LearnChain Privacy Policies

1. Personal Information We Collect

We collect personal information relating to you ("Personal Information") as follows:

1.1. Personal Information You Provide

We collect Personal Information if you create an account to use our Services or communicate with us as follows:

Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history, (collectively, "Account Information").

User Content: When you use our Services, we collect Personal Information that is included in the input, file uploads, training materials, company documentation, or feedback that you provide to our Services ("Content"). This may include company internal materials used for course generation and employee training data.

Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send ("Communication Information").

Social Media Information: We have pages on social media sites like Instagram, Facebook, Medium, Twitter, YouTube, and LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details (collectively, "Social Information"). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.

Training and Integration Data: We collect information from your integrated third-party services (such as Microsoft Teams, Notion, GitHub, and other workplace tools) to enhance the training experience and provide personalized onboarding content.

Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your identity (collectively, "Other Information You Provide").

1.2. Personal Information We Receive Automatically from Your Use of the Services

When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions ("Technical Information"):

Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and how you interact with our Services.

Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, training progress, interactions with Training Wheels, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.

Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.

Cookies: We use cookies to operate and administer our Services, and improve your experience. A "cookie" is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website.

Analytics: We may use a variety of online analytics products that use cookies to help us analyze how users use our Services and enhance your experience when you use the Services.

2. How We Use Personal Information

We may use Personal Information for the following purposes:

• To provide, administer, maintain and/or analyze the Services;
• To generate personalized training courses using your company's internal materials;
• To provide Training Wheels on-screen assistance and employee guidance;
• To facilitate integrations with third-party workplace tools;
• To improve our Services and conduct research;
• To communicate with you; including to send you information about our Services and events;
• To develop new programs and services;
• To prevent fraud, criminal activity, or misuse of our Services, and to protect the security of our IT systems, architecture, and networks;
• To carry out business transfers; and
• To comply with legal obligations and legal processes and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

Aggregated or De-identified Information

We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information, or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.

Verification: In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents: You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf, and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted to founder@thelearnchain.com.

Appeals: Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request to founder@thelearnchain.com.

Note: We may use Content you provide us to improve our Services, for example, to train the models that power LearnChain. Read our instructions on how you can opt out of our use of your Content to train our models.

3. Disclosure of Personal Information

In certain circumstances, we may provide your Personal Information to third parties without further notice to you, unless required by law:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, email communication software, web analytics services, and other information technology providers, among others. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us.

Third-Party Integrations: We may share necessary information with integrated third-party services (such as Microsoft Teams, Notion, GitHub, and other workplace tools) to provide the functionality you request, such as accessing company materials for training course generation or enabling Training Wheels assistance.

Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a "Transaction"), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

Legal Requirements: We may share your Personal Information, including information about your interaction with our Services, with government authorities, industry peers, or other third parties:

• If required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation,
• To protect and defend our rights or property,
• If we determine, in our sole discretion, that there is a violation of our terms, policies, or the law,
• To detect or prevent fraud or other illegal activity,
• To protect the safety, security, and integrity of our products, employees, or users, or the public, or
• To protect against legal liability.

Affiliates: We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with LearnChain. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.

Business Account Administrators: When you join a LearnChain Enterprise or business account, the administrators of that account may access and control your LearnChain account. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have a LearnChain account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.

Other Users and Third Parties You Share Information With: Certain features allow you to display or share information with other users or third parties. For example, you may share LearnChain training content with other users via shared links or send information to third-party applications via custom actions for LearnChain. Be sure you trust any user or third party with whom you share information.

4. Your Rights

Depending on your location, individuals may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:

• Access your Personal Information and information relating to how it is processed.
• Delete your Personal Information from our records.
• Rectify or update your Personal Information.
• Transfer your Personal Information to a third party (right to data portability).
• Restrict how we process your Personal Information.
• Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
• Object to how we process your Personal Information.
• Lodge a complaint with your local data protection authority.

You can exercise some of these rights through your LearnChain account. If you are unable to exercise your rights through your account, please submit your request through founder@thelearnchain.com.

A Note About Accuracy

Services like LearnChain generate responses by reading a user's request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. If you notice that LearnChain output contains factually inaccurate information about you and you would like us to correct the inaccuracy, you may submit a correction request through privacy@thelearnchain.com. Given the technical complexity of how our models work, we may not be able to correct the inaccuracy in every instance.

5. Additional U.S. State Disclosures

The following table provides additional information about the categories of Personal Information we collect and how we disclose that information. You can read more about the Personal Information we collect in "Personal Information We Collect" above, how we use Personal Information in "How We Use Personal Information" above, and how we retain Personal Information in "Security and Retention" below.

To the extent provided for by local law and subject to applicable exceptions, individuals may have the following privacy rights in relation to their Personal Information:

• The right to know information about our processing of your Personal Information, including the specific pieces of Personal Information that we have collected from you;
• The right to request deletion of your Personal Information;
• The right to correct your Personal Information; and
• The right to be free from discrimination relating to the exercise of any of your privacy rights.

We don't "sell" Personal Information or "share" Personal Information for cross-contextual behavioral advertising (as those terms are defined under applicable local law). We also don't process sensitive Personal Information for the purposes of inferring characteristics about a consumer.

Exercising Your Rights

To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request through founder@thelearnchain.com.

6. Children

Our Service is not directed to children under the age of 18. LearnChain does not knowingly collect Personal Information from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Information to LearnChain through the Service, please email us at founder@thelearnchain.com. We will investigate any notification and, if appropriate, delete the Personal Information from our systems.

7. Links to Other Websites

The Service may contain links to other websites not operated or controlled by LearnChain, including social media services and integrated third-party workplace tools ("Third Party Sites"). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links, we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

8. Security and Retention

We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error-free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service or third-party websites.

Retention

We'll retain your Personal Information for only as long as we need in order to provide our Service to you or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements. Company training materials and employee data will be retained according to your organization's data retention policies and applicable legal requirements.

9. International Users

By using our Service, you understand and acknowledge that your Personal Information will be processed and stored in our facilities and servers in the United States and may be disclosed to our service providers and affiliates in other jurisdictions.

Legal Basis for Processing

Our legal bases for processing your Personal Information include:

• Performance of a contract with you when we provide and maintain our Services. When we process Account Information, Content, and Technical Information solely to provide our Services to you, this information is necessary to be able to provide our Services. If you do not provide this information, we may not be able to provide our Services to you.
• Our legitimate interests in protecting our Services from abuse, fraud, or security risks, or in developing, improving, or promoting our Services, including when we train our models. This may include the processing of Account Information, Content, Social Information, and Technical Information. Read our instructions on how you can opt out of our use of your information to train our models.
• Your consent when we ask for your consent to process your Personal Information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
• Compliance with our legal obligations when we use your Personal Information to comply with applicable law or when we protect our or our affiliates', users', or third parties' rights, safety, and property.

Data Transfers

Where required, we will use appropriate safeguards for transferring Personal Information outside of certain countries. We will only transfer Personal Information pursuant to a legally valid transfer mechanism.

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.

Data Protection Officer

You can contact our data protection officer at founder@thelearnchain.com in matters related to Personal Information processing.

Our Commitments

Ownership: You Own and Control Your Data

• We do not train on your business data: We do not use the data you provide to LearnChain or our API platform to train our models, ensuring your business data remains confidential and secure.
• You own your inputs and outputs: The data you input into LearnChain and the outputs generated by our platform are yours, as permitted by law.
• You control data retention: For enterprise customers, you have control over how long your data is retained within our systems.
• Your training materials remain yours: Company internal materials, documentation, and proprietary training content used for course generation remain your exclusive property.

Control: You Decide Who Has Access

• Enterprise-level authentication: We support enterprise-level authentication through single sign-on (SSO) and multi-factor authentication to ensure that only authorized personnel can access your LearnChain environment.
• Fine-grained access control: Our platform allows you to manage who has access to specific features and data, enabling you to enforce your internal security policies.
• Custom training models are yours alone: If you develop custom training models using LearnChain, those models are exclusively yours to use. They will not be shared with any other customer or entity without your explicit consent.
• Role-based permissions: Control which employees can access specific training materials, create courses, or use Training Wheels functionality.

Security: Comprehensive Compliance

• Data encryption: We use AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit, ensuring that your information is protected from unauthorized access.
• Secure integrations: All third-party integrations (Microsoft Teams, Notion, GitHub, etc.) are secured with industry-standard authentication and encryption protocols.
• Infrastructure security: Our platform is built on secure cloud infrastructure with regular security audits and penetration testing.
• Access logging: Comprehensive audit trails track all access to your training data and company materials.

Compliance: Meeting Your Standards

• GDPR compliance: Full compliance with General Data Protection Regulation for European customers.
• SOC 2 Type II: We maintain SOC 2 Type II certification for security, availability, and confidentiality.
• CCPA compliance: California Consumer Privacy Act compliance for California-based organizations.
• Industry standards: Adherence to industry-specific compliance requirements as needed for your organization.

Data Handling Practices

Training Materials and Company Data

• Isolation: Your company's training materials and internal documentation are isolated from other customers' data.
• Minimal processing: We only process your data to the extent necessary to provide LearnChain services.
• No cross-contamination: Training courses generated for your organization using your materials are never shared with or visible to other customers.
• Secure deletion: Upon contract termination, all your data is securely deleted within 30 days unless retention is required by law.

Employee Data Protection

• Privacy by design: Employee training progress, interactions with Training Wheels, and learning analytics are handled with privacy as a fundamental principle.
• Consent management: Clear mechanisms for obtaining and managing employee consent for data processing.
• Data minimization: We collect and process only the employee data necessary for effective training and onboarding.
• Individual rights: Support for employee rights to access, correct, or delete their personal training data.

Third-Party Integration Security

• Authorized access only: Integrations with Teams, Notion, GitHub, and other tools only access data with explicit permission and for legitimate training purposes.
• Scope limitation: Each integration is limited to the minimum data access required for functionality.
• Real-time monitoring: Continuous monitoring of integration activities to detect and prevent unauthorized access.
• Revocable permissions: You can revoke integration permissions at any time through your LearnChain dashboard.

Transparency and Control

Data Visibility

• Dashboard insights: Real-time visibility into what data is being processed and how it's being used.
• Usage reports: Regular reports on data processing activities and system access.
• Audit capabilities: Full audit trails available for compliance and security reviews.

Data Portability

• Export capabilities: Ability to export your training data, course materials, and employee progress in standard formats.
• Migration support: Assistance with data migration if you choose to move to another platform.
• No vendor lock-in: Your data remains accessible and portable throughout your relationship with LearnChain.

Incident Response

• Immediate notification: You will be notified immediately of any security incidents affecting your data.
• Coordinated response: Our security team will work with your team to address any incidents quickly and effectively.
• Post-incident reporting: Detailed incident reports provided after resolution, including steps taken to prevent recurrence.

Enterprise Support

Dedicated Privacy Support

• Privacy team access: Direct access to our privacy and security specialists for questions and concerns.
• Custom privacy agreements: Ability to negotiate additional privacy terms based on your organization's specific requirements.
• Regular check-ins: Scheduled reviews of privacy practices and any changes to data handling procedures.

Training and Education

• Privacy training: Education for your team on LearnChain's privacy practices and your data rights.
• Best practices guidance: Recommendations for optimizing privacy while maximizing the value of LearnChain.
• Policy updates: Advance notice of any changes to our privacy practices that may affect your organization.

Continuous Improvement

We are committed to continuously improving our privacy and security practices. We regularly review and update our policies, procedures, and technical measures to ensure they meet the evolving needs of our enterprise customers and comply with changing regulatory requirements.

Your feedback is valuable to us. If you have suggestions for improving our privacy practices or encounter any concerns, please don't hesitate to reach out to our enterprise privacy team.

Overview

Note: The primary AI technology for LearnChain is powered by LearnChain's proprietary AI models designed specifically for employee onboarding and training. Some selective operations and functions for services including LearnChain would use some third-party services referred to as "Subprocessors".

List of Subprocessors

Currently, LearnChain utilizes the following subprocessors:

AI and Machine Learning Services

• Groq Cloud: Provides foundational models and infrastructure for enhanced AI processing capabilities.
• OpenAI: Provides foundational models and infrastructure for specific AI functionalities.

Cloud Infrastructure and Hosting

• Amazon Web Services (AWS): Cloud platform services for scalable infrastructure and data processing.

Communication and Integration Services

• Notion: API services for Notion workspace integration and content synchronization.
• GitHub: Integration services for GitHub repository access and code-based training materials.

Analytics and Monitoring

• Google Analytics: Website and platform usage analytics (anonymized data only).

Payment Processing

• Stripe: Payment processing for subscription and billing services.

Subprocessor Details

Data Processing Safeguards

Contractual Protections

• All subprocessors are bound by Data Processing Addendums (DPAs) that include equivalent data protection obligations
• Subprocessors are contractually required to implement appropriate technical and organizational security measures
• Data processing is limited to the specific purposes outlined in our agreements

Security Requirements

• All subprocessors must meet our security standards and undergo regular security assessments
• Data encryption in transit and at rest is required for all subprocessors handling customer data
• Access controls and audit logging are mandatory for all data processing activities

Compliance Standards

• Subprocessors must comply with applicable data protection laws including GDPR, CCPA, and other relevant regulations
• Regular compliance audits and certifications are required where applicable
• Data breach notification procedures are established with all subprocessors

Data Minimization

LearnChain follows data minimization principles with all subprocessors:

• Only necessary data is shared with subprocessors for specific processing purposes
• Training materials and company data are processed only to the extent required for service functionality
• Employee personal data is limited to what is essential for training and onboarding services
• Data retention periods are clearly defined and enforced with all subprocessors

Updates to Subprocessors

Notification Process

LearnChain commits to keeping our users informed about any changes to our list of subprocessors:

• Advance Notice: Users will receive at least 15 days advance notice of new subprocessors
• Communication Channels: Updates will be communicated through:
  • Email notifications to account administrators
  • Updates posted on our website
  • In-platform notifications for active users
  • Updates to this subprocessor list page

Customer Rights

• Objection Rights: Customers may object to new subprocessors within the notice period
• Service Alternatives: Where possible, we will provide alternatives if customers object to specific subprocessors
• Contract Termination: Customers may terminate services if they cannot accept new subprocessors

Review Process

• We regularly review our subprocessor relationships to ensure they continue to meet our standards
• Subprocessors that no longer meet our requirements are replaced or removed
• We continuously evaluate new technologies and services that may enhance our platform while maintaining security standards

Geographic Considerations

Currently, all our subprocessors are located in the United States, which provides:

• Consistent legal framework and data protection standards
• Simplified compliance with U.S. privacy laws
• Reduced complexity for international data transfers
• Enhanced security coordination and incident response

Monitoring and Oversight

Ongoing Monitoring

• Regular security and compliance assessments of all subprocessors
• Continuous monitoring of data processing activities
• Periodic reviews of subprocessor performance and security posture

Incident Response

• Coordinated incident response procedures with all subprocessors
• Immediate notification requirements for any security incidents
• Joint investigation and remediation processes

Transparency Commitment

We are committed to maintaining transparency about our data processing practices. This subprocessor list is part of our broader commitment to:

• Clear communication about who processes your data
• Transparency about the purposes of data processing
• Regular updates about changes to our processing arrangements
• Responsive communication with customers about their data protection concerns

1. Processing Requirements

As a Data Processor, LearnChain agrees to:

1. Process Customer Data only:
   • On Customer's behalf for the purpose of providing and supporting LearnChain's Services.
   • In compliance with the written instructions received from Customer.
   • In a manner that provides no less than the level of privacy protection required by applicable Data Protection Laws.
2. Promptly inform Customer if LearnChain cannot comply with the requirements of this DPA.
3. Not provide Customer with remuneration in exchange for Customer Data. The parties acknowledge and agree that Customer has not "sold" (as defined by U.S. Privacy Laws) Customer Data to LearnChain.
4. Not "sell" or "share" Personal Data as those terms are defined by U.S. Privacy Laws.
5. Inform Customer if, in LearnChain's opinion, an instruction from Customer violates applicable Data Protection Laws.
6. Ensure that persons engaged to perform on LearnChain's behalf are subject to a duty of confidentiality with respect to the Customer Data and comply with the data protection obligations applicable to LearnChain under the Agreement and this DPA.
7. Engage subprocessors listed in subprocessors section of our terms and policies to process Customer Data, subject to the terms of this DPA. Customer consents to the use of subprocessors listed by LearnChain. LearnChain will notify Customer of any changes to the subprocessor list at least 15 days before the changes take effect. If Customer objects to a new subprocessor, Customer may terminate the relevant services with a refund for any prepaid fees covering periods following the termination date.
8. Provide Customer with LearnChain's privacy and security policies upon reasonable request and demonstrate compliance with the obligations set forth in this DPA and applicable Data Protection Laws.
9. Cooperate with assessments and audits performed by or on behalf of Customer to confirm that LearnChain is processing Customer Data in a manner consistent with this DPA.
10. De-identify or anonymize data upon request by the Customer, and ensure that such data cannot be re-identified, except for the purpose of determining compliance with Data Protection Laws.
11. Not retain, use, or disclose Customer Data outside the scope of this DPA, except as required by law.
12. Notify Customer of any legal requirements compelling LearnChain to process Customer Data outside the terms of this DPA, unless legally prohibited.

2. Subprocessing

LearnChain uses subprocessors, listed in subprocessors section of our terms and policies, to provide the Services. The following terms apply to the use of subprocessors:

1. Authorized Subprocessors: Customer agrees to LearnChain's use of subprocessors, for the processing of Customer Data. LearnChain has entered into a Data Processing Addendum with the subprocessors, which governs the subprocessor's processing of Customer Data. This ensures that the subprocessors are bound by the same or equivalent data protection obligations as set out in this DPA.
2. Subprocessor Obligations: LearnChain ensures that all subprocessors, are bound by the equivalent data protection obligations as those set out in this DPA. The DPA between LearnChain and our subprocessors includes provisions for data protection, security measures, and compliance with applicable data protection laws.
3. Customer Objections: If Customer objects to a new subprocessor, LearnChain will provide options such as terminating the service or discontinuing the use of the subprocessor for Customer Data. In the case of objections related to the subprocessors, LearnChain will work with the Customer to address concerns, leveraging the terms of the DPA in place with the subprocessors.

3. Data Subject Rights

LearnChain will:

1. Assist Customer in responding to requests from data subjects exercising their rights under applicable data protection laws, such as access, rectification, or deletion of Customer Data.
2. Notify Customer of any request received directly from a data subject without responding to such request unless authorized by Customer.
3. Assist in Data Protection Impact Assessments (DPIAs) if required, including consultations with supervisory authorities.

4. Security

LearnChain will:

1. Maintain appropriate technical and organizational measures to protect Customer Data against unauthorized access, loss, alteration, or destruction. LearnChain's subprocessors are required to adhere to these standards as outlined in the DPA between LearnChain and our subprocessors.
2. Ensure that personnel with access to Customer Data are subject to confidentiality obligations and have received appropriate data protection training. This includes subprocessors, which are bound by equivalent security and confidentiality requirements under their DPA with LearnChain.
3. Notify Customer of any data breaches involving Customer Data without undue delay. If a data breach occurs at a subprocessor level, LearnChain will coordinate with the subprocessor to ensure timely notification and compliance with applicable laws.

5. International Data Transfers

LearnChain may transfer Customer Data outside of the country where it was originally collected, including to subprocessors. LearnChain will:

1. Ensure that such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally valid mechanisms.
2. Provide details of the safeguards used upon Customer's request.

6. Termination and Data Deletion

1. Retention Period: LearnChain will retain Customer Data for the duration of the Agreement or as otherwise agreed in writing. Subprocessors, are required to delete or return Customer Data as specified in their DPA with LearnChain.
2. Deletion or Return of Data: Upon termination of the Agreement, LearnChain will delete or return all Customer Data within 30 days unless retention is required by law. LearnChain will ensure that the subprocessors follows the same data deletion protocols as outlined in their DPA.
3. Subprocessor Data Deletion: LearnChain will ensure that subprocessors delete Customer Data within 30 days of termination, unless prohibited by law. This aligns with the terms agreed upon in the DPA with them.

7. Audit Rights

Customer has the right to:

1. Audit LearnChain's compliance with this DPA, including the processing activities of subprocessors.
2. Review third-party audit reports or certifications provided by LearnChain as evidence of compliance.

8. Liability and Indemnification

1. Limitation of Liability: LearnChain's liability for breaches of this DPA is subject to the limitations set forth in the Agreement.
2. Indemnification: Customer agrees to indemnify and hold harmless LearnChain against claims arising from the Customer's instructions regarding Customer Data.

9. Amendments

LearnChain reserves the right to update this DPA to comply with changes in data protection laws or introduce new subprocessors. LearnChain will notify the Customer of such updates, and the Customer may object or terminate the relevant services.