1. Roles & definitions
This addendum supplements the agreement between Lumicura and the customer (the "agreement", see our terms of service) and governs the processing of personal data.
Controller. The customer — the school, district, diocese, or parent organization — decides why and how personal data is processed. The controller is responsible for the lawfulness of the data it provides.
Processor. Lumicura processes personal data only on the controller's behalf and on its documented instructions.
Personal data. Information relating to an identified or identifiable person that the controller uploads to, or generates within, the service.
Subprocessor. A third party engaged by Lumicura to process personal data — see our live list at /trust.
2. Subject matter, nature & purpose; duration
Subject matter. Lumicura provides software that helps a parent organization coordinate its community — directories, announcements, volunteer scheduling, and commitment-point tracking.
Nature & purpose. We host, store, organize, transmit, back up, and display personal data so the controller can run its parent organization. We also process limited personal data for automated content moderation (message safety screening), to generate cited answers from the controller's own documents, and to keep the service secure and reliable through operational telemetry. We do not sell personal data, share it with advertisers, or use it to train machine-learning models.
Duration. Processing continues for the term of the agreement, followed by the return-and-deletion window described in section 11.
3. Categories of data subjects & personal data
Data subjects. Parents and guardians, school and organization staff, committee and board members, and — minimally — the children who tie a family to the roster.
Personal data. Family contact information (names, email addresses, phone numbers, mailing addresses), a child's name and grade level, volunteer-hour and commitment records, messages sent through the service, and operational and diagnostic logs. Message content may be processed by an AI subprocessor for safety screening.
Explicitly out of scope. Lumicura does not process student academic grades, attendance, or health records. Those remain in the school's student information system, where they belong.
4. Processor obligations
- We process personal data only on the controller's documented instructions, including the agreement and this addendum, unless required to act otherwise by law (in which case we notify the controller first, where legally permitted).
- We ensure that personnel authorized to process personal data are bound by appropriate confidentiality obligations.
- We limit access to personal data to staff who need it to deliver and support the service.
- We assist the controller, where reasonable, in meeting its own obligations regarding security, breach notification, and data subject rights.
5. Security measures
We maintain technical and organizational measures appropriate to the risk. The full description lives on our security page; the headline controls are:
- TLS 1.2+ in transit and AES-256 at rest
- Azure SQL row-level security on every multi-tenant table, isolating each school's data
- US-only data residency on Microsoft Azure
- Automated backups with point-in-time restore
- An append-only audit log on every state-changing action
- Two-factor authentication required for top-level admins
6. Subprocessors
The controller authorizes Lumicura to engage the subprocessors listed at /trust, which is kept current and versioned. The list covers cloud infrastructure, transactional email and SMS, payment processing, AI content moderation and knowledge-base search, and operational telemetry. Before adding or replacing a subprocessor, we give super-admins at least 30 days' advance notice, during which the controller may object on reasonable, security-related grounds.
We impose data-protection obligations on each subprocessor that are no less protective than those in this addendum, and we remain responsible for their performance. Content sent to our AI subprocessor for moderation or knowledge-base search is not used to train models.
7. Data subject requests
Taking into account the nature of the processing, we assist the controller in responding to requests from individuals to exercise their rights — access, correction, deletion, and export. Tenant admins can perform most of these actions directly in the product; for anything else, the controller can reach us at privacy@lumicura.org.
If an individual contacts Lumicura directly about their data, we refer them to the relevant controller rather than acting on the request ourselves.
8. Personal data breach notification
If we become aware of a personal data breach affecting the controller's data, we notify the controller without undue delay and in any case within 72 hours — faster when feasible. Our notice includes the nature of the breach, the categories and approximate volume of data involved, the likely consequences, and the measures we have taken or propose to take.
9. International transfers
By default, Lumicura processes and stores personal data in the United States only. For district- or diocese-level customers with affiliated international schools, Standard Contractual Clauses (SCCs) are available to cover any cross-border transfer; contact security@lumicura.org to put them in place.
10. Audits & information
On request, and subject to reasonable confidentiality terms, we make available the information needed to demonstrate compliance with this addendum. In practice that means we provide our security policies, completed security questionnaires, and a redacted architecture diagram — typically within one business day. See the document set on our security page.
11. Return & deletion on termination
- On termination, the controller keeps 90 days of read-only access to retrieve its data.
- We provide a full export in machine-readable formats — JSON, CSV, and iCal.
- After the read-only window closes, we delete the controller's personal data from active systems, with backup expiry following our standard retention cycle.
- If Lumicura winds down operations, we commit to an open-source release of the application so customers are never stranded.
12. FERPA
Where FERPA applies, Lumicura acts as a "school official" with a "legitimate educational interest" — a tool the school uses to coordinate its parent community under the school's direct control. We are never the parent-facing system of record, and we use the limited data we hold only to provide the service to the school.
13. BAA availability
For organizations that prefer the stricter posture, a Business Associate Agreement (BAA) is available on District / Diocese plans. Contact security@lumicura.org to arrange one.
14. Contact
Questions about this addendum, or to request a pre-signed copy, email security@lumicura.org. For data subject and privacy matters, privacy@lumicura.org. Related documents: privacy policy, terms of service, and security & trust.