Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between High Performance Ventures LLC, operating as KnowledgeHive ("Processor," "we," "us," or "our") and the customer ("Controller," "you," or "your") who has agreed to the Terms of Service.

This DPA reflects the parties' agreement with regard to the processing of personal data by KnowledgeHive on behalf of the Controller in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy regulations.

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
• "Sub-processor" means any third party engaged by us to process Personal Data on your behalf.
• "Data Breach" means any unauthorized access, acquisition, use, or disclosure of Personal Data.

3. Scope and Purpose of Processing

We process Personal Data solely to provide the KnowledgeHive service as described in our Terms of Service. The processing includes:

• Storing and organizing knowledge base content you upload
• Processing content through AI models to enable search and question-answering
• Generating embeddings and indexes to facilitate retrieval
• Logging and analytics for service improvement and troubleshooting
• Authenticating users and managing access controls

3.1 Categories of Data Subjects

• Your employees and team members who use the Service
• Individuals whose information may be contained in documents you upload

3.2 Types of Personal Data

• Contact information (names, email addresses)
• Professional information (job titles, departments)
• Content data (documents, files, and text you upload)
• Usage data (queries, interactions with the Service)

4. Processor Obligations

As your data processor, we commit to:

• Process Personal Data only on your documented instructions
• Ensure personnel authorized to process Personal Data are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist you in responding to Data Subject rights requests
• Assist you with data protection impact assessments when required
• Delete or return all Personal Data upon termination of the service, at your choice
• Make available information necessary to demonstrate compliance with this DPA
• Allow for and contribute to audits conducted by you or an auditor you mandate

5. Sub-processors

We use the following categories of sub-processors to provide the Service:

We will notify you of any intended changes to sub-processors, giving you the opportunity to object to such changes. Each sub-processor is bound by data protection obligations equivalent to those in this DPA.

6. Data Subject Rights

We will assist you in fulfilling your obligations to respond to Data Subject requests, including:

• Access: Providing copies of Personal Data upon request
• Rectification: Correcting inaccurate Personal Data
• Erasure: Deleting Personal Data ("right to be forgotten")
• Portability: Providing Personal Data in a portable format
• Restriction: Limiting the processing of Personal Data
• Objection: Honoring objections to processing

To exercise these rights for your organization's data, please contact us at privacy@knowledgehive.ai.

7. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Control: Role-based access controls and multi-factor authentication
• Isolation: Logical separation of customer data
• Monitoring: Continuous security monitoring and logging
• Backups: Regular encrypted backups with secure storage
• Personnel: Security training for all employees with data access
• Incident Response: Documented procedures for security incident handling

8. Data Breach Notification

In the event of a Data Breach affecting your Personal Data, we will:

• Notify you without undue delay, and in any event within 72 hours of becoming aware of the breach
• Provide information about the nature of the breach, categories of data affected, and approximate number of Data Subjects affected
• Describe the likely consequences and measures taken or proposed to address the breach
• Cooperate with you in investigating and remediating the breach
• Document all breaches and make documentation available upon request

9. International Data Transfers

Your data is processed and stored in the United States. For transfers of Personal Data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Supplementary measures as necessary to ensure adequate protection

We will provide a copy of the SCCs upon request and ensure all sub-processors maintain equivalent transfer mechanisms.

10. Duration and Termination

This DPA remains in effect for the duration of your use of our Service. Upon termination:

• We will cease all processing of your Personal Data except as required by law
• At your choice, we will delete or return all Personal Data within 30 days
• We will certify deletion upon your written request
• Obligations regarding confidentiality and data protection survive termination

11. Liability

Each party's liability arising from this DPA is subject to the limitations of liability in the Terms of Service. We shall be liable for damages caused by processing that violates applicable data protection laws or this DPA.

12. Contact Information

For questions about this DPA or to exercise data protection rights: