Skip to Content

HonestIQ Data Processing Addendum (DPA)

Effective Date:  06/14/2025

Parties: This Data Processing Addendum (“DPA”) forms part of the Agreement between:

  • Institution/Customer (“Controller”)
  • HonestIQ, LLC (“Processor”)

By entering into the Agreement, the Controller and Processor agree to the terms of this DPA without the need for additional signatures.


1. Purpose

This DPA governs HonestIQ’s processing of personal data on behalf of the Controller to provide academic integrity, analytics, and related platform services.


2. Definitions

  • “Personal Data”: Any information relating to an identified or identifiable individual, including students, instructors, or administrators.
  • “Processing”: Any operation performed on Personal Data, such as collection, storage, analysis, or deletion.
  • “Controller”: The Institution or Customer that determines the purposes and means of processing.
  • “Processor”: HonestIQ, which processes Personal Data on behalf of the Controller.
  • “Sub-processor”: Any third party engaged by HonestIQ to process Personal Data.


3. Roles & Responsibilities

  • Controller: Responsible for ensuring that the collection and use of Personal Data complies with applicable laws.
  • Processor (HonestIQ): Processes Personal Data only in accordance with documented instructions from the Controller and solely for the purpose of providing platform services.


4. Data Processing Scope

HonestIQ processes Personal Data to:

  • Enable student, instructor, and administrator access to the platform.
  • Provide AI-based academic integrity analysis and reporting.
  • Support appeals and dispute resolution workflows.
  • Generate analytics on performance, course effectiveness, and outcomes.
  • Maintain platform security, auditing, and fraud prevention.


5. Confidentiality & Security

  • HonestIQ implements appropriate technical and organizational measures (encryption, access controls, monitoring, backups) to protect Personal Data.
  • Employees and contractors with access to Personal Data are subject to confidentiality obligations.


6. Sub-processing

  • HonestIQ may engage Sub-processors (e.g., hosting, analytics, LMS integrations).
  • HonestIQ will maintain a list of approved Sub-processors, available upon request.
  • Controller will be notified in advance of any material changes to Sub-processors.


7. International Transfers

  • If Personal Data is transferred outside the jurisdiction of the Controller (e.g., EU to U.S.), HonestIQ will implement safeguards such as Standard Contractual Clauses (SCCs) or equivalent lawful mechanisms.


8. Data Subject Rights

HonestIQ will assist the Controller in fulfilling requests by data subjects (students, instructors, admins) to:

  • Access, correct, or delete their data.
  • Restrict or object to processing.
  • Request data portability.


9. Data Retention & Deletion

  • HonestIQ retains Personal Data only for as long as necessary to provide services.
  • Upon termination of the Agreement, Personal Data will be securely deleted or returned, unless retention is required by law.


10. Incident Notification

  • In the event of a Personal Data Breach, HonestIQ will notify the Controller without undue delay.
  • Notifications will include details of the breach, potential impact, and mitigation steps.


11. Audit & Compliance

  • HonestIQ will provide relevant documentation and audit reports (e.g., SOC 2, ISO certifications, if applicable).
  • Controller may request audits or inspections, subject to reasonable notice and confidentiality obligations.


12. Governing Law

This DPA is governed by the same law and jurisdiction as the main Agreement between HonestIQ and the Controller.


13. Acceptance of Terms

This DPA is automatically incorporated into and forms part of the Agreement between HonestIQ and the Controller. By using HonestIQ services, the Controller acknowledges and agrees to be bound by the terms of this DPA.