
Data Processing & Student Privacy Addendum
Last updated June 28, 2026
This Client Data Processing & Student Privacy Addendum ("Addendum") is incorporated into and forms part of any Agreement, Subscription, Statement of Work ("SOW"), Service Order, or other contract ("Agreement") between Media Education Solutions, Inc. d/b/a Contest Engine ("Contest Engine") and the subscribing organization ("Client").
In the event of a conflict between this Addendum and the Agreement, this Addendum shall control with respect to student privacy, participant data, and data processing obligations.
1. PURPOSE
Contest Engine provides software and related services that enable organizations to collect, manage, evaluate, judge, recognize, publish, and administer participant submissions.
Contest Engine acts solely as a technology service provider and data processor on behalf of the Client. Contest Engine does not determine participant eligibility requirements, registration requirements, privacy practices, publication decisions, or contest administration policies.
2. DEFINITIONS
Client Data means all information, records, submissions, files, metadata, participant information, judging information, and other materials submitted to or stored within Contest Engine by the Client or its authorized users.
Student Data means information directly related to an identifiable student that is provided to Contest Engine by a school, district, educational organization, parent, guardian, student, or authorized representative.
Authorized User means any individual authorized by the Client to access the platform, including administrators, judges, staff members, volunteers, contractors, educators, participants, or students.
3. ROLE OF THE PARTIES
Client shall be deemed the owner and controller of Client Data.
Contest Engine shall act solely as a service provider and data processor for the limited purpose of providing contracted services.
Contest Engine shall process Client Data only:
- As instructed by the Client;
- As necessary to provide platform functionality;
- As necessary to maintain security and platform operations; or
- As required by applicable law.
4. DATA OWNERSHIP
All Client Data remains the property of the Client and/or the applicable participant, student, creator, rights holder, or submitting organization.
Nothing in this Addendum transfers ownership of Client Data to Contest Engine.
Contest Engine receives only a limited, non-exclusive right to host, store, process, transmit, display, evaluate, and administer Client Data as necessary to provide services.
5. STUDENT PRIVACY COMPLIANCE
The Client acknowledges and agrees that it is solely responsible for:
- Compliance with FERPA;
- Compliance with COPPA;
- Compliance with applicable state student privacy laws;
- Compliance with district, school, university, or organizational privacy policies;
- Obtaining required parental or guardian consent;
- Obtaining media releases;
- Obtaining participation permissions;
- Determining lawful collection and use of participant information.
Contest Engine makes no independent determination regarding the legality of information collected by the Client.
6. DATA MINIMIZATION
Contest Engine is designed to support collection of only information reasonably necessary to administer contests, challenges, campaigns, recognition programs, and related activities.
Clients are encouraged to limit collection of personally identifiable information to the minimum necessary for program administration.
7. PROHIBITED USES OF DATA
Contest Engine shall not:
- Sell Client Data;
- Rent Client Data;
- License Client Data to third parties;
- Use Client Data for advertising purposes;
- Build marketing profiles from Client Data;
- Use Client Data for behavioral advertising;
- Commercially exploit Client Data outside the scope of contracted services.
8. ARTIFICIAL INTELLIGENCE RESTRICTIONS
Contest Engine does not use Client Data, Student Data, participant submissions, videos, images, documents, audio files, metadata, judging records, or other uploaded content to train:
- Artificial intelligence systems;
- Machine learning models;
- Large language models (LLMs);
- Generative AI systems; or
- Similar automated learning technologies.
9. ACCESS CONTROLS
Contest Engine maintains role-based access controls intended to limit access to Client Data.
Access is generally restricted to:
- Authorized Client administrators;
- Authorized judges and evaluators;
- Authorized participants;
- Contest Engine personnel with a legitimate operational need to access data.
10. INFORMATION SECURITY
Contest Engine shall maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Client Data against unauthorized access, disclosure, alteration, destruction, or loss.
Security measures may include:
- Authentication controls;
- Encrypted transmission of data;
- Access restrictions;
- Logging and monitoring;
- Backup procedures;
- Vendor security controls.
Contest Engine does not guarantee absolute security.
11. SUBPROCESSORS
Contest Engine may utilize reputable third-party service providers for hosting, authentication, storage, email delivery, video processing, analytics, infrastructure management, and related services.
Such providers may include cloud infrastructure, content delivery, storage, communications, or software service vendors necessary to operate the platform.
Contest Engine remains responsible for managing such providers in a commercially reasonable manner.
12. DATA RETENTION
Unless otherwise specified in writing:
- Client Data is generally retained for up to one hundred eighty (180) days following completion of the applicable program, contest, challenge, campaign, or event.
- Data may remain temporarily within backup or disaster recovery systems.
- Extended retention services may be purchased separately.
After expiration of applicable retention periods, Client Data may be deleted and may become unrecoverable.
13. DATA DELETION REQUESTS
Subject to contractual obligations, legal requirements, backup limitations, and operational requirements, Contest Engine will cooperate with reasonable Client requests concerning deletion of Client Data.
Deletion requests must be submitted by an authorized Client representative.
14. DATA BREACH NOTIFICATION
In the event Contest Engine becomes aware of unauthorized access to Client Data resulting from a confirmed security incident affecting Contest Engine systems, Contest Engine will provide notice to the Client within a commercially reasonable timeframe after confirmation of the incident.
Such notice may include:
- Description of the incident;
- Types of affected information, if known;
- Remediation efforts undertaken; and
- Recommended actions, if applicable.
15. AUDITS AND COMPLIANCE INQUIRIES
Upon reasonable request, Contest Engine may provide information regarding its privacy and security practices sufficient to support Client compliance reviews.
Nothing in this section requires Contest Engine to disclose confidential business information, proprietary technology, source code, security architecture, or trade secrets.
16. LEGAL DISCLOSURES
Contest Engine may disclose Client Data when required by:
- Law;
- Court order;
- Subpoena;
- Governmental request;
- Regulatory obligation; or
- Other legally binding processes.
Where legally permitted, Contest Engine may provide reasonable notice to the Client before such disclosure.
17. LIMITATION OF RESPONSIBILITY
Contest Engine shall not be responsible for:
- Contest administration decisions;
- Eligibility determinations;
- Publication decisions;
- Content ownership disputes;
- Release management;
- Consent collection;
- Privacy compliance failures attributable to Client practices;
- Information collected by the Client beyond Contest Engine's recommended use.
18. SURVIVAL
The obligations relating to confidentiality, privacy, security, ownership, AI restrictions, and data protection shall survive termination of the Agreement to the extent applicable.
This Addendum is incorporated into and executed as part of each Client's written agreement with Media Education Solutions, Inc..
