Data Processing Addendum (Summary)

Roles and instructions

Institutions are controllers of institutional data. Seedili processes data only on documented instructions to deliver the service.

Data categories and purposes

• ✓Account and user profile information.
• ✓Learning interactions, submissions, and study sessions.
• ✓Operational logs required for reliability and security.

Security measures

• ✓Tenant isolation with row-level security.
• ✓Role-based access controls and audit-ready logging.
• ✓Encryption in transit and at rest via managed infrastructure.

Subprocessors

We use vetted subprocessors for hosting and managed infrastructure (including Supabase). Subprocessors are selected for security and compliance capabilities.

Retention and deletion

Institutions control retention policies. Data is deleted on request or upon contract termination, subject to legal obligations.

Assistance and audits

We support requests for data access, correction, and deletion, and provide documentation to assist with compliance reviews.