“Data” include all Personally Identifiable Information (PII) and other non-public information. Data include, but are not limited to, student data, metadata, and user content. POCUS 101 may use deidentified Data for product development, research, or other purposes. De-identified Data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, ID numbers, date of birth, demographic information, location information, and school ID. Furthermore, POCUS 101 agrees not to attempt to re-identify deidentified Data and not to transfer de-identified Data to any party unless that party agrees not to attempt reidentification. POCUS 101 will not use any Data to advertise or market to students. POCUS 101 will not change how Data are collected, used, or shared under the terms of this Agreement in any way without advance notice to and consent from the Licensee. POCUS 101 will only collect Data necessary to fulfill its duties as outlined in this Agreement. POCUS 101 will use Data only for the purpose of fulfilling its duties and providing services under this Agreement, and for improving services under this Agreement. POCUS 101 is prohibited from mining Data for any purposes other than those agreed to by the parties. Data mining or scanning of user content for the purpose of advertising or marketing to students is prohibited. Data cannot be shared with any additional parties without prior written consent of the User except as required by law. POCUS 101 will ensure that all Data in its possession are archived or transferred to the Licensee when the Data are no longer needed for their specified purpose, at the request of the Licensee. Parties agree that Data, shall remain the exclusive property of the Licensee, and POCUS 101 has a limited, nonexclusive license solely for the purpose of performing its obligations as outlined in the Agreement. This Agreement does not give POCUS 101 any rights, implied or otherwise, to Data, content, or intellectual property, except as expressly stated in the Agreement. This includes the right to sell or trade Data. Any Data, related to the Licensee and held by POCUS 101 will be made available to upon request by the Licensee. POCUS 101 will store and process Data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure Data from unauthorized access, disclosure, and use. POCUS 101 will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. POCUS 101 will also have a written incident response plan, to include prompt notification of the Licensee in the event of a security or privacy incident, as well as best practices for responding to a breach of PII. POCUS 101 agrees to share its incident response plan upon request. POCUS 101 will not use the Licensee’s entity name without prior written approval.