants that it is not listed on any U.S. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a U.S. government embargo or that has been designated by the U.S. government as a "terrorist supporting" country, (b) Customer will not (and will not permit any of its users to) access or use the Services in violation of any U.S. export embargo, prohibition or restriction, and (c) Customer will not submit to the Services any information that is controlled under the U.S. International Traffic in Arms Regulations.

13.5. Notices. All notices under this Agreement will be in writing and (a) if to Customer, addressed to the Customer at the addresses set forth on the Order Form and (b) if to BrainScience at 7 Yanez Court, Redwood City, CA 94062 and will be deemed to have been duly given: (i) upon receipt if personally delivered or sent by certified or registered mail with return receipt requested; or (ii) the first business day after sending by email or by next day delivery by a recognized overnight delivery service.

13.6. Relationship of the Parties; Third-Party Beneficiaries. The Parties are independent contractors, and this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. There are no third-party beneficiaries to this Agreement.

13.7. Waiver. No failure or delay by either Party in exercising any right under this Agreement will constitute a waiver of that right.

13.8. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, such provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in full force and effect.

13.9. Subcontractors. BrainScience may use one or more third parties to fulfill any of its obligations hereunder, provided that with respect to any such obligations that are subcontracted to or provided by any third party, BrainScience expressly assumes all liability and responsibility for such third party's compliance with, including, without limitation, any breach of, the terms of this Agreement.

13.10. Entire Agreement. This Agreement, including any addenda hereto and all Order Forms, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter hereof. No modification, amendment, or waiver of any provision of an Order Form will be effective unless in writing and signed by each of the Parties. BrainScience may modify these Terms and Conditions on a going forward basis from time to time by posting the modified Terms and Conditions to https://brainscience.works/privacy-policy/, and any such modifications will take effect upon renewal of the then-current Term. To the extent of any conflict or inconsistency between these Terms and Conditions, any exhibit attached hereto, or any Order Form, the terms set forth in these Terms and Conditions will control unless the conflicting term in the other document specifically references the inconsistent term of these Terms and Conditions, in which case the conflicting term will control only for the limited purposes set forth in the document containing such term. Notwithstanding any language to the contrary therein, no terms or conditions stated in any Customer purchase order or other Customer order documentation (excluding Order Forms) will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void. As used herein, the words "include" and "including" shall be deemed to be followed by the words "without limitation." Titles and headings of sections are for convenience only and shall not affect the construction of any provision of this Agreement.

Exhibit A

BrainScience Incorporated Data Protection Addendum

  • United States. With respect to Authorized Users in the United States, the following provisions shall apply:
  • Definitions. Capitalized words used in this DPA that are not expressly defined in this DPA have the meaning set forth in the Agreement.
  • "Data Protection Legislation" means applicable federal, state, local, and municipal laws and regulations in the United States that relate to the privacy, data protection or data security of Personal Data.
  • "Personal Data" means information about a specific individual that is provided, submitted, or otherwise made available to BrainScience by or on behalf of Customer or any Authorized User in connection with any of the Service that constitutes "personal data", "personal information", "personally identifiable information" or similar term under applicable law. For clarity, Anonymized or Deidentified Data and Performance Data do not constitute Personal Data.
  • "Process" shall have the same meaning as set out in the applicable Data Protection Legislation or if no such meaning or concept exists, it shall be the means by which BrainScience collects, uses, stores, discloses, or transfers Personal Data.
  • Compliance with Laws; Roles. Each Party shall comply with all Data Protection Legislation applicable to it in its respective Processing of Personal Data under the Agreement. For purposes of this Agreement and as between the parties, Customer is the controller of the Personal Data and BrainScience is the processor of such data.
  • Notices and Consents. Customer shall provide all notices and obtain all such consents required under applicable Data Protection Legislation (including, without limitation, consents required under the Family Education Rights and Privacy Act, 20 U.S.C. § 1232g and its implementing regulations, 34 C.F.R. Part 99 (together, "FERPA")) from the Authorized Users to allow BrainScience to Process the Personal Data to provide the Service and as otherwise described in the Agreement, including in this DPA (the "Notices and Consents"). Customer represents and warrants that it has obtained and will maintain the Notices and Consents for all Authorized Users through the entire term of the Agreement.
  • Details of Processing. Personal Data will be Processed for the purposes set forth in the Agreement and any applicable Order Form.
  • Obligations.
    • BrainScience shall implement and maintain reasonable administrative, technical and organizational measures that are designed to preserve the confidentiality and availability of Personal Data Processed by BrainScience via the Service. BrainScience shall implement the technical and organizational measures set forth in Annex 1 (Security Measures) ("Security Measures"). Customer has reviewed Security Measures and agrees that such measures are appropriate and fulfill the requirements of this Section 6(a), taking into account the state of the art, the costs of implementation, nature, scope, context and purposes of the processing of Personal Data hereunder.
    • BrainScience shall take reasonable steps to train any employees who have access to the Personal Data on applicable Data Protection Legislation and that are designed to prevent employees from disclosing Personal Data for reasons other than those necessary for their Processing of the Personal Data.
    • BrainScience engages certain third-party entities to Process the Personal Data on BrainScience's behalf ("Sub-processors"). A list of Sub-processors can be provided upon request. BrainScience shall enter into an agreement with each Sub-processor containing terms that offer substantially similar levels of data protection obligations and protection for Personal Data as those set out in this Section. Customer consents to BrainScience engaging the Sub-processors for the purposes set forth in the Agreement and this DPA. A list of Sub-processors is available in Annex [X] of this DPA/at [WEBSITE] (the "Sub-processor Site"). BrainScience may continue to use those Sub-processors already engaged by BrainScience as at the date of this DPA.
    • If BrainScience becomes aware of a confirmed breach of its security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data (a "Security Incident"), BrainScience shall inform Customer within a reasonable amount of time of becoming aware, taking into account the timeframes required by Data Protection Legislation, with respect to the Security Incident. BrainScience will provide, to the extent available, reasonable information, cooperation, and updates of material developments to enable Customer to fulfill any data breach reporting obligations it may have under Data Protection Legislation. However, BrainScience's provision of information and cooperation shall be at Customer's cost and expense to the extent any Security Incidents either (i) were not caused by BrainScience's breach of its obligations in this DPA or (ii) were caused by Customer or its Authorized Users or Data Subjects (as defined below). BrainScience's notification of a Security Incident pursuant to this section shall not be considered an acknowledgement of any fault or liability with respect to the Security Incident. BrainScience may take such other measures as it deems appropriate to mitigate the effects of the Security Incident and to comply with applicable legal requirements.
  • Data Subject Inquiries. Customer shall be solely responsible for responding to and fulfilling any inquiries from Authorized Users and other data subjects, including parents and legal guardians of Authorized Users where the Authorized User is a student of Customer (collectively, "Data Subjects"), regarding their Personal Data in connection with the Processing under the Agreement, including any requests to exercise their rights under applicable Data Protection Legislation, and Customer shall handle all Data Subject inquiries in accordance with applicable Data Protection Legislation. Customer understands that BrainScience is not required to take any action in response to any requests from Data Subjects except to notify such Data Subjects to contact Customer. To the extent Customer cannot obtain a copy of, delete or amend the Personal Data directly within the Service, Customer may contact BrainScience, and BrainScience, with Customer's express written permission and provided Customer has obtained the appropriate consent from the applicable Data Subject, will provide a copy of, delete or amend such Data Subject's Personal Data in accordance with Customer's instructions. To the extent legally permitted, Customer shall be responsible for reasonable costs arising out of BrainScience's provision of assistance with Customer's Data Subject requests. Customer shall indemnify, defend, and hold harmless BrainScience and its affiliates, subsidiaries, successors and assigns (and the officers, directors, employees, sublicensees, customers, and agents of BrainScience and its affiliates, subsidiaries, successors, and assigns), from and against any and all losses, demands, liabilities, damages, fines, settlements, expenses, and costs (including without limitation reasonable attorneys' fees and costs), arising from, in connection with, BrainScience complying with Customer's instructions under this Agreement.
  • Authorized Disclosure of Personal Data.
    • Customer acknowledges and agrees that, at Customer's request and reasonable cost, BrainScience may provide Personal Data to third-parties or other entities to whom Customer requests BrainScience provide Personal Data (e.g., State Board of Education). Customer shall make such a request to disclose Personal Data in writing ("Authorization"). Customer acknowledges and agrees that each Authorization will result in Customer electing, in its sole discretion, to transfer the Personal Data to the recipients that Customer selects.
    • The entities identified in Section 8(a) are collectively defined as "Recipients."
    • Customer acknowledges that Customer's information may contain Personal Data and may be subject to Data Protection Legislation. Customer will hold BrainScience harmless, and not liable in any way, for BrainScience's disclosure of Personal Data to the Recipients in accordance with an Authorization.
    • BrainScience makes no warranty (a) that the use of the Personal Data by the Recipient is valid or in compliance with applicable Data Protection Legislation and Customer's organization's policies or (b) that Personal Data will remain secure upon transfer to the Recipient, and disclaims any responsibility for the transfer. Customer acknowledges that the Personal Data will be provided on an "as is", "as available" basis.
  • Data Retention. BrainScience will delete Personal Data within a reasonable amount of time after the termination or expiration of the Agreement, except that BrainScience may retain Personal Data as required by applicable legal requirements or as agreed by Customer. For the avoidance of doubt, the foregoing shall not apply to Anonymized or Deidentified Data.
  • BrainScience Data. Customer acknowledges and agrees that BrainScience may create and derive Anonymized or Deidentified Data or Performance Data from Processing related to the Agreement, including in connection with the Service. In generating such data, BrainScience shall (a) take reasonable measures to ensure that such data cannot be associated with a Data Subject and (b) not attempt to reidentify such data, except as permitted under Data Protection Legislation.
  • Education Records. As applicable, to the extent BrainScience has access to "Education Records" and "Personally Identifiable Information" (as those terms are defined in Family Education Rights and Privacy Act, 20 U.S.C. § 1232g and its implementing regulations, 34 C.F.R. Part 99 (together, "FERPA")) in connection with its provision of the Service that is not otherwise permitted under FERPA: (a) Customer agrees that BrainScience has met the criteria for being a "School Official" with "Legitimate Educational Interests" (as those terms are used in FERPA) in such Education Records and Personally Identifiable Information; and (b) BrainScience agrees that such Education Records and Personally Identifiable Information will be used only for authorized purposes under the Agreement, and it will not redisclose such Education Records or Personally Identifiable Information except with Authorization from Customer or where such redisclosure is otherwise permitted under FERPA.
  • Compliance; Audits.
    • Taking into account the nature of the Processing of Personal Data by BrainScience and the information available to BrainScience, where required by applicable law, BrainScience shall provide such information and assistance to Customer as Customer may reasonably request (insofar as such information is available to BrainScience and the sharing thereof does not compromise the security, confidentiality, integrity or availability of any data Processed by BrainScience) to help Customer meet its obligations under Data Protection Legislation, including in relation to the security of Personal Data, the reporting and investigation of Security Incidents, the demonstration of Customer's compliance with such obligations and the performance of any data protection assessments.
    • Subject to Section 12(c) below, where required by applicable law, BrainScience shall make available to Customer such information as Customer may reasonably request for BrainScience to demonstrate compliance with Data Protection Legislation and this DPA. Without limitation of the foregoing, Customer may conduct (in accordance with this Agreement), at its sole cost and expense, and BrainScience will reasonably cooperate with, reasonable audits (including inspections, manual reviews, automated scans and other technical and operational testing that Customer is entitled to perform under Data Protection Legislation), in each case, whereby Customer or a qualified and independent auditor appointed by Customer using an appropriate and accepted audit control standard or framework may audit BrainScience's technical and organizational measures in support of such compliance and the auditor's report is provided to Customer and BrainScience upon Customer's request.
    • Customer shall give BrainScience reasonable advance notice of any such audits. BrainScience need not cooperate with any audit (a) performed by any individual or entity who has not entered into a non-disclosure agreement with BrainScience on terms acceptable to BrainScience in respect of information obtained in relation to the audit; (b) conducted outside of BrainScience's normal business hours at the relevant site; or (c) on more than one occasion in any calendar year during the term of the Agreement, except for any additional audits that Customer is required to perform under Data Protection Legislation. The audit must be conducted in accordance with BrainScience's safety, security or other relevant policies, must not impact the security, confidentiality, integrity or availability of any data Processed by BrainScience and must not unreasonably interfere with BrainScience's business activities. Customer shall not conduct any scans or technical or operational testing of BrainScience's applications, websites, services, networks or systems without BrainScience's prior approval (which shall not be unreasonably withheld).
  • State Specific Privacy Addenda. If applicable, the Parties agree to the State Specific Data Protection Addenda for the applicable state(s).
  • Updates to this DPA. Notwithstanding anything to the contrary in the Agreement, BrainScience reserves the right to modify this DPA from time to time in its sole discretion and without Customer's prior consent except where required by applicable law ("Updated DPA"). Customer agrees that any Updated DPA will be effective immediately upon BrainScience emailing the Updated DPA to Customer, unless BrainScience is required by applicable law to obtain Customer's consent, in which case, such Updated DPA will be effective immediately upon the provision of such consent. BrainScience will also endeavor to notify Customer of any material revision to this DPA at least ten (10) days prior to such revision coming into effect, using Customer's email address.

State Specific Addenda

Capitalized words used in this State Specific Data Protection Addendum but not defined herein have the meanings given to them in the DPA or in the Agreement.

California

With respect to Pupil Records (as defined in Cal. Educ. Code § 49073.1) that BrainScience processes on behalf of a Customer in California, the following provisions shall apply to the extent required by applicable law:

  • Pupil Records that BrainScience processes on behalf of Customer are the property of and under the control of Customer, except an Authorized User may retain possession and control of Authorized User-Generated Content where the Authorized User opens a personal account.
  • BrainScience shall limit its use of Pupil Records to those purposes specified in the Agreement, the DPA, and any notice of practices relating to children’s privacy.
  • Procedures for the review and correction of Pupil Records shall be in accordance with the DPA.
  • BrainScience shall implement, maintain, and use reasonable measures to ensure the security and confidentiality of Pupil Records as specified in the DPA.
  • Procedures for notification in the event of unauthorized disclosure of Pupil Records shall be in accordance with the terms of the DPA.
  • BrainScience certifies that retention of Pupil Records shall be limited in accordance with the terms of the DPA.
  • BrainScience’s and Customer’s access to and use of Education Records and Personally Identifiable Information (as defined in FERPA) shall be subject to the terms of the DPA.
  • BrainScience shall not use Personal Data in Pupil Records to engage in targeted advertising.

Colorado

With respect to Student Personally Identifiable Information (as defined in Colo. Rev. Stat. Ann. § 22-16-103) that BrainScience processes on behalf of a Customer in Colorado, the following provisions shall apply to the extent required by applicable law:

  • BrainScience shall comply in all material respects with the requirements of Colo. Rev. Stat. § 22-16-108 with regard to the provision of clear information regarding collection, use, and disclosure of Student Personally Identifiable Information, as specified in the DPA and any notice of practices relating to children’s privacy.
  • BrainScience shall comply in all material respects with Colo. Rev. Stat. § 22-16-109 with regard to the collection, use, and disclosure of Student Personally Identifiable Information, as specified in the DPA and any notice of practices relating to children’s privacy.
  • BrainScience shall comply in all material respects with the requirements of Colo. Rev. Stat. § 22-16-110 with regard to data security and retention of Student Personally Identifiable Information, as specified in the DPA and any notice of practices relating to children’s privacy.

Connecticut

With respect to Student Information, Student Records, and Student-generated Content (as those terms are defined in Conn. Gen. Stat. § 10-234aa) (collectively, "CT Student Data") that BrainScience processes on behalf of a Customer in Connecticut, the following provisions shall apply to the extent required by applicable law:

  • CT Student Data that BrainScience processes on behalf of Customer are Customer Content and under the control of Customer.
  • BrainScience's retention of CT Student Data shall be in accordance with the DPA and any notice of practices relating to children's privacy.
  • BrainScience shall limit its use of CT Student Data to those purposes specified in the Agreement, DPA, and any notice of practices relating to children's privacy.
  • Procedures for the review and correction of CT Student Data shall be in accordance with any notice of practices relating to children's privacy.
  • BrainScience shall implement, maintain, and use reasonable measures to ensure the security and confidentiality of CT Student Data as specified in the DPA.
  • Procedures for notification in the event of unauthorized disclosure of CT Student Data shall be in accordance with the terms of the DPA.
  • BrainScience and Customer access to and use of Education Records and Personally Identifiable Information (as defined in FERPA) shall be subject to the terms of the DPA.
  • Laws of the state of Connecticut shall govern rights and duties with regard to CT Student Data, as specified in the Agreement.
  • In the event that any provision or the application of the Agreement or DPA is held invalid by a court of competent jurisdiction, severability of terms shall be in accordance with the Agreement.

District of Columbia

With respect to Personally Identifiable Student Information (as defined in D.C. Code § 38-831.01(14)) that BrainScience processes on behalf of a Customer in the District of Columbia, the following provisions shall apply to the extent required by applicable law:

  • Procedures for notification in the event of unauthorized disclosure of Personally Identifiable Student Information shall be in accordance with the terms of the DPA.
  • Personally Identifiable Student Information that BrainScience processes on behalf of Customer is Customer Content and under the control of Customer.
  • Retention of Personally Identifiable Student Information shall be limited in accordance with the terms of the DPA.

Idaho

With respect to Student Data (as defined in Idaho Code Ann. § 33-133) that BrainScience processes on behalf of a Customer in Idaho, the following provisions shall apply to the extent required by applicable law:

  • BrainScience is permitted to use Aggregated Data, as disclosed in the DPA and the Agreement, as applicable.
  • BrainScience is permitted to use Student Data for secondary uses with consent of a student’s parent or guardian and as disclosed in accordance with the DPA and the Agreement, as applicable.
  • BrainScience shall not use (including for marketing or advertising purposes) or sell Student Data except as specified in the DPA or with express prior parental consent.

Illinois

With respect to Covered Information (as defined in 105 Ill. Comp. Stat. Ann § 85/5) that BrainScience processes on behalf of a Customer in Illinois, the following provisions shall apply to the extent required by applicable law:

  • The types of Covered Information for which BrainScience may act as a processor on behalf of Customer under the Agreement are specified in the DPA and any notice of practices relating to children’s privacy, as applicable.
  • The Services provided to Customer by Brainscience are specified in the Agreement.
  • Brainscience and Customer access to and use and disclosure of Education Records and Personally Identifiable Information (as defined in FERPA) shall be subject to FERPA, in accordance with the terms of the DPA.
  • Procedures in the event of a security breach shall be in accordance with the terms of the DPA; provided that, if the security breach is attributed to Brainscience, any costs and expenses incurred by the Customer in investigating and remediating the breach will be allocated between Brainscience and the Customer.
  • Brainscience’s retention of Covered Information shall be in accordance with the DPA and any notice of practices relating to children’s privacy, as applicable.
  • Brainscience agrees that Customer may publish a redacted copy of the Agreement and DPA on its website and/or make the documents available for inspection by the general public at its administrative office, as applicable.

Kansas

With respect to Personally Identifiable Student Data (as defined in Kan. Stat. Ann. § 72-6313) that Brainscience Processes on behalf of a Customer in Kansas, the following provisions shall apply to the extent required by applicable law:

  • Brainscience shall use the Personally Identifiable Student Data it processes on behalf of the Customer solely for the purposes specified in the Agreement, the DPA, and any notice of children’s privacy practices.
  • Brainscience shall comply with access, use, and security restrictions applicable to Personally Identifiable Student Data in accordance with the Agreement, the DPA, and any notice of children’s privacy practices.
  • Brainscience shall destroy Personally Identifiable Student Data in accordance with the terms of the Agreement, DPA, any notice of children’s privacy practices, and NISTSP800-88 standards as applicable.

Louisiana

With respect to Personally Identifiable Information (as defined in La. Stat. Ann. § 17:3914(B)(1)) that Brainscience processes on behalf of a Customer in Louisiana, the following provisions shall apply to the extent required by applicable law:

  • Brainscience shall limit access to Personally Identifiable Information it processes on behalf of Customer in accordance with the DPA and any notice of children’s privacy practices.
  • Brainscience shall comply with the standards governing the privacy and security of Personally Identifiable Information as set forth in the DPA and any notice of children’s privacy practices.
  • Privacy and security audits performed by Customer’s superintendent shall be completed in accordance with the DPA.
  • Procedures for unauthorized disclosure of Personally Identifiable Information shall be in accordance with the terms of the DPA.
  • Brainscience’s retention of Personally Identifiable Information shall be limited in accordance with the terms of the Agreement, DPA, and any notice of children’s privacy practices, as applicable.
  • Brainscience’s disposal of Personally Identifiable Information shall be done in accordance with the terms of the Agreement, DPA, and any notice of children’s privacy practices, as applicable.

Minnesota

With respect to Educational Data (as defined in Minn. Stat. § 13.32) that Brainscience processes on behalf of a Customer in Minnesota, the following provisions shall apply to the extent required by applicable law:

  • Brainscience shall limit access and authorization to access to Educational Data it processes on behalf of Customer in accordance with the terms of the Agreement, the DPA, and any notice of children’s privacy practices.

Missouri

With respect to Personally Identifiable Student Data (as that term is used in Mo. Ann. Stat. § 161.096) that Brainscience Processes on behalf of a Customer in Missouri, the following provisions shall apply to the extent required by applicable law:

  • Brainscience agrees to abide by terms that safeguard privacy and security of Personally Identifiable Student Data as specified in the DPA.
  • Brainscience shall not sell Personally Identifiable Student Data, including using it in furtherance of advertising.

Montana

With respect to Pupil Records (as defined in Mont. Code Ann § 20-7-1324(6)) that Brainscience processes on behalf of a Customer in Montana, the following provisions shall apply to the extent required by applicable law:

  • Pupil Records that Brainscience processes on behalf of Customer are the property of and under the control of Customer, except an Authorized User may retain possession and control of Authorized User-Generated Content where the Authorized User opens a personal account.
  • Brainscience shall limit its use of Pupil Records to those purposes specified in the Agreement, the DPA, and any notice of children’s privacy practices.
  • Procedures for the review and correction of Pupil Records shall be in accordance with the DPA.
  • Brainscience shall implement, maintain, and use reasonable measures to ensure the security and confidentiality of Pupil Records as specified in the DPA.
  • Procedures for notification in the event of unauthorized disclosure of Pupil Records shall be in accordance with the terms of the DPA.
  • Brainscience certifies that retention of Pupil Records shall be limited in accordance with the terms of the DPA.
  • Brainscience’s and Customer’s access to and use of Education Records and Personally Identifiable Information (as defined in FERPA) shall be subject to the terms of the DPA.
  • Brainscience shall not use Personal Data in Pupil Records to engage in targeted advertising.

Nevada

With respect to Personally Identifiable Information (as defined in Nev. Rev. Stat. § 388.272) that Brainscience Processes on behalf of a Customer in Nevada, the following provisions shall apply to the extent required by applicable law:

  • Brainscience shall protect the privacy and security of Personally Identifiable Information in accordance with the Agreement, the DPA, and any notice of practices relating to children’s privacy.
  • Brainscience agrees to terms relating to breach and termination as set forth in the Agreement.

New York

With respect to personally identifiable information (as defined in N.Y. Comp. Codes R. & Regs. tit. 8, § 121.1(m)) ("NY PII") that Brainscience processes on behalf of a Customer in New York, the following provisions shall apply to the extent required by applicable law (for the avoidance of doubt, NY PII is a subset of Personal Data as defined in the Agreement):

  • Brainscience certifies that its technologies, safeguards and practices align with the NIST Cybersecurity Framework.
  • Brainscience shall comply in all material respects with Customer's data security and privacy policy and applicable state and federal laws.
  • Brainscience shall limit access to NY PII it processes on behalf of Customer in accordance with the DPA and any notice of practices relating to children's privacy.
  • Brainscience shall limit its use of NY PII to those purposes specified in the Agreement, DPA, and any notice of practices relating to children's privacy.
  • Brainscience shall not disclose NY PII unless in accordance with the DPA, with the prior written consent of the parent or eligible student, or in accordance with a court order.
  • Brainscience shall implement, maintain, and use reasonable measures that are designed to ensure the security, confidentiality, and integrity of NY PII as specified in the DPA.
  • Brainscience shall use encryption to protect electronic NY PII in transit or in storage.
  • Brainscience shall not sell NY PII and shall limit its use and disclosure of NY PII in accordance with the DPA and any notice of practices relating to children's privacy.
  • Data Security and Privacy Plan
    • Brainscience will implement applicable data security and privacy requirements as specified in the DPA.
    • Brainscience shall implement, maintain, and use reasonable measures that are designed to ensure the security and confidentiality of NY PII as specified in the DPA.
    • A parent’s bill of rights is incorporated as part of this addendum and Brainscience shall comply in all material respects with its terms.
    • Brainscience shall train its officers and employees on applicable laws prior to granting access to Authorized User data as specified in the DPA.
    • Brainscience shall require that Sub-processors protect NY PII and manage breaches and unauthorized disclosure as specified in the DPA.
    • Brainscience shall manage data security and privacy incidents as specified in the DPA. Procedures for notification in the event of breaches and unauthorized disclosures shall be in accordance with the terms of the DPA.
    • Brainscience retention of NY PII shall be limited in accordance with the DPA.

Ohio

With respect to Education Records (as defined in Ohio Rev. Code § 3319.325(A)) that Brainscience processes on behalf of a Customer in Ohio, the following provisions shall apply to the extent required by applicable law:

  • Brainscience shall limit access and authorization to access to Educational Records it processes on behalf of Customer in accordance with the terms of the Agreement, the DPA, and any notice of children’s privacy practices.

Utah

With respect to Student Data (as defined in Utah Code Ann. § 53E-9-301(17)) that Brainscience processes on behalf of a Customer in Utah, the following provisions shall apply to the extent required by applicable law:

  • Brainscience shall limit its collection, use, storage, and sharing of Student Data to those purposes specified in the Agreement, DPA, and any notice of practices relating to children’s privacy, as applicable.
  • Processing of Student Data by Sub-processors shall be in accordance with the DPA and any notice of practices relating to children’s privacy, as applicable.
  • Brainscience’s retention of Student Data shall be limited in accordance with the terms of the Agreement, DPA, and any notice of practices relating to children’s privacy, as applicable.
  • Brainscience shall not use Student Data for purposes other than those specified in the Agreement and DPA and except as permitted by Utah Code Ann. § 53E-9-309(4) or as requested by the Customer.
  • Brainscience agrees that, at Customer’s request, Customer or Customer’s designee may conduct an audit of Brainscience, in accordance with this DPA, to verify compliance with the Agreement and DPA to the extent required by Utah Code Ann. § 53E-9-309.

Virginia

With respect to Student Personal Information (as defined in Va. Code Ann. § 22.1-289.01) that Brainscience processes on behalf of a Customer in Virginia, the following provisions shall apply to the extent required by applicable law:

  • The types of Student Personal Information for which Brainscience may act as a processor on behalf of Customer shall be specified in the DPA and any notice of practices relating to children's privacy, as applicable.
  • Privacy of Student Personal Information processed by Brainscience on behalf of Customer shall be subject to the DPA and any notice of practices relating to children's privacy, as applicable, and notification of material changes shall be in accordance with the DPA.
  • Brainscience shall maintain reasonable measures to ensure the security, privacy, confidentiality, and integrity of Student Personal Information as specified in the DPA.
  • Procedures for access to and the review and correction of Student Personal Information shall be in accordance with the DPA and any notice of practices relating to children's privacy, as applicable.
  • Brainscience shall not collect, maintain, use, or share Student Personal Information except for purposes specified in the Agreement, DPA, and/or any notice of practices relating to children's privacy, except with consent of the Customer or student's parent or legal guardian, as applicable.
  • Brainscience shall require that its Sub-processors of Student Personal Information on behalf of Customer comply with Brainscience's policies and security measures in accordance with the DPA.
  • Brainscience's retention of Student Personal Information shall be limited in accordance with the terms of the DPA and any notice of practices relating to children's privacy, as applicable.
  • Brainscience shall not use Student Personal Information to engage in targeted advertising to students.
  • Brainscience shall not use Student Personal Information to create a personal profile of a student, except for the purposes specified in the Agreement, DPA, and any notice of practices relating to children's privacy, as applicable.
  • Brainscience shall not knowingly sell Student Personal Information except to the extent that Brainscience is sold to or acquired by a successor entity that purchases, merges with, or otherwise acquires Brainscience.

Annex 1

Security Measures

As from the Effective Date, BrainScience will implement and maintain the Security Measures as set out in this Annex.

  • Organizational management and dedicated staff responsible for the development, implementation and maintenance of BrainScience's information security program.
  • Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to BrainScience's organization, monitoring and maintaining compliance with BrainScience's policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
  • Data security controls which include at a minimum: logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially reasonable encryption technologies for Personal Data.
  • Logical access controls designed to manage electronic access to data and system functionality, based on authority levels and job functions.
  • Password controls designed to manage and control password strength, expiration and usage.
  • System audit or event logging and related monitoring procedures to proactively record user access and system activity.
  • Physical and environmental security of data centers, server room facilities and other areas containing Personal Data designed to protect information assets from unauthorized physical access or damage.
  • Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from BrainScience's possession.
  • Change management procedures and tracking mechanisms designed to test, approve and monitor all material changes to BrainScience's technology and information assets.
  • Incident management procedures designed to allow BrainScience to investigate, respond to, mitigate and notify of events related to BrainScience's technology and information assets.
  • Network security controls that provide for the use of enterprise firewalls and intrusion detection systems designed to protect systems from intrusion and limit the scope of any successful attack.
  • Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
  • Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.

Notice of BrainScience's Practices
Relating to Children's Online Privacy

This Notice of BrainScience's Practices Relating to Children's Online Privacy ("Notice") describes how BrainScience ("BrainScience," "We," "Us," "Our") collects and protects Personal Information of users in the United States who are under the age of 13 and access Our Service through their Schools or through accounts purchased by Parents.

When Children use a School's implementation of Our Service, We may collect certain Personal Information as a processor on behalf of Our customers, the Schools (who act as the controllers of such information). Please note Our use and processing of this Personal Information as a processor is governed by Our agreements with the Schools. The Schools may have their own privacy policies that govern the Personal Information collected in connection with their use of Our Service, and the policies of the applicable School govern how they process and share Personal Information relating to the Service, including with respect to any rights users may have to such Personal Information. If We receive any requests to exercise such rights with respect to Personal Information for which We act as a processor, We are not able to directly accommodate such requests and will forward such requests to the applicable School (or otherwise follow the procedure We have agreed upon with the applicable School).

When Children use the Service through accounts purchased by Parents, we act as a controller of Personal Information collected or processed by the Service. Please review this notice for information about how we collect, use, and otherwise process Personal Information, including how Parents can request access to or deletion of their Child's Personal Information.

Definitions

Capitalized words have special meaning in this Notice and are defined below.

"Child," "Children" means a user or users of the Service in the United States who are under the age of 13.

"Child Account" means the user account, made available through an Educator or Parent, through which a Child has access to and uses the Service.

"Educator," "Educators" means an individual, or individuals, authorized to act on behalf of the School contracting with BrainScience for use of the Service.

"Parent" means a legal guardian of a Child.

"Personal Information" means information about a Child that can reasonably be used alone or in combination with other reasonably available information, to identify, locate, or contact a specific Child.

"Service" means the educational software Service, websites, web applications, and any other online interactive features or services that collect Personal Information from Children provided to Schools and Parents under BrainScience's Platform Subscription Agreement.

"School" means a school, district, or other educational institution that has contracted with BrainScience for use of the Service.

Child Access and Use of the Service

A Child may only use the Service with the prior consent of a Parent or School acting on behalf of the Child's Parent in connection with legitimate educational purposes. A Parent's or School's consent is required for the collection, use, and disclosure of Personal Information from or about Children, and BrainScience will not collect, use or disclose any such Personal Information without such consent. The School may consent to the collection, use and disclosure of Personal Information from Children by entering into an agreement to use the Service.

Child Users cannot access or use the Service without first being added by their School or by their Parent. Child Users access the Service using unique pictorial access codes.

If We learn that a Child's Personal Information has been collected through the Service without the appropriate consent of the Child's School or Parent, as relevant, we will take appropriate steps to delete this information. If you are a Parent and discover that your Child has a registered account with the Service without your consent, please contact your Child's School to request that We delete that Child's Personal Information from Our systems.

Personal Information We Collect

Information provided through use of the Service

BrainScience collects personal information about or from a Child in connection with visits to and use of the Service. The personal information we collect includes the information listed below:

A School or Parent creating a Child Account will provide the following information regarding a Child:

  • Child's name
  • Child's date of birth
  • Student email address and phone number
  • School enrollment information such as grade level and School ID

Once a Child Account is created, BrainScience will collect the following information directly from a Child through the Service:

  • Student work, progress data, and assessment results generated when using the Service

BrainScience only collects information from a Child that is reasonably necessary for the Child to use the Service for educational purposes.

Information collected automatically

  • Usage information. We and/or Our service providers may automatically collect certain "Usage Information" whenever users, including Children, access and use the Service. For example, We may collect information regarding how often a user accesses certain features. Usage Information may include the browser and operating system a user is using, all of the areas within Our Service that users visit, and the time of day they used the Service, among other information. We may use Usage Information for a variety of purposes, including to select appropriate content to display to users and to enhance or otherwise improve the Service.
  • Device information. We and/or Our service providers may collect IP addresses or other unique identifiers ("Device Identifiers") for any computer, mobile phone or any other device (each, a "Device") used to access the Service, including by Children. A Device Identifier is a number that is automatically assigned to the Device used to access the Service, and Our servers identify each individual's Device by its Device Identifier. Some mobile service providers may also provide Us or Our third-party service providers with information regarding the physical location of the Device used to access the Service, internet service provider (ISP), date and time of a user's visit, browser language, browser type, referring and exit pages and URLs, amount of time spent on particular pages, which parts of the Service they use, which links users click, search terms, operating system, traffic and related statistics, keywords, and/or other general browsing or Usage Information. The Service may also access files, including metadata, stored on a Device if a user chooses to send or provide access to Us.
  • Information collected via cookies and other tracking technologies. We and/or Our service providers may use "cookies" (a small file sent to your computer by a website or device to allow the website or app to store information which uniquely identifies you) or other similar technology to collect data in order to assist Our users, including Children, and provide them with a more personal experience, to allow for the technical operation of the Service, to enhance the performance and functionality of the Service, and for analytics purposes. Users can disable cookies at their browser or device's settings, but in that case some (or all) of the features and functionality of the Service may not be available. We do not use cookies or any other tracking technologies to direct advertisements to Children.

How We Use Personal Information

BrainScience uses Children's Personal Information for purposes authorized by their School or Parent, as described below:

  • Service delivery. We may use a Child's Personal Information to:
    • Provide the Service to the Child;
    • Personalize the Service experience; and
    • Provide support for the Service.
  • Compliance and protection. We may use a Child's Personal Information to:
    • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
    • Protect our, your, the Child's, or others' rights, privacy, safety or property (including by making and defending legal claims) and audit Our internal processes for compliance with legal and contractual requirements or Our internal policies;
    • Enforce the terms and conditions that govern the Service; and
    • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
  • Research and development. We may use a Child's Personal Information for research and development purposes, including to analyze and improve the Service and Our business.
  • To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from a Child's Personal Information. We make Personal Information into anonymous, aggregated or de-identified data by removing or obscuring information that makes the data contained therein personally identifiable to the Child. We may use this anonymous, aggregated or de-identified data and share it with third parties for Our lawful business purposes, including to analyze and improve the Service.
  • With consent. We may ask for consent from the School or the Parent to collect, use, or share a Child's Personal Information for purposes not identified here.

We do not use Children's personal information for marketing or advertising purposes.

How We Share Personal Information

We may share a Child's Personal Information with the following parties or as otherwise agreed to by the School or Parent:

  • With Schools and Educators. We may share Personal Information of a Child with the Child's School and Educators of the Child's School, subject to the agreement between BrainScience and the relevant School. We do not control, and are not responsible for, Educators' handling of the Personal Information of Children. As noted above, if you are a Parent and have questions with respect to Personal Information that We process, please direct these questions to your Child's School.
  • With service providers. We may share Personal Information with Third parties that provide services on Our behalf or help Us operate the Service or Our business (such as hosting, information technology, customer support, and email delivery providers). The following service providers may collect or maintain personal information from a Child through the Service:
  • Professional advisors. We may share Personal Information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  • Authorities and others. We may share Personal Information with law enforcement, government authorities, and private parties, as We believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
  • Business transferees. We may share Personal Information with acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, BrainScience (including, in connection with a bankruptcy or similar proceedings).

Note regarding third-party content, links to other sites, and BrainScience content found outside of the Service. Certain content provided through the Service may be hosted and served by third parties. In addition, the Service may link to third-party websites or content over which BrainScience has no control and which are governed by the privacy policies and business practices of those third parties. Please note that BrainScience content may be included on web pages and websites that are not associated with Us and over which we have no control. These third parties may independently collect data. BrainScience is not responsible or liable for the privacy practices or business practices of any third party.

What Personal Information is visible to others using the Service?

No Child's Personal Information is made available or visible generally to the public through use of the Service. School officials (such as educators) may view a Child's information through their connected account. Children using the Service cannot view each other's Personal Information.

How Schools and Parents Can Access and Manage Personal Information of Children

School-issued Student Account: The collection, maintenance and use of any Personal Information in Our Service is controlled by the School that contracts with BrainScience for use of the Service. Schools can review, manage, or delete a Child's information by contacting Us at CustomerCare@brainscience.works.

If you are a Parent and have questions regarding your Child's Personal Information in connection with the use of our Service, please contact your Child's School for support, including any questions regarding your rights to review, delete, and refuse to allow further collection of your Child's Personal Information. Because Child Accounts are authorized and provided by your Child's School, you must contact their School to opt-out of sharing such Personal Information. BrainScience cannot delete, change, or divulge any Child's Personal Information from the Service unless authorized by your Child's School.

Parent-issued Student Account: A Parent can manage a Child's personal information through the platform. To delete a Child's personal information, a Parent can contact us at CustomerCare@brainscience.works.

Retention

BrainScience will delete Personal Information within a reasonable amount of time after the termination or expiration of the agreement between BrainScience and the Child's School in accordance with the terms agreed to by the School or the agreement between BrainScience and the Parent in instances where a Parent purchases the Service.

Security

We maintain reasonable measures that are designed to preserve the confidentiality and availability of Personal Information processed by BrainScience in accordance with the terms agreed to by the Child's School or Parent.

Changes to this Notice

We reserve the right to modify this Notice at any time. If We make material changes to this Notice, We will notify you by updating the date of this Notice and posting it on Our website or other appropriate means. Any modifications to this Notice will be effective upon Our posting the modified version (or as otherwise indicated at the time of posting). In all cases, a Child's use of the Service after the effective date of any modified Notice indicates acceptance of the modified Notice.

Contact Us

If you have any questions or concerns regarding this Notice, please contact Us at CustomerCare@brainscience.works.