Data Processing Agreement

Version 1.0
Last revised on December 17, 2024

This Data Processing Agreement (“DPA”) is entered into between Knolli AI, Inc. (“Processor” or “Knolli”) and any entity or individual (“Controller” or “You”) that uses Knolli’s services and uploads personal data as part of their activities. This DPA governs the processing of personal data under applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. Definitions

Personal Data: Any information that identifies or can be used to identify an individual, as defined under GDPR or other applicable data laws.

Processing: Any operation performed on Personal Data, such as collection, storage, access, transfer, or deletion.

Controller: The entity that determines the purposes and means of processing Personal Data.

Processor: The entity that processes Personal Data on behalf of the Controller.

Subprocessor: Third-party entities engaged by the Processor to process Personal Data.

Data Protection Laws: GDPR, CCPA, UK Data Protection Act, and other applicable privacy laws.

2. Scope of Processing

Knolli processes Personal Data solely on behalf of the Controller as part of providing its platform and services. The purpose, nature, and duration of processing are as follows:

1. Purpose: To provide Knolli’s AI-powered platform for building, managing, and deploying AI copilots.

2. Nature: Collection, storage, and analysis of Personal Data uploaded by the Controller.

3. Categories of Data Subjects: End-users, customers, employees, or other individuals whose Personal Data is shared.

4. Categories of Personal Data:

• Identifying information (e.g., name, email address, phone numbers).

• Uploaded content and knowledge bases that may contain Personal Data.

• Usage data, system logs, and analytics data.

5. Duration: Personal Data will be processed for the duration of the Controller’s subscription or until deleted per Controller’s request.

Knolli does not own, control, or make decisions about the Personal Data processed on behalf of the Controller.

3. Controller Responsibilities

As the Controller, you agree that:

1. You have the legal right and necessary permissions to upload Personal Data to Knolli.

2. You will comply with all applicable Data Protection Laws regarding the collection, transfer, and use of Personal Data.

3. You are responsible for the accuracy, legality, and content of Personal Data shared with Knolli.

4. Processor Obligations

Knolli, as the Processor, agrees to:

4.1 Process Data Only on Instructions

• Process Personal Data only on the documented instructions of the Controller unless required to do otherwise by applicable law.

4.2 Confidentiality

• Ensure all employees, contractors, and subprocessors who process Personal Data are subject to confidentiality obligations.

4.3 Security Measures

• Implement appropriate technical and organizational measures to protect Personal Data from unauthorized access, alteration, or destruction. These measures include:

• Data encryption (in transit and at rest).

• Firewalls, access controls, and regular system audits.

• Secure storage and pseudonymization of Personal Data, where applicable.

4.4 Subprocessing

• Knolli may engage third-party subprocessors to process Personal Data on its behalf.

• A current list of subprocessors will be maintained and made available upon request.

• Knolli will notify the Controller of any new subprocessors and give the Controller the opportunity to object.

• Knolli ensures that subprocessors are subject to data protection obligations equivalent to this DPA.

4.5 Data Subject Requests

• Assist the Controller in responding to Data Subject Rights Requests (e.g., access, correction, erasure) under GDPR.

• If Knolli receives a direct request, it will notify the Controller without responding unless legally required.

4.6 Data Breach Notification

• Notify the Controller without undue delay (and no later than 72 hours) of any unauthorized access, security breach, or loss of Personal Data.

• Provide sufficient details of the incident, including:

• Nature of the breach.

• Categories and volume of affected data.

• Mitigation steps taken and measures to prevent recurrence.

4.7 Data Deletion and Return

• Upon termination of services, Knolli will delete or return Personal Data as requested by the Controller, unless legally required to retain it.

5. International Transfers

Knolli will process Personal Data in compliance with applicable data transfer requirements, including:

EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) when transferring data outside the European Economic Area (EEA).

• Ensuring equivalent protection for Personal Data in all jurisdictions where it is processed.

6. Audits and Compliance

At the Controller’s request, Knolli will:

• Provide documentation of its compliance with this DPA and applicable Data Protection Laws.

• Allow for audits or inspections by the Controller or a third-party auditor (subject to confidentiality agreements).

• Audits must be limited to once per year and conducted during normal business hours with reasonable notice.

7. Liability

Knolli’s liability arising under this DPA is governed by the liability limitations outlined in the Terms of Use. The Controller is responsible for damages resulting from unlawful, unauthorized, or non-compliant processing of Personal Data under its control.

8. Termination

This DPA remains in effect for the duration of the Controller’s use of Knolli services. Upon termination, Knolli will ensure the secure deletion of Personal Data in accordance with this agreement.

9. Governing Law

This DPA is governed by and construed in accordance with the laws of the jurisdiction set forth in Knolli’s Terms of Use.

10. Contact Information

If you have questions about this DPA or need to make requests regarding Personal Data processing, please contact us:

CodeConductorAI, Inc.

Email: legal@knolli.ai

Address: 23 Railroad Ave #971, Danville, CA 94526