top of page

Data Processing Addendum

ACSI Accreditation Assistant — Olive & Rose LLC


Last updated and effective: June 12, 2026 (version 2026-06-12)


This Data Processing Addendum ("DPA") supplements the Terms of Use (https://www.oliveandrose.net/terms-of-use) between Olive & Rose LLC ("Olive & Rose," the "Processor") and the subscribing school (the "School," the "Controller") and governs the processing of School Data in the ACSI Accreditation Assistant (the "Service"). On data-processing and security topics, this DPA controls over the Terms of Use.

 

Note for schools migrating from the Olive & Rose consulting tool: this DPA covers the subscription web Service, in which the School uploads documents to infrastructure operated by Olive & Rose. It replaces, for the Service only, the earlier rendering-only Data Processing & Security Addendum used in consulting engagements, where School files never left the School's own accounts.

 

1. Roles

​

1.1 The School is the data controller and owns all School Data.


1.2 Olive & Rose is a data processor, processing School Data only on the School's documented instructions — which are: to provide the Service as described in Section 2, as configured by the School in the app. Olive & Rose will inform the School if, in its opinion, an instruction conflicts with applicable data-protection law.

​

2. Scope and purpose of processing

​

2.1 "School Data" means: (a) institutional documents the School uploads and text extracted from them; (b) the School's profile (school name, enrollment count, accreditation dates and type, primary contact name and email); (c) content generated for the School (analyses, draft self-assessments, reports); and (d) agreement and audit records.


2.2 Processing activities: secure storage; text extraction; automated screening for prohibited student data (Section 5); classification and organization against the ACSI Inspire blueprint; readiness auditing; AI-assisted draft generation; report rendering; export packaging; and transactional email delivery to School-designated recipients.


2.3 Prohibited data. The Service is not designed or permitted to process student personally identifiable information or FERPA-covered education records. The School agrees not to upload such data and to redact it beforehand (see the Data Responsibility Acknowledgement in the app). Section 5 describes the technical fail-safe.


2.4 Duration: for the life of the School's subscription plus the retention periods in Section 8.

​

​

3. Subprocessors

​

3.1 Olive & Rose engages the following subprocessors to operate the Service:

 

  • Google LLC (Google Cloud) — United States (us-central1). Hosting (Cloud Run), document storage (Cloud Storage), database (Firestore), job queue, and secrets management.

  • Anthropic, PBC — United States. AI model processing (analysis and draft generation) via the commercial API: no training on School Data, with limited-duration retention per Anthropic's commercial data-handling terms.

  • Pinecone Systems, Inc. — United States. Vector search over ACSI-framework reference content; queries may contain short excerpts derived from School documents; School documents are not stored in Pinecone.

  • Wix.com Ltd. — per Wix's terms. Member identity, authentication, subscription billing, and (at checkout) acceptance records.

  • Resend (Plus Five Five, Inc.) — United States. Transactional email delivery.

​


3.2 Olive & Rose will give the School reasonable advance notice before adding or replacing a subprocessor that processes School Data, allowing the School to object on reasonable data-protection grounds. Olive & Rose remains responsible for its subprocessors' performance of this DPA's obligations and for its own configuration and operation of their services; it is not liable for breaches of a subprocessor's underlying infrastructure, which are governed by that provider's own terms.

​

4. Security measures (Schedule)

​

Olive & Rose maintains the following measures for the Service:


•    Encryption in transit: all connections over HTTPS/TLS, including to all subprocessors.
•    Encryption at rest: all stored School Data encrypted at rest (Google Cloud default encryption).
•    Tenant isolation: every piece of School Data is keyed to a school identifier derived only from a verified session; all storage access is school-scoped; cross-tenant access is denied and isolation is covered by automated tests run on every release.
•    Authentication: Wix Members login (with Wix's password and account protections), exchanged for short-lived, signed, HttpOnly, secure session cookies; single-use sign-in tokens with replay rejection; rotating refresh tokens.
•    Secrets: all keys and credentials in a managed secrets service; never in source code; access restricted to the Service's service account; version-pinned.
•    Least privilege: the Service runs under a dedicated service account holding only the roles it needs.
•    Content-free logging: operational logs record which school performed which action and outcome — never document contents; quarantine events are logged without the matched text.
•    Student-data fail-safe: automated pre-processing screening with quarantine (Section 5).
•    Upload controls: file-type and size restrictions; executable and macro-enabled files rejected; malware scanning (as rolled out in the upload release).
•    Abuse controls: request-size limits and rate limiting.
•    Data residency: Service infrastructure runs in a United States region.

​

5. Student-data fail-safe (quarantine)

​

5.1 Every uploaded file is screened locally, before any content is sent to any AI subprocessor. Files that appear to contain student personal information (e.g., rosters, gradebooks, identifier patterns, name-grade pairings) are quarantined: they are not classified, not analyzed, not sent to Anthropic or Pinecone, and are visible to the School only as a quarantine notice describing the category of concern (never the matched text).


5.2 Quarantined files are deleted automatically within 30 days. The School's remedy is to redact and re-upload.


5.3 The screen is deliberately tuned toward over-blocking. It is a fail-safe, not a license: the School's obligation not to upload student data (Section 2.3) is unaffected.

​

6. Breach notification

​

If Olive & Rose becomes aware of a personal-data breach affecting School Data, it will notify the School without undue delay — and in any event within 72 hours of becoming aware — with the information reasonably available to support the School's own legal obligations, and will cooperate with the School's reasonable investigation and remediation efforts.

​

7. Controller responsibilities

​

The School is responsible for: (a) the lawfulness of the content it uploads, including any required consents; (b) redacting student personal information before upload, including compliance with FERPA and state student-privacy laws where applicable to the School; (c) securing its own member accounts and devices; (d) designating and managing which staff have access; and (e) reviewing and approving all AI-drafted content before any use in an accreditation submission.

​

8. Return and deletion of School Data

​

8.1 Self-service export: the Service provides a complete export (organized documents plus reports) the School can download at any time while subscribed.


8.2 Pause: while a subscription is paused, School Data is retained in full and Service functions are locked.


8.3 Termination or lapse: School Data is retained for a 90-day grace period (for resubscription or export on request), then deleted from the Service's systems. Backup copies expire on the backup provider's normal cycle thereafter.


8.4 On request: the School may request earlier deletion at john@oliveandrose.net; verified requests are honored within 30 days, subject to minimal records Olive & Rose must keep by law (e.g., billing and agreement records).


8.5 Subprocessor retention: content sent to Anthropic is subject to Anthropic's commercial limited-duration retention and is not used for model training.

​

9. Assistance and information

​

Taking into account the nature of the processing, Olive & Rose will provide reasonable assistance with the School's obligations regarding data-subject requests, security, and breach notification, and will make available information reasonably necessary to demonstrate compliance with this DPA. Olive & Rose's personnel access School Data only as needed to operate and support the Service and are bound by confidentiality.

​

10. Liability

​

Liability under this DPA is subject to the limitations and cap in the Terms of Use. Olive & Rose's responsibility extends to its own operation and configuration of the Service and its obligations in this DPA; it does not extend to (a) breaches or failures of a subprocessor's underlying infrastructure, or (b) consequences of the School uploading data prohibited by Section 2.3.

​

11. General

​

11.1 This DPA takes effect when the School accepts it (at checkout or in the app) and remains in force for the duration of processing.


11.2 If a provision of this DPA is held invalid, the remainder stays in effect. This DPA is governed by the laws of the State of Arizona, without regard to conflict-of-laws principles.


Questions: john@oliveandrose.net · Olive & Rose LLC, Phoenix, AZ, USA

bottom of page