You are currently viewing the latest revision of this document

We are always transparent about our policies, and keep them on Github so you can track any changes. To browse the full history of changes, ask questions or suggest ammendments please join us on Github

Third Party App Developer Agreement

Assembly is committed to raising the standards of privacy and security applied to the management of education data, and we know our partners share this commitment. Therefore, we have created this Developer Agreement, which sets out a range of commitments that both Assembly and our Third Party Developer partners agree constitute good practice. You should also read this document in conjunction with our Glossary of Terms.

We’ve tried to keep this agreement as readable and user-friendly as possible. We have, however, stuck to some conventional legal document practices (such as capitalisation of ‘You’ and ‘Us’ in relation to each party) where it’s helpful for clarity.

Who do these terms apply to?

This agreement is between You, a Third Party Developer and Assembly Partner, and Assembly. If you do not, or cannot, agree to these terms you should not use the Assembly platform.

Our commitment to You

Assembly are committed to providing the highest quality tools for the purposes of education and school improvement. Therefore, with respect to data security and privacy, we will not ask you to accept anything that we ourselves are unable to accept. Like you, we agree to comply with the Data Security and Privacy Pledge below. Our Terms of Service incorporate the standards outlined in the pledge, as well as additional commitments that we make to schools.

Your commitment to Assembly

As an Assembly Partner, You agree to comply with the following pledge at all times:

Data Security and Privacy Pledge

Assembly and You both agree to:

  • Act in one of the following capacities Data Processor/Sub Processor or Data Controller. Assembly will always be a Data Processor/Sub Processor
  • Process the data received from schools for the purposes of education and school improvement only, and only for those purposes necessary to provide the service explicitly offered to schools
  • Adhere strictly to the terms of the Data Protection Act 1998 and any future amendments or applicable legislation, including legislation arising from the General Data Protection Regulation (GDPR), which is enforceable from May 2018 onwards
  • Only store and process the minimum data required to provide our services
  • Transport and store all personal data originating from schools using modern and best practice encryption technologies. At a minimum, this will include Secure Socket Layers (SSL/TLS) for encrypted data transfer over the internet, encryption of all data at rest, and password-protected identities for all end users
  • Comply with all Subject Access Requests made against the data stored
  • Ensure that all staff spending time in schools hold a valid Disclosure and Barring Service certificate
  • Ensure that all data is held securely, with pseudonymisation where appropriate; take steps to ensure that data is not corrupted or lost; and offer a way of restoring access to data in the event of a physical or technical incident
  • Only retain data for as long as is required to accurately provide the service explicitly offered to schools
  • Delete personal data where no longer required to provide the service explicitly offered to schools, or where requested by a Data Controller
  • Always maintain adequate liability insurance
  • Audit our services against this pledge periodically and provide evidence of compliance to the other party whenever requested
  • Report any significant breaches of security to our users, each-other, and the Information Commissioner’s Office (ICO) and other authorities without undue delay and within 72 hours
  • Make Terms of Service and Privacy Policies clearly, and publicly, available on our websites
  • Ensure that all employees and subcontractors are aware of, and abide by, this agreement and all applicable Terms of Service and Privacy Policies

Assembly and You both agree NOT to:

  • Store or transport personal or sensitive data outside of the EEA or outside of countries which are granted to have Adequate Levels of Protection as defined by the European Commission
  • Use the school data made available via the Assembly platform for the purposes of advertising or marketing, or for any purpose other than the service explicitly provided to schools, or where agreed by schools on a case by case basis
  • Transport personal data originating from schools in an unencrypted format
  • Access, attempt to access, or inspect any data without the Data Controller’s express permission
  • Claim ownership or exclusive rights over any of the data processed or created as part of services provided to schools
  • Share information with other third parties except where specifically agreed by schools or where required by law
  • Change any Terms of Service or Privacy Policies without giving schools the opportunity to opt-out of such changes


As a Third Party App Developer you agree to:

  • Pass data back to the Assembly Platform securely, and using using modern and best practice encryption technologies, in the event that there is a mutually agreed purpose for you to do so
  • Provide Assembly with links to your Terms of Service and Privacy Policy, and notify Assembly of changes you intend to make to these documents before they are made active
  • Ensure that your Assembly account details are kept secure at all times and notify Us of any unauthorised use of your password or account or other breaches of security
  • State in Your privacy policy what will happen to any school or pupil data should You stop using the Assembly connector for any reason

As a Third Party App Developer you agree NOT to:

  • Attempt to access the platform in any way other than the purpose for which you have been granted permission

If You do not comply with any part of this agreement, Assembly reserve the right to suspend or terminate Your access to the Assembly platform with immediate effect.

If Assembly terminate Your access to the Assembly platform due to breach of this agreement, You agree to delete all data provided to You through the Assembly platform within three working days.

Assembly reserve all rights in our intellectual property and You may not use our intellectual property (code, trademarks or other material) without Our consent.

Assembly and You both agree:

  • that no failure or delay to exercise any right or remedy under this agreement or by law shall constitute a waiver of that right or any other right or remedy.
  • that if any part of this agreement becomes invalid it will be modified to the minimum extent necessary to make it valid. If Assembly cannot agree this with you, the relevant provision shall be deleted. Any modification to or deletion of a provision shall not affect the validity of the rest of the agreement.
  • that any dispute or claim arising out of or relating to this agreement that cannot be resolved by negotiation within 14 days shall be resolved through arbitration. Either party shall give notice of seeking a resolution through arbitration using the CEDR procedure and English law. Either party may seek an interim remedy in court if necessary.
  • that any dispute or claim arising out of or relating to this agreement shall be governed by the law of England and that the courts of England shall have exclusive jurisdiction provided that Assembly can take action in other places if You are in breach of this agreement
  • that products, services and communications must not:
    • be defamatory, obscene, offensive, discriminatory, hateful or inflammatory or promote violence or illegal activity;
    • be likely to cause annoyance, inconvenience or needless anxiety for any schools; infringe any copyright or trademark held by another party;
    • be likely to deceive;
    • be in contradiction of any legal duty owed to a third party; misrepresent Our organisation or Ourselves;
    • imply any representation by You.

Warranties and Liabilities

You accept that you will maintain and support any applications You develop which are provided through the Assembly platform.

You accept that Assembly is provided to You on an “as is” and “as available” basis. The Assembly platform is provided to You without guarantees or warranties. Assembly makes no guarantee that the website, the platform or any of our tools are error free or that access will be continuous or uninterrupted.

Assembly shall not, under any circumstances, be liable to You, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with this agreement for: loss of profits, sales, business, or revenue (direct or indirect); business interruption; loss of anticipated savings; loss or corruption of data or information; loss of business opportunity, goodwill or reputation; or, any indirect or consequential loss or damage. Assembly are not excluding liability for death or personal injury caused by negligence, breach of any implied term and any other matter for which it would unlawful to exclude liability.