This Data Privacy Agreement (DPA) establishes the terms under which Findmino (operated by Likemymind America Inc) will collect, use, maintain, and protect student data. This DPA must be signed by both parties before the school account is activated.
1. Definitions
"Student Data" means personally identifiable information (PII) from student education records, including but not limited to: name, email address, date of birth, school affiliation, academic interests, career assessment results, and usage data.
"De-Identified Data" means data from which all personally identifiable information has been removed or obscured so that remaining information does not reasonably identify an individual.
"Authorized Users" means students, teachers, counselors, and administrators authorized by the School to access the Service.
2. FERPA Compliance
Findmino acknowledges that Student Data may include education records subject to the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g. Findmino agrees to:
Act as a "school official" with a "legitimate educational interest" under FERPA
Use Student Data solely for the purposes specified in this Agreement and the Service Agreement
Not re-disclose Student Data to third parties without prior written consent from the School, except as required by law
Not use Student Data for any commercial purpose unrelated to the contracted services, including targeted advertising
3. COPPA & PIPEDA Compliance
Findmino complies with the Children's Online Privacy Protection Act (COPPA) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), including Quebec's Bill 25. When the School creates student accounts:
The School provides consent on behalf of parents for the collection of student data for educational purposes, acting as a FERPA-authorized "school official"
Findmino collects only the minimum data necessary to provide the Service
Findmino does not condition participation on disclosure of more information than is reasonably necessary
Students under 13 (or under 14 in Quebec) may only access the Service through school-managed accounts with appropriate institutional consent
Canadian schools must ensure compliance with applicable provincial privacy legislation, including PIPEDA and, where applicable, Quebec's Act respecting the protection of personal information in the private sector
Single Sign-On (SSO) & Age Verification
When students access the Service through institutional SSO providers (ClassLink, Clever, Google Classroom), the individual age verification gate is bypassed. The following safeguards apply:
The School's signed DPA serves as the legal basis for consent under COPPA
Student identity is pre-verified through the School's Student Information System (SIS)
The SSO provider confirms the student's enrollment status and role
Findmino receives only the minimum necessary profile data from the SSO provider (name, email, role, grade level)
Access is automatically revoked when students are removed from the school's roster
4. Data Collection and Use
4.1 Data Collected
Student name, email address, and class assignment (provided by School)
Career interest assessment results (RIASEC personality matching)
College and scholarship preferences
Portfolio content created by students
Usage data and analytics
4.2 Prohibited Uses
Selling Student Data to any third party
Using Student Data for targeted advertising
Creating student profiles for purposes unrelated to the educational services
Mining Student Data for commercial purposes beyond the contracted services
5. Data Security
Findmino implements and maintains reasonable safeguards to protect Student Data, including:
Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Access controls limiting data access to authorized personnel
Regular security assessments and vulnerability scanning
Secure cloud infrastructure (MongoDB Atlas with SOC 2 Type II compliance)
6. Data Breach Notification
In the event of an unauthorized disclosure or breach of Student Data, Findmino will notify the School within 72 hours of discovery, provide a description of the breach and data affected, and cooperate in any required notifications to affected individuals or regulatory bodies.
7. Data Retention and Deletion
Student Data is retained only for as long as necessary to provide the Service
Upon termination or written request, all Student Data will be deleted or returned within 60 days
De-identified, aggregate data may be retained for service improvement
The School may request data export at any time
8. Subprocessors
Service
Purpose
Compliance
MongoDB Atlas
Database hosting
SOC 2 Type II
Auth0 (Okta)
Authentication
SOC 2 Type II
Brevo
Email delivery
GDPR compliant
Google Gemini AI
AI career guidance
Data not retained
Sentry
Error monitoring
No student data
9. State-Specific Provisions
Findmino acknowledges that individual states may impose additional student data privacy requirements (e.g., California SOPIPA, New York Ed Law 2-d). Findmino agrees to comply with applicable state laws and negotiate supplemental terms as reasonably requested.
10. Data Governance
Privacy Contact: Rogier Rijnja — CEO & Data Privacy Officer, info@findmino.com
Data Localization: All Student Data is stored on US-based servers (MongoDB Atlas, AWS US regions). No Student Data is transferred outside the United States without prior written consent from the School.
AI Processing Transparency: Findmino uses AI (Google Gemini) to provide career guidance features. Student prompts are processed in real-time and are not retained by the AI provider for training. AI-generated responses are not stored as education records. Schools and students are informed when interacting with AI-powered features.
11. Right to Audit
The School may, upon 30 days' written notice:
Request a summary of Findmino's most recent security assessment or penetration test results
Request evidence of compliance with this DPA, including data handling procedures
Request a list of all subprocessors and their compliance certifications
Request confirmation that Student Data has been deleted or returned upon contract termination
Findmino will respond to audit requests within 30 business days. On-site audits may be accommodated at mutually agreed times and at the School's expense.
12. Parent and Student Access Rights
Parents or eligible students may request to inspect and review the student's education records held by Findmino through the School
Parents or eligible students may request correction or deletion of inaccurate Student Data
The School is the primary point of contact for parent requests. Findmino will cooperate with the School in fulfilling such requests within 30 days
Students may export their own career exploration data (portfolios, assessments) at any time through the platform
13. Governing Law and Dispute Resolution
This DPA shall be governed by the laws of the State of Washington, United States. Any disputes shall be resolved through good-faith negotiation. If unresolved within 60 days, disputes may be submitted to binding arbitration in accordance with the rules of the American Arbitration Association.
14. Term and Amendments
This DPA is effective for the duration of the Service Agreement. Either party may propose amendments with 30 days' written notice. Material changes to data practices will be communicated to the School in writing before implementation.
Download the DPA to print, sign, and return to info@findmino.com