Version 1.0 · 21 June 2026
This Addendum governs Campus OS's processing of personal data on behalf of the Customer for the term of the underlying Subscription Agreement and any post-termination retention window.
Processing is necessary to operate the campus management platform: identity and access management, attendance, fees, learning, parent engagement, dashboards, audit and notifications.
Administrators, teachers, students (including minors), parents and guardians.
The Customer is the Controller; Campus OS is the Processor. Where Campus OS independently determines the means of processing for security, fraud prevention or aggregate analytics, it acts as a Controller for those limited purposes.
The Customer authorises the sub-processors listed below. Campus OS will notify the Customer of any addition or replacement at least 30 days in advance.
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase (Lovable Cloud) | Managed Postgres, authentication, storage, edge runtime | EU / US / APAC (selectable) |
| Cloudflare | DNS, WAF, CDN, Workers runtime | Global edge |
| Resend | Transactional email | EU / US |
| WhatsApp Business (Meta) | Optional WhatsApp notifications, where enabled by institution | Global |
Where personal data is transferred outside the UK, EEA, India or other jurisdictions with adequacy or restricted-transfer rules, transfers are protected by the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, DPDP Rules transfer mechanisms, or equivalent safeguards.
Campus OS will provide the Customer with documentation reasonably necessary to demonstrate compliance, and permits audits on reasonable notice not more than once per year.
Liability under this Addendum is governed by the limitation of liability in the Subscription Agreement.
Institutions on a paid plan may request a counter-signed copy at legal@campusos.app.