# Institution Terms (Education Deployments)

Effective Date: February 27, 2026

These terms summarize how Sukma supports institution-managed deployments
from a governance and operational standpoint.

## Student Data Ownership

Student-related records generated in institution-managed environments
remain under institutional control.

## Sukma's Role

Sukma acts as a service provider. We process institution-managed session
data, user data, course data, and governed session artifacts under
institutional instructions, configured controls, and contract terms.

## Governance Controls

- Owner and admin controls for policy, retention, and evidence workflows
- Role-based access for compliance-critical actions
- Auditable history for policy updates, access reviews, and purge requests
- Institution-configurable retention and deletion controls for governed conversation records and session artifacts

## Retention and Redaction

Session conversation retention is configurable from 7 to 90 days. After the
configured retention period, governed conversation payloads can be
redacted while metadata and evidence history remain available for
traceability and institutional review. Explicit purge operations can
remove governed conversation records, audience queries, examples,
assessments, whiteboards, and session summaries for the selected
organization scope.

## DPA Support

A Data Processing Agreement draft is available for institutions that
require defined processing instructions, security commitments,
subprocessor treatment, and incident notification terms.

## Assurance Position

- Sukma is FERPA-ready for institution-managed deployments
- Sukma operates with SOC audit-ready controls and evidence workflows
- Certification or attestation claims are not made before external audit outcomes

## Scope Boundary

These terms govern institution-managed use. Independent learner accounts
follow Sukma's Terms of Service and Privacy Notice.