MyEdMentor

Trust Center

How we protect data, govern AI, and support institutional due diligence. Universities are the data Controller; MyEdMentor acts as Processor.

DRAFT — pending legal review. Not a contractual representation.

Data Processing (DPA)

DRAFT — not a contract. A signed Data Processing Agreement is provided per institution; that signed agreement governs. This page summarises the position pending solicitor sign-off.

Roles

For institutional use, the university is the Controller and MyEdMentor is the Processor, acting only on the institution’s documented instructions. For the MyEdMentor Fellowship — MyEdMentor’s own programme — MyEdMentor is the Controller for applicant data.

Subject matter & duration

Processing covers the operation of the simulation, authoring (Studio), Fellowship and learning features for the term of the institutional agreement. Categories of data subjects and personal data are set out in the signed DPA schedule.

Data-subject requests

Requests are recorded with a response clock and routed to the relevant Controller; MyEdMentor assists the Controller in fulfilling them. Erasure is performed on instruction and is reviewed and backup-gated — there is no automated bulk deletion. See Data Retention.

Subprocessors

A current register is maintained — see Subprocessors. Material changes are notified so the Controller can object where applicable.

Security measures

The technical and organisational measures are described under Security and form part of the DPA schedule.

International transfers

Some subprocessors (notably AI providers) are US-based. Appropriate safeguards apply; the specific transfer mechanism is stated in the signed DPA (DRAFT — to be confirmed with legal).

Sub-processing & assistance

MyEdMentor assists the Controller with security, breach notification (see Incident Response), and data protection impact assessments via the Security Pack. On termination, data is exported and then deleted or anonymised on instruction.