Trust & Compliance

Data Processing Agreement (DPA)

Last updated: May 5, 2026

When a tutor, institute, or test-prep company uses Coachingle Study to process the personal data of their students, they act as the data controller and we act as a data processor. This page summarises our DPA and tells you how to sign one.

Who needs a DPA?

You should sign a DPA with us if:

  • You are a tutor (Tutor Solo, Studio, or Agency tier) processing student personal data through Coachingle Study.
  • You are an institute (school, college, test prep company, or coaching centre) on the Institute tier.
  • You are subject to GDPR (EU/UK), CCPA (California), or other equivalent privacy regulations and need a written processor agreement.

Individual learners on student plans (Free, $8.99/mo Monthly, $29.99/semester) do not need a DPA — your data is processed under our Privacy Policy and Terms of Service directly.

How to sign the DPA

  1. Tutor Solo / Studio / Agency: the DPA is included as a click-through agreement during onboarding. By accepting our Terms of Service when you set up your tutor account, you have accepted the DPA. A countersigned PDF copy is available on request.
  2. Institute tier: we provide a negotiable DPA as part of the contracting process. Email privacy@coachingle.com with “Institute DPA” in the subject line.
  3. Existing customers: if you signed up before the click-through DPA was rolled out and need a written agreement, email us. We will send a counter-signable PDF.

Summary of the DPA terms

The full DPA is provided on request. Key terms include:

  • Roles: you (the customer) are the controller; we (Coachingle Technologies Private Limited) are the processor for personal data you submit.
  • Processing scope: we process personal data only on your documented instructions and for the purposes of providing the service.
  • Confidentiality: our personnel processing personal data are bound by written confidentiality obligations.
  • Security measures: we maintain the technical and organisational safeguards described on our Security page.
  • Sub-processors: we engage the sub-processors listed on our Security page. We notify you in advance of changes and you may object.
  • Data subject rights: we assist you in responding to data subject requests (access, deletion, correction, portability) within reasonable timeframes.
  • Breach notification: we notify you within 72 hours of becoming aware of a confirmed personal data breach affecting your data.
  • Audits: on reasonable notice, we provide information necessary to demonstrate compliance, including third-party audit reports (SOC 2 Type 1 once available).
  • International transfers: for transfers to non-adequacy countries, we rely on Standard Contractual Clauses (SCCs) for EU transfers and the UK IDTA for UK transfers.
  • Term and termination: the DPA runs for the duration of the underlying service agreement. On termination, we delete or return your personal data within 90 days.

Sub-processors

Our current sub-processors are listed on the Security page. We update that list when sub-processors change and notify Institute customers in advance.

Cross-border transfers

EU personal data may be transferred to the United States (where our hosting and AI sub-processors are based) and to India (where part of our team operates). We rely on:

  • EU Standard Contractual Clauses (SCCs) for EU-to-US and EU-to-India transfers.
  • UK International Data Transfer Agreement (IDTA) for UK-to-non-adequacy transfers.

Questions and contracting

For DPA questions, redlined drafts, or signed copies, email privacy@coachingle.com. We typically respond within 2 business days.

Questions about this page? privacy@coachingle.com