Common use of Subscribing LEA Clause in Contracts

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “"F” " DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“"Edspex”") works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“"Cybersecurity Frameworks”") that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) □ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 □ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 □ International Standards Organization (ISO) Information technology — - Security techniques — - Information security management systems (ISO 27000 series) □ Secure Controls Framework Council, LLC Security Controls Framework (SCF) □ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) □ Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “"G”", Supplemental SDPC State Terms for Texas (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD Coppell lSD ] (the “"Local Education Agency” " or “"LEA”") and [ [ARTSONIA ] (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ iDismiss, LLC ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Narragansett School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: (School District Name): BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:Massachusetts

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East the [ NORTHSIDE ISD ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST NORTHSIDE ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy TermsTerms . The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ Harvard Community ] and the [Provider]Provider . **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: _ Printed Name: Title/PositionTitle/ Posit ion: _ SCHOOL DISTRICT NAMENAM E: _ DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “"F” " DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“" Edspex”" ) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principlesprinciples * (“"Cybersecurity Frameworks”") that may be utilized utilize d by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) □ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 □ National Institute of Standards and Technology (NIST) Techno logy NIST SP 800-53, Cybersecurity Cyber security Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International □ Int ernational Standards Organization (ISO) Information technology — - Security techniques — Information - Inform at ion security management systems (ISO 27000 seriesserie s) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) □ Office of the Under Secretary of Defense for Acquisition Acquisiti on and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMCCM MC , ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx htt p:// www.eds pex.orq for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC State Terms for Texas Illinois Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] Harvard Community Unit School District 50 (the “"Local Education Agency” " or “"LEA”" ) and [ ] Nearpod Inc. (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the South Holland School District 150 and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “South Holland School District 150(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) ✔ Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) ✔ Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD Deer Park Independent School District ] (the “Local Education Agency” or “LEA”) and [ DreamBox Learning Inc ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Union Ridge School District 86 and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “Union Ridge School District 86(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Cambridge Public Schools and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5PROVIDER. ** Subscribing LEA: (School District Name): BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 x International Standards Organization (ISO) Organization** Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This **Please see the following Attachment to Exhibit “G”F” for an explanation of Provider’s current practices. Attachment to Exhibit “F” Provider is actively working towards certification with ISO 27001 because Provider takes data privacy and security seriously. In the meantime, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with Provider has detailed below the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as security standards it currently follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Lodi Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Lodi Unified School District, located at 0000 X Xxxx Xx Xxxx Xx 00000 Xxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Clickteam, located at PO Box 965 Fairview, OR 97230 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” – Supplemental SDPC State Terms for Texas Illinois Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] ����� ������ �������� ��� (the “Local Education Agency” or “LEA”) and [ ] Everyday Speech LLC (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Palmdale SD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Palmdale SD, located at 00000 00xx Xx Xxxx Xxxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Thinking Maps Inc, located at 000 Xxxxxxx Xxxxxx Xxxx Xxxx, XX 00000 Xxxxxx Xxxxxx (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 [ School or LEA ] This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] Artsonia LLC (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Bunker Hill CUSD #8 and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “Bunker Hill CUSD #8(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD [North East Independen] (the “Local Education Agency” or “LEA”) and [ Brisk Labs Corp ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 09-06-2023 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ SCUTA ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ MIND Education ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Xxxx Xxxx School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 12/06/2023 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) ✔ Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here STANDARD STUDENT DATA PRIVACY AGREEMENT (NDPA Standard Version 1.0/Vendor Modified etc.) EXHIBIT “G” Supplemental SDPC State Terms for Texas Arkansas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously I Service providers must comply with the attached Arkansas Act 754 of 2023 Student Data Privacy Agreement (Vendor Security Act. Service providers must comply with Arkansas Act 1196 of 2015 Student Online Personal Information Protection Act. EXHIBIT “DPA”) by H” Additional Terms or Modifications Version XXX and between [ NORTH EAST ISD ] (Provider agree to the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA) as follows:. If there are no additional or modified terms, this field should read “None.”

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Infobase Holdings, Inc ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Xxxxxxx School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 02/01/2024 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here STANDARD STUDENT DATA PRIVACY AGREEMENT (NDPA Standard Version 1.0/Vendor Modified etc.) EXHIBIT “G” Supplemental SDPC State Terms for Texas Arkansas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously I Service providers must comply with the attached Arkansas Act 754 of 2023 Student Data Privacy Agreement (Vendor Security Act. Service providers must comply with Arkansas Act 1196 of 2015 Student Online Personal Information Protection Act. EXHIBIT “DPA”) by H” Additional Terms or Modifications Version XXX and between [ NORTH EAST ISD ] (Provider agree to the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA) as follows:. If there are no additional or modified terms, this field should read “None.”

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] _Lincoln Community H_ igh _School District 404 (the “"Local Education Agency” or “"LEA”") and [ ] _ Fluency Matters (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Encyclopaedia ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the McleanCountyUnit5 SchoolDistric and the [Provider]. Clever **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] McleanCountyUnit5 SchoolDistrict " (the “"Local Education Agency” or “Inc. "LEA”") and [ ] _ Clever (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ I Providence Hall Charter Schoo]l and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Xxxxxxxx Xxxxxxx Date: 10/16/23 Printed Name: Xxxxxxxx Xxxxxxx Title/Position: IT Manager SCHOOL DISTRICT NAME: Providence Hall Charter School DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: Xxxxxxxx Xxxxxxx IT Manager 0000 X Xxxxxxx Xxxxx Xxxxx, Xxxxxxxx Xxxx 84096 8017278260 xxxxxxxx@xxxxxxxxxxxxxx.xxx EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 X International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”H” in this proposed structure). EXHIBIT “H” Additional Terms or Modifications Version USBE 3rd Party Evaluator XXX and Provider agree to the following additional terms and modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA. If there are no additional or modified terms, Supplemental SDPC this field should read “None.” The Early Intervention Software Program (EISP), established by the Utah State Terms Legislature and administered by the Utah State Board of Education (USBE), provides Utah’s Local Education Agencies (LEAs) with the opportunity to select adaptive computer-based literacy software programs. The goal of this program is to increase literacy outcomes for Texas kindergarten through grade 3 students. In an effort to support the EISP, the provider agrees to perform the requirements of this exhibit for applicable grade K-3 student users of Lexia Core5, that are placed and confirmed by the purchasing LEA as orders funded through the EISP. For the avoidance of doubt, the terms of this Exhibit H shall only apply only to orders of the Lexia Core5 product licenses that the LEA confirms to Provider in writing to be orders utilizing the funding available under the EISP. As part of the EISP, and as more fully described below, certain data relating to use by students in select grades of designated provider Lexia Core5 products for all LEAs and orders funded through the EISP is to be provided by the provider to a third-party evaluator determined and engaged by USBE (the “Supplemental State TermsEISP Evaluator”), effective simultaneously with and Provider is hereby authorized and instructed by the attached Student Data Privacy Agreement USBE and LEA to deliver applicable data to the designated EISP Evaluator according to the schedule and secure file transfer process as determined and/or authorized by the USBE for EISP Evaluator and Provider, and to perform the actions, under and as provided in this Exhibit H. Provider and XXX acknowledge and agree that USBE will have sole authority and discretion as to the selection and designation of the EISP Evaluator and the terms and obligations applicable to Provider under this Exhibit H, and USBE may change the EISP Evaluator, change or terminate Provider’s data sharing and other commitments hereunder, or otherwise modify provider’s obligations under the EISP Program and/or this Exhibit H, at any time upon prior written notice to and subject to the mutual agreement of the Provider. Provider and XXX further acknowledge and agree that, notwithstanding the Provider actions and commitments hereunder, (“DPA”i) the ultimate responsibility for the determination of which subscriptions and student user information is subject to EISP program funding and the associated program reporting is always the responsibility of the purchasing LEA (and not Provider); and (ii) without limiting (i) above, the default assumption that USBE and the LEA intends Provider to operate under is that any and all K-3 Lexia Core5 subscriptions purchased by any LEA (and/or any Utah district and/or school, including Utah private and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”charter schools), is incorporated whether rostered or managed manually or via Clever or other third-party integration system utilized by the LEA or school and supported by Provider, are to be presumed by Provider to be in-scope as EISP Program funded and subject to EISP program reporting to the EISP Evaluator under the reporting parameters, unless and until the purchasing LEA or other purchasing entity (or the USBE or its EISP Evaluator) affirmatively conveys otherwise to Provider in writing. Unless otherwise instructed by USBE and/or EISP Evaluator agreed by Provider in writing, prior to the date at the end of each school year determined and agreed by the EISP Evaluator and Provider that Provider actually shares the EISP program reporting data to the EISP Evaluator, Provider will send a written notification to all identified account administrators in Provider’s systems for all LEAs and/or other Utah school and district entities that purchased the software during the then-current year, informing them that, unless Provider receives written instructions from the applicable purchasing LEA or school or district account administrator within a prescribed period, Provider will include and share information in reporting to the EISP Evaluator of Core5 student users in grades (K-3) for which Provider has SSID information, together with all applicable in-scope EISP program reporting data from other LEAs, according to the same schedule and process and data format as determined and agreed by the USBE and/or the EISP Evaluator, and Provider, for all such data transfers. Provider’s obligations under this Exhibit H shall continue during the term of all applicable LEA subscription orders subject to this Exhibit H, and until the earlier of written notification by the USBE and/or the EISP Evaluator to Provider of termination of the EISP program or of Provider’s obligations under this Exhibit H. For clarity, in the attached DPA event of any conflict or inconsistency between Provider’s terms with, instructions or authorizations received from, the LEA and/or any school, and amends those herein or received by Provider from the DPA (USBE or the EISP Evaluator, with respect to this DPA, Exhibit H or the subject matter hereof, XXX and all supplemental terms Provider agree that any terms, authorizations and/or instructions received by Provider from the EISP Evaluator and/or the USBE shall control. Provider is authorized and conditions instructed by the USBE and policies applicable XXX to comply with instructions as may be communicated directly to the DPA) as followsProvider by the designated EISP Evaluator from time to time. Current external data standards that Provider will support include, but are not limited to:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Clovis USD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Clovis USD, located at 0000 Xxxxxxx Xxxxxx Clovis, CA 93611(the “Local Education Agency” or “LEA”) and [ ] ChatterHigh Communications US Inc., located at ChatterHigh Communications US Inc. 000 X Xxxxxxxx Xx Xxxxxxxxxxx, XX 00000-0000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: Lafayette District Schools, Mayo, Florida BY: Date: Printed Name: Xxxx Xxxxxx Title/Position: Network Manager Standard Data Privacy Agreement between Lafayette District Page | 18 of 25 Schools, Mayo, Florida and KNOWLEDGE PILLARS EDUCATION INC . SCHOOL DISTRICT NAME: LAFAYETTE DISTRICT SCHOOLS, MAYO, FLORIDA DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Xxxx Xxxxxx Network Administrator Address: 000 XX Xxxxxx Xxxxx Xxxx, XX 00000 Telephone Number: 000-000-0000 Standard Data Privacy Agreement between Lafayette District Schools, Mayo, Florida and KNOWLEDGE PILLARS EDUCATION INC . Email: xxxxxxx@xxxxxxxx.xxx Page | 19 of 25 EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. Standard Data Privacy Agreement between Lafayette District Schools, Mayo, Florida and KNOWLEDGE PILLARS EDUCATION INC . *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Page | 20 of 25 EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This Standard Data Privacy Agreement between Lafayette District Schools, Mayo, Florida and KNOWLEDGE PILLARS EDUCATION INC . [The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”, Supplemental SDPC State H” in this proposed structure).] Page | 21 of 25 EXHIBIT “H” Additional Terms for Texas (or Modifications THIS EXHIBIT “Supplemental State Terms”), H” effective simultaneously with the attached Student Data Date Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] Lafayette District Schools, Mayo, Florida, (the “Local Education Agency” or “LEA”) and [ ] KNOWLEDGE PILLARS EDUCATION INC , (the “Provider”), ) is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: The School Board of Hamilton County, Florida BY: Date: Printed Name: Xxxxx Xxxxxxx Title/Position: Director of Teaching & Learning Services Standard Data Privacy Agreement between Xxxxxxxx District P a g e | 18 Schools, Jasper, Florida and Edmentum, Inc. . 2 3 . 0 1 . 1 2 SCHOOL DISTRICT NAME: THE SCHOOL BOARD OF HAMILTON COUNTY, FLORIDA DESIGNATED REPRESENTATIVE OF LEA: Name: Xxxxx Xxxxxxx Title: Director of Teaching & Learning Services Address: 0000 Xxxxxxx 000 X, Xxxxx 0, Xxxxxx, Xx 00000 Telephone Number: (000) 000-0000 Email: xxxxx.xxxxxxx@xxxxxxxxxx.xxx Standard Data Privacy Agreement between Xxxxxxxx District Schools, Jasper, Florida and Edmentum, Inc. . P a g e | 19 EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔☐ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ☐ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-800- 171 ☐ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) ☐ Secure Controls Framework Council, LLC Security Controls Framework (SCF) ☐ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) ☐ Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Standard Data Privacy Agreement between Xxxxxxxx District Schools, Jasper, Florida and Edmentum, Inc. . P a g e | 20 EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”H” in this proposed structure).] Standard Data Privacy Agreement between Xxxxxxxx District Schools, Supplemental SDPC State Jasper, Florida and Edmentum, Inc. . P a g e | 21 EXHIBIT “H” Additional Terms for Texas (or Modifications THIS EXHIBIT “Supplemental State Terms”), H” effective simultaneously with the attached Student Data Date Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] The School Board of Hamilton County, Florida, (the “Local Education Agency” or “LEA”) and [ ] Edmentum, Inc. , (the “Provider”), ) is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ BrainPOP LLC ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Lodi Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Lodi Unified School District, located at 0000 X Xxxx Xx Xxxx Xx 00000 Xxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] The Pi Day Challenge, located at 000 Xxxxx Xx Xxxxxxx, XX 00000-0000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ Metamora Township High School ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: Metamora Township High School BY: Date: 5/19/21 Printed Name: _Sean X'Xxxxxxxx Title/Position: _Superintendent SCHOOL DISTRICT NAME: _Metamora Township High School DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: Xxxx X'Xxxxxxxx Superintendent 000 Xxxx Xxxxxxx Xxxxxx, Xxxxxxxx, XX 309-367-4151 xxxxxxxx@xxxx.xx EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” – Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:Illinois

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Roseville Joint Union High SD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Roseville Joint Union High SD, located at 0000 Xxxxx Xxx Xxxxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] EditMentor, Inc., located at 000 Xxxxx Xxxxxx Xxxxx 2 Beverly Hills, CA 90212 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD Prosper Independent School District ] (the “Local Education Agency” or “LEA”) and [ The AET ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: The School Board of Flagler County, Florida BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: THE SCHOOL BOARD OF FLAGLER COUNTY, FLORIDA DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: Agreement between the School Board of Flagler County, Florida P a g e | 45 of 51 EXHIBIT “F” <F= DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”<Edspex=) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“<Cybersecurity Frameworks”Frameworks=) that may be utilized by Provider Provider. Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 X National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 X International Standards Organization (ISO) Information technology — 4 Security techniques — 4 Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Agreement between the School Board of Flagler County, Florida P a g e | 46 of 51 EXHIBIT “G” <G= Supplemental SDPC State Terms for Texas Florida Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as- needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual Parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit “G”(Exhibit <H= in this proposed structure).] Agreement between the School Board of Flagler County, Supplemental SDPC State Florida P a g e | 47 of 51 EXHIBIT <H= Additional Terms for Texas (“Supplemental State Terms”), or Modifications THIS EXHIBIT <H= effective simultaneously with the attached Student Data Date Privacy Agreement (“DPA”<DPA=) by and between [ NORTH EAST ISD ] The School Board of Flagler County, Florida, (the “<Local Education Agency” Agency= or “LEA”<LEA=) and [ ] _Remin_d , (the “Provider”), <Provider=) is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Harvard Community Unit School District 50] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** [Insert Name of Subscribing LEA: ] BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider Provider. Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 X National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) X Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT Contact information for data security concerns or questions: xxxxxxxx@xxxxxxxxx.xxx E XHIBIT “G” – Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD [Insert IL LEA] _ (the “"Local Education Agency” or “"LEA”") and [ ] Spotify USA Inc. (the “"Provider”"), is incorporated in the attached DPA and amends andamends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BYBy: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Please see our Security Whitepaper for details: xxxxx://xxxx.xxx/about/InformationSecurityPolicy.pdf STANDARD STUDENT DATA PRIVACY AGREEMENT (NDPA Standard Version 1.0) EXHIBIT “G” Supplemental SDPC State Terms for Texas Oklahoma Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”, Supplemental SDPC State Terms for Texas H” in this proposed structure).] THIS SPACE LEFT INTENSIONALLY BLANK OK-NDPA V1 Page 20 of 21 EXHIBIT “H” ADDITIONAL TERMS OR MODIFICATIONS XXX and Provider agree to the following additional terms and modifications: The following sections shall be modified (“Supplemental State Terms”), effective simultaneously as indicated) and replaced with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:language set forth below.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy TermsTerms . The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ Harvard Community ] and the [Provider]Provider . **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 3/16/21 _ Printed Name: Title/PositionXxxx X. X'Xxxxxxxx Title/ Posit ion: Superintendent _ SCHOOL DISTRICT NAMENAM E: Metamora Township High School _ DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: Xxxx X. X'Xxxxxxxx Superintendent 000 Xxxx Xxxxxxx Xxxxxx, Xxxxxxxx, XX 00000 000-000-0000 xxxxxxxx@xxxx.xx EXHIBIT “"F” " DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“" Edspex”" ) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principlesprinciples * (“"Cybersecurity Frameworks”") that may be utilized utilize d by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) □ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 □ National Institute of Standards and Technology (NIST) Techno logy NIST SP 800-53, Cybersecurity Cyber security Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International □ Int ernational Standards Organization (ISO) Information technology — - Security techniques — Information - Inform at ion security management systems (ISO 27000 seriesserie s) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) □ Office of the Under Secretary of Defense for Acquisition Acquisiti on and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMCCM MC , ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx htt p:// www.eds pex.orq for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC State Terms for Texas Illinois Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] Harvard Community Unit School District 50 (the “"Local Education Agency” " or “"LEA”" ) and [ ] Nearpod Inc. (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD originating LEA: Bellevue School District 405 and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Name of Subscribing LEA: BYBy: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: 1190353v1 EXHIBIT “F” F”‌ DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider Provider. Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. 1190353v1 EXHIBIT “G” – Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:[State]

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 X National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Learning Without Tears ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ Wayside Publishing ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Fort Xxxxx Public Schools and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Xxxxx Xxxxx Date: 03/13/24 Printed Name: Xxxxx Xxxxx Title/Position: Director of Technology SCHOOL DISTRICT NAME: Cossatot River School District DESIGNATED REPRESENTATIVE OF LEA: Name: Xxxxx Xxxxx Title: Director of Technology Address: 000 Xxxxxx Xxxxx, Xxxxxx, XX Telephone Number: Email: 000-000-0000 xxxxxx@xxxxxxxx.xx EXHIBIT “"F” " DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“"Edspex”") works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“"Cybersecurity Frameworks”") that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — - Security techniques — - Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here STANDARD STUDENT DATA PRIVACY AGREEMENT {NDPA Standard Version 1.0/Vendor Modified etc.) EXHIBIT “"G” " Supplemental SDPC State Terms for Texas [State] Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously I Service providers must comply with the attached Arkansas§ 6-18-109 Student Online Personal Information Protection Act. xxxxx://xxx.x xxxxx.xxxxx.xx.xx/ Acts/Document ?type=pdf&act=1196&ddBienniumSession=2015%2F2015R Service providers must comply with Arkansas§ 6-18-2505 and§ 6-18-2507 Student Data Privacy Agreement (“DPA”) by Vendor Security Act. xxxxx://xxx.xxxxxx.xxxxx.xx.xx/Bills/FTPDocument?path=%2FBills%2F2023R%2FPublic%2FH Bl 757.pdf EXHIBIT "H" Additional Terms or Modifications D Version XXX and between [ NORTH EAST ISD ] (Provider agree to the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA) as follows:. If there are no additional or modified terms, this field should read "None."

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” F DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 California This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] between: , located at (the “Local Education Agency” or “LEA”) and [ ] , located at (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 X International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Novel Effect, Inc. ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Rocklin USD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Rocklin USD, located at 0000 Xxxxxx Xxxxxxx Xxxxx Rocklin, CA 95677(the “Local Education Agency” or “LEA”) and [ ] NoodleTools, Inc., located at PO Box 60214 Palo Alto, CA 94306 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Ceres Unified and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) ✔ Other framework information - Please specify: SOC2 Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Ceres Unified, located at 0000 Xxxxxxxx Xxxxxx Ceres, CA 95307(the “Local Education Agency” or “LEA”) and [ ] Decktopus Inc., located at 0000 Xxxx Xxxx Xxxxx 000 Xxxx Xxxx, XX 00000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Pekin Public Schools District 108 and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “Pekin Public Schools District 108(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East the [ Mansfield ISD ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Mansfield ISD ] (the “Local Education Agency” or “LEA”) and [ [ations Pty Ltd trading as Vi] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] Pleasantdale School District 107 (the “"Local Education Agency” or “"LEA”") and [ ] Dearborns Consulting LLC (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the LEA and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “The Board of Trustees of Illinois State University Laboratory Schools(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ The DBQ Company ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Sacramento City USD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Sacramento City USD, located at 0000 00xx Xxxxxx Xxxxxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] DM Education, located at 000 X Xxxxx Xx Xxxx Xxxxxx, XX 00000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ Stash101 LLC ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD tre Provo City School District ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: D�e:· Printed Name: __ ____ Title/Position: __ ____ ___ SCHOOL DISTRICT NAME: _____ _____ _ DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: DocuSign Envelope ID: 54BD6DE7-0B2B-4D61-8F0F-ACF569395A66 EXHIBIT “"F” " DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“"Edspex”") works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“"Cybersecurity Frameworks”") that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) □ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 Technology National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Technology Improving Critical Infrastructure Cybersecurity □ (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — - Security techniques — - Information security management systems (ISO 27000 series) □ □ Secure Controls Framework Council, LLC Security Controls Framework (SCF) □ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Cybersecurity Maturity Model Certification Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here DocuSign Envelope ID: 54BD6DE7-0B2B-4D61-8F0F-ACF569395A66 EXHIBIT “"G” " Supplemental SDPC State Terms for Texas [State] Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit “G”, Supplemental SDPC State (Exhibit "H" in this proposed structure).] DocuSign Envelope ID: 54BD6DE7-0B2B-4D61-8F0F-ACF569395A66 EXHIBIT "H" Additional Terms for Texas (“Supplemental State Terms”), effective simultaneously with or Modifications Version XXX and Provider agree to the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA) as follows:. If there are no additional or modified terms, this field should read "None."

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) ✔ Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Xxxxx, Inc. ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Nippersink School District 2 and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “Nippersink School District 2(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Cutter Morning Star School and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) ✔ Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here STANDARD STUDENT DATA PRIVACY AGREEMENT (NDPA Standard Version 1.0/Vendor Modified etc.) EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously I Service providers must comply with the attached Arkansas Act 754 of 2023 Student Data Privacy Agreement (Vendor Security Act. Service providers must comply with Arkansas Act 1196 of 2015 Student Online Personal Information Protection Act. EXHIBIT “DPA”) by H” Additional Terms or Modifications Version XXX and between [ NORTH EAST ISD ] (Provider agree to the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA) as follows:. If there are no additional or modified terms, this field should read “None.”

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Alameda Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Alameda Unified School District, located at 0000 Xxxxxxxxxx Xx Xxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] youmebee Ltd, located at The Gate, Keppoch Street, United Kingdom Cardiff, AK CF243JW (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Lodi Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Lodi Unified School District, located at 0000 X Xxxx Xx Xxxx Xx 00000 Xxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Blue Bridge LLC, located at 000 Xxxxxxxxxx Xx. Xxxxxx Xxxxx, XX 00000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: DocuSign Envelope ID: 18E61DEB-F83E-4BFC-B72E-F33A9F5B2265 EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here DocuSign Envelope ID: 18E61DEB-F83E-4BFC-B72E-F33A9F5B2265 EXHIBIT “G” Supplemental SDPC State Terms for Texas Oregon Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas Oregon (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached Student date of full execution (the “Effective Date”) and is incorporated into and made a part of theStudent Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] between: Beaverton School District , located at 00000 XX Xxxxx Rd, Beaverton, OR 97003 (the “Local Education Agency” or “LEA”) and [ ] Discovery Education, Inc. (the “Provider”)., is incorporated located at 0000 Xxxxxxxx Xxxxxx, Xxxxx 000, Xxxxxxxxx, XX 00000 All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Lancaster SD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Lancaster SD, located at 00000 Xxxxx Xxxxxx Xxxxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] NurseNotes, located at 000 XX Xxxxxx Blvd #176 Issaquah, WA 98027 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 X International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Cypress-Fairbanks ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Wasco Union Elementary SD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Wasco Union Elementary SD, located at 0000 0xx Xxxxxx Xxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Toy Theater, located at 000 Xxxxx Xxxxxx Ottawa, Ontario K2P0S9 Canada (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: The School Board of *YOUR COUNTY* County, Florida BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: THE SCHOOL BOARD OF *YOUR COUNTY* COUNTY, FLORIDA DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider Provider. Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Agreement Between the School Board of Monroe County, Florida P a g e | 47 of 51 EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as- needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual Parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”, Supplemental SDPC State H” in this proposed structure).] EXHIBIT “H” Additional Terms for Texas (or Modifications THIS EXHIBIT “Supplemental State Terms”), H” effective simultaneously with the attached Student Data Date Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] The School Board of Monroe County, Florida, (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), Provider is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Greenbrier School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 12/06/2023 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) ✔ Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here STANDARD STUDENT DATA PRIVACY AGREEMENT (NDPA Standard Version 1.0/Vendor Modified etc.) EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This Exhibit I Service providers must comply with Arkansas § 6-18-109 Student Online Personal Information Protection Act. xxxxx://xxx.xxxxxx.xxxxx.xx.xx/Home/FTPDocument?path=%2FBills%2F2015%2FPublic%2FHB1961.pdf EXHIBIT “G”, Supplemental SDPC State H” Additional Terms for Texas (“Supplemental State Terms”), effective simultaneously with or Modifications Version XXX and Provider agree to the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable to the DPA) as followsmodifications:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ Boddle Learning, Inc. ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Date: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ EBSCO Publishing, Inc. ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 X National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework Security and Privacy Controls for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 Information Systems and Organizations International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] East Moline School District #37 (the “"Local Education Agency” or “"LEA”") and [ ] Library Video Company d/b/a SAFARI Montage (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and Valley View School District 365U the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Xxxxx Xxxxxx Title/Position: CIO SCHOOL DISTRICT NAME: Cicero School District 99 DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Xxxxx Xxxxxx CIO 0000 Xxxx 00xx Xxxxxx, Xxxxxx, XX 00000 Telephone Number: 000-000-0000 Email: xxxxxxx@xxxx00.xxx EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 X National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) X Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] Valley View School District 365U (the “"Local Education Agency” or “"LEA”") and [ ] Spotify USA Inc. (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Heyworth CUSD #4 and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “Heyworth CUSD #4(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Poway Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Poway Unified School District, located at 00000 Xxxxxx xx Xxxxxxx Xxx Xxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Xxxx Xxxxxx LLC, located at 00 Xxxx xx. #0 Xxxxxxxxxx, Xxxxxxxxxxxxx 00000 Xxxxxx Xxxxxx (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: The School Board of *YOUR COUNTY* County, Florida BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: THE SCHOOL BOARD OF *YOUR COUNTY* COUNTY, FLORIDA DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: Agreement Between the School Board of Monroe County, Florida P a g e | 47 of 52 EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider Provider. Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security (ISO) techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Agreement Between the School Board of Monroe County, Florida P a g e | 48 of 52 EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as- needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual Parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”H” in this proposed structure).] Agreement Between the School Board of Monroe County, Supplemental SDPC State Florida P a g e | 49 of 52 EXHIBIT “H” Additional Terms for Texas (or Modifications THIS EXHIBIT “Supplemental State Terms”), H” effective simultaneously with the attached Student Data Date Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] The School Board of Monroe County, Florida, (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), Provider is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Lodi Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Lodi Unified School District, located at 0000 X Xxxx Xx Xxxx Xx 00000 Xxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Scan Student Identification Card Authorization (SSICA), located at 0000 X Xxxxx Xx Xxxxxxx, XX 00000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. President A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Ceres Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Because LightBurn does not collect PII in its desktop software product, it does not seek certification from the maintaining organizations of security frameworks. LightBurn sells its software via Shopify, and necessarily collects billing information there. Shopify complies with SOC 3 and PCI and makes its latest compliance reports publicly available at xxxxx://xxxx.xxxxxxx.xxx/en/support/compliance/reports EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] between: Ceres Unified School District , located at 0000 Xxxxxxxx Xxxxxx, Ceres CA 95307 (the “Local Education Agency” or “LEA”) and [ ] XxxxxXxxx Software, LLC (the “Provider”). , is incorporated located at 000 Xxxxxx Xx Xxxxx 21-2, Dover, DE 19904 All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Lodi Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Lodi Unified School District, located at 0000 X Xxxx Xx Xxxx Xx 00000 Xxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Byrdseed LLC, located at 0000 XX Xxxxxx Xx XXX 00000 Xxxxxxxxx, XX 00000-7105 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [ ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BYBy: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Oklahoma Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”, Supplemental SDPC State H” in this proposed structure).] THIS SPACE LEFT INTENSIONALLY BLANK EXHIBIT “H” Additional Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:Modifications Version

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Deer Park ISD ] (the “Local Education Agency” or “LEA”) and [ School Psych AI ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Lubbock-Xxxxxx ISD] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 11/6/23 Printed Name: Xxxxxxx Xxxxxx Title/Position: Director of Technology SCHOOL DISTRICT NAME: Xxxxxx ISD DESIGNATED REPRESENTATIVE OF LEA: Name: Xxxxxx Xxxxxxx Title: Instructional Technology Specialis Address: 000 Xxxxx Xxxxxxxx Xxxx, Xxxxxx, TX 76655 Telephone Number: 000-000-0000 Email: xxxxxxxxxxxxx@xxxxxxxxx.xxx EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ Eduphoria! Inc ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD originating LEA: Bellevue School District 405 and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Name of Subscribing LEA: BYBy: _ Xxxxx XxXxxx (Dec 15, 2021 19:34 CST) Date: _ Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: _ _ Email: 1190353v1 EXHIBIT “F” F”‌ DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider Provider. Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. 1190353v1 EXHIBIT “G” – Supplemental SDPC State Terms for Texas [State] Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:1.0

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [South Sanpete School Di_] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This [The State Supplement is an optional set of terms that will be generated on an as-needed basis in collaboration between the national SDPC legal working group and the State Consortia. The scope of these State Supplements will be to address any state specific data privacy statutes and their requirements to the extent that they require terms in addition to or different from the National Standard Clauses. The State Supplements will be written in a manner such that they will not be edited/updated by individual parties and will be posted on the SDPC website to provide the authoritative version of the terms. Any changes by LEAs or Providers will be made in amendment form in an Exhibit (Exhibit “G”, Supplemental SDPC State H” in this proposed structure).] EXHIBIT “H” Additional Terms for Texas (“Supplemental State Terms”), effective simultaneously with or Modifications Version LEA and Provider agree to the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable to the DPA) as followsmodifications:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Sacramento City USD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Sacramento City USD, located at 0000 00xx Xxxxxx Xxxxxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] The Language Gym Limited, located at Xx 0 00/X Xxxxxx 00 00 Xxxxxx Xxxxxx Xxxx Xxxx, Xxxxxx Xxx 999077 Hong Kong (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Midway ISD ] (the “Local Education Agency” or “LEA”) and [ Learning Ally ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Sacramento City USD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) ✔ Other framework information - Please specify: Bitlocker Amazon Immutable Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Sacramento City USD, located at 0000 00xx Xxxxxx Xxxxxxxxxx, XX 00000(the “Local Education Agency” or “LEA”) and [ ] Xxxx Xxxxx Photography, located at 000 Xxxxxx Xxxxxx Roseville, California 95678 United States (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the North East ISD Little Rock School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: North Little Rock School District BY: Date: 10/26/2023 Printed Name: Xxxxxx Xxxxxx Title/Position: Information Technology Manage SCHOOL DISTRICT NAME: North Little Rock School District DESIGNATED REPRESENTATIVE OF LEA: Name: Xxxxxx Xxxxxx Title: Information Technology Manager Address: 0000 Xxxxxx Xx, Xxxxx Xxxxxx Xxxx, XX 00000 Telephone Number: 000-000-0000 Email: xxxxxxx@xxxxx.xxx EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) ✔ Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) ✔ Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here STANDARD STUDENT DATA PRIVACY AGREEMENT (NDPA Standard Version 1.0/Vendor Modified etc.) EXHIBIT “G” Supplemental SDPC State Terms for Texas [State] Version 1.0 This Exhibit I Service providers must comply with Arkansas § 6-18-109 Student Online Personal Information Protection Act. xxxxx://xxx.xxxxxx.xxxxx.xx.xx/Home/FTPDocument?path=%2FACTS%2F2015%2FPublic%2FACT1196.pdf EXHIBIT “G”, Supplemental SDPC State H” Additional Terms for Texas (“Supplemental State Terms”), effective simultaneously with or Modifications Version XXX and Provider agree to the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental following additional terms and conditions and policies applicable modifications: This is a free text field that the parties can use to add or modify terms in or to the DPA) as follows:. If there are no additional or modified terms, this field should read “None.”

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Lubbock-Xxxxxx ISD ] (the “Local Education Agency” or “LEA”) and [ Stash101 LLC ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East the [ Northwest ISD ] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST Northwest ISD ] (the “Local Education Agency” or “LEA”) and [ [No Tears Learning Inc db] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Desert Sands Unified School District and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Desert Sands Unified School District, located at 00000 Xxxx Xxxxx Xx. La Quinta, CA 92253(the “Local Education Agency” or “LEA”) and [ ] School Avoidance Alliance, located at 00 xxxxxxxxx xxxx mahwah, NJ 07430 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Xxxxx Xxxxxxxx Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ eDynamic LP ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: LEA BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 11/17/2023 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 ✔ International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ aRndiv[erside Assessments, ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Abdo Digital Date: 5/4/2023 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) ✔ Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Abdo Digital ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] Dolton School D_istrict_149 (the “"Local Education Agency” or “"LEA”") and [ ] _ L_iminex, Inc. dba _GoGuardian (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Xxxxxxx Xxxxxxxx Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ B.E. Publishing ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Xxxxx X. Xxxxxxxxx High School and the [Provider]. Xxxxxx'x Database Solutions, Inc. DBA: Embrace® **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) X National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR͂ FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “"G” " Supplemental SDPC (Student Data Privacy Consortium) State Terms for Texas Illinois Version 1.0 IL-NDPAv1.0a (Revised March 15, 2021) This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] (the “Xxxxx X. Xxxxxxxxx High School(the "Local Education Agency” " or “"LEA”") and [ ] Xxxxxx'x Database Solutions, Inc DBA: Embrace® (the “"Provider”"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Xxxxx Xxxxxx Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:ISD

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Grayslake CHSD 12·1 and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: _____Date: -+(.,__�+-�.:......>.<....�_ _ _g� l_e_s__ _____ 04/25/2022 Printed Name: Xxxxxx xx Xxxxx Title/Position: _s_a_ SCHOOL DISTRICT NAME: _ _ _________ DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Sales Address: Telephone Number: Email: Last Updated 2020-10-20 TL-NDPA Versio11 1.0 Page 17 o/22 EXHIBIT “"F” " DATA SECURITY SECURITYi REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“"Edspex”") works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“"Cybersecurity Frameworks”") that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP National Institute of Standards and � FRAMEWORK(S) NIST Cybersecurity Framework Version 1.1 □ □ Technology National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of International Standards and Technology (NIST) Organization □ □ □ NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — - Security techniques — - Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework ({SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Cybersecurity Maturity Model Certification Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR~fAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further forfurther details about the noted frameworksnotedframeworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here Last Updated 2020-10-20 IL-tfDPA Version 1.0 Page 18 of22 EXHIBIT “"G” " - Supplemental SDPC State Terms for Texas Illinois Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas Illinois (“"Supplemental State Terms”"), effective simultaneously with the attached Student Data Privacy Agreement (“"DPA”") by and between [ NORTH EAST ISD ] Grayslake CHSD 127 (the “''Local Education Agency” '' or “"LEA”") and [ ] Senor Wooly, LLC (the “"Provider”''), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the Murrieta Valley USD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAMESchool District Name: DESIGNATED REPRESENTATIVE OF Designated Representative of LEA: Name: Title: Address: , Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques techniques— Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Other framework information - Please specify: Please visit xxxx://xxx.xxxxxx.xxx xxxx://xxx.xxxxxx.xxx/ for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here here. EXHIBIT “G” Supplemental SDPC State Terms for Texas California Version 1.0 This Exhibit “G”, Supplemental Amendment for SDPC State Terms for Texas California (“Supplemental State TermsAmendment”), effective simultaneously with ) is entered into on the attached date of full execution (the “Effective Date”) and is incorporated into and made a part of the Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the between: Murrieta Valley USD, located at 00000 Xxxxxx Xx. Murrieta, CA 92562(the “Local Education Agency” or “LEA”) and [ ] Booster Enterprises, Inc., located at 0000 Xxxxxxxx Xxxxxxx Xxxxxxxxx Xxxxxxx, XX 00000 (the “Provider”), is incorporated . All capitalized terms not otherwise defined herein shall have the meaning set forth in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:.

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD the [Insert Name of Originating LEA] and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 ✔ National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD Deer Park Independent School District ] (the “Local Education Agency” or “LEA”) and [ SchoolStatus ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Subscribing LEA. A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between North East ISD and the [Provider]. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Subscribing LEA: BY: Date: 09/06/2023 Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: EXHIBIT “F” DATA SECURITY REQUIREMENTS Adequate Cybersecurity Frameworks 2/24/2020 The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology (NIST) NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology (NIST) NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization (ISO) Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security (CIS) CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. *Cybersecurity Principles used to choose the Cybersecurity Frameworks are located here EXHIBIT “G” Supplemental SDPC State Terms for Texas Version 1.0 This Exhibit “G”, Supplemental SDPC State Terms for Texas (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between [ NORTH EAST ISD ] (the “Local Education Agency” or “LEA”) and [ Student Conductor, Inc. ] (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows: