Data Use & Service Agreement

Parties

1. Purpose and Scope

The Operator provides access to the Application solely for administering the Organization's fundraiser raffle — ticket allocation tracking, participant management, draw result recording, and results communication (the "Authorized Purpose").

This Agreement governs all participant personally identifiable information (PII) that the Organization shares with, or that is created by the Organization's use of, the Application.

2. Ownership and Control of Participant Records

Organization Ownership. All participant records and PII remain the property of and under the control of the Organization at all times. The Operator acquires no ownership interest in any participant data.

Organization Access. The Organization retains the right to access, export, and review all participant records at any time upon reasonable notice.

No Unilateral Policy Changes. The Operator shall not modify its privacy policy or data handling practices in any manner that materially affects participant data without 30 days' advance written notice and the Organization's written consent.

3. Authorized Use of Participant Data

The Operator shall use participant PII solely for the Authorized Purpose. The Operator expressly agrees that it shall NOT:

• Sell, rent, trade, or transfer participant PII to any third party for commercial purposes
• Use participant PII for targeted advertising, behavioral profiling, or any commercial purpose
• Build behavioral or interest profiles of participants
• Disclose participant PII to any third party except as required by law, as directed by the Organization, or to infrastructure subprocessors (Section 7)

4. FERPA Acknowledgments

The Operator acknowledges that student data from covered Organizations constitutes "education records" under FERPA (20 U.S.C. § 1232g). The Operator agrees to function as a "school official" under 34 C.F.R. § 99.31(a)(1)(i)(B) with a legitimate educational interest limited to the Authorized Purpose, and will not re-disclose education records outside that purpose.

5. COPPA Acknowledgments

Where the Organization is a school, the school provides authorization for the Operator to collect participant information on behalf of parents and guardians, consistent with the school consent pathway in the FTC's COPPA Rule (16 C.F.R. Part 312).

Where the Organization is not a school, the Organization represents that it has obtained verifiable parental consent for any participant under 13.

The Operator shall not use any participant PII for any commercial purpose, including advertising or marketing.

6. California Student Privacy (SOPIPA / AB 1584)

The Operator agrees to comply with SOPIPA and, where applicable, that this Agreement satisfies the nine mandatory provisions of California Education Code § 49073.1 — including that pupil records remain the property of the Organization, the Organization retains access, data is not sold or rented, disclosure is limited to authorized purposes, security is maintained, data is deleted per Section 9, breach notice is given per Section 8, and data types are described in Exhibit A.

7. Subprocessors

The Operator uses one third-party infrastructure subprocessor:

The Operator will give 30 days' notice before adding new subprocessors that process participant data.

8. Security and Breach Notification

Security measures include: HTTPS (TLS), encryption at rest, bcrypt password hashing, time-limited single-use magic-link tokens, and role-based access controls.

Breach notification to Organization: within 48 hours of discovery of any suspected unauthorized access.

Breach notification to individuals: within 30 calendar days of confirmed breach, per California Civil Code § 1798.82 (SB 446).

9. Data Retention and Deletion

• Participant PII retained only as long as necessary for the Authorized Purpose.
• Deleted within 30 days of each raffle season end, or earlier upon Organization request.
• On termination: full data export provided within 10 days; all PII deleted within 30 days of export; written deletion confirmation provided.
• Deletion obligations extend to all backup and archival systems.

10. Term and Termination

Effective from first use until terminated. Either party may terminate on 30 days' written notice, or immediately for material breach (with 10-day cure period). Upon termination, the Operator's right to access participant data ceases immediately; deletion obligations survive.

11. Representations and Warranties

Organization represents:

• It has legal authority to share participant records with the Operator.
• It has obtained any required consents for sharing participant data.
• Its raffle activities comply with all applicable law, including California Penal Code § 320.5 if conducting a charitable raffle in California.

Operator represents:

• It does not and will not acquire any financial interest in raffle proceeds.
• Compensation consists solely of flat fees not contingent on raffle revenues.
• It will not operate or conduct any raffle draw; the Application is an administrative tool only.

12. Miscellaneous

Governed by the laws of California. Entire agreement between the parties on this subject matter. Amendments require written instrument signed by both parties. Severability applies.

Exhibit A — Data Description

Categories of participant data shared with the Operator:

NOT collected: Payment info, government IDs, SSNs, dates of birth, home addresses, phone numbers, health data, or disciplinary records.