← Back to home

Data Processing Addendum — Brain by AIVM

Processor / Provider: ChainGPT AI S.A., a company incorporated in the Republic of Panama ("AIVM", "we", "us").

Customer: the organization that has accepted the Terms of Service ("Customer", "you", the "Controller").

Effective date: 20 June 2026. Last updated: 27 June 2026.

This Data Processing Addendum ("DPA") forms part of, and is governed by, the Terms of Service between
you and AIVM (the "Agreement"). It applies where AIVM processes Personal Data contained in Customer
Content on your behalf. If a conflict exists between this DPA and the Agreement on the subject of data
protection, this DPA controls. Capitalized terms not defined here have the meaning given in the Agreement.

1. Definitions

  • Data Protection Law means all laws applicable to the processing of Personal Data under the Agreement, including the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK GDPR, and the California Consumer Privacy Act as amended ("CCPA/CPRA").
  • Personal Data, Controller, Processor, Sub-processor, Data Subject, and Processing have the meanings given in the GDPR.
  • Customer Content means the documents and connected-source data you authorize AIVM to ingest, and the answers synthesized from them, as described in the Agreement.
  • Standard Contractual Clauses (SCCs) means the clauses approved by the European Commission (Decision 2021/914), and, for UK transfers, the UK International Data Transfer Addendum.

2. Roles of the parties

  • For Customer Content, you are the Controller (or a processor acting for your own customer) and AIVM is the Processor. AIVM processes Personal Data in Customer Content only to provide the Service and only on your documented instructions.
  • For account and member data that AIVM needs to operate the Service (billing, security, abuse-prevention), AIVM acts as an independent Controller, as described in the Privacy Policy.
  • Under the CCPA/CPRA, AIVM acts as a Service Provider: it does not sell or share Personal Data, and does not retain, use, or disclose it for any purpose other than performing the Service.

3. Customer instructions

  • The Agreement, this DPA, and your configuration and use of the Service are your complete and documented instructions for the processing of Personal Data. AIVM will not process Personal Data for any other purpose unless required by law, in which case it will inform you first unless legally prohibited.
  • AIVM does not use Customer Content to train foundation models, and does not sell Customer Content.
  • You are responsible for the lawfulness of the Personal Data you provide and for having the necessary rights, consents, and notices to authorize the processing.

4. Confidentiality

AIVM ensures that personnel authorized to process Personal Data are bound by appropriate confidentiality obligations and are granted access on a least-privilege, need-to-know basis.

5. Security measures

AIVM maintains the technical and organizational measures in Annex II, designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access, appropriate to the risk (GDPR Art. 32).

6. Sub-processors

  • You provide general authorization for AIVM to engage the Sub-processors listed in Annex III to process Customer Content.
  • AIVM imposes data-protection obligations on each Sub-processor that are no less protective than those in this DPA, and remains liable for its Sub-processors' performance.
  • AIVM will give you notice (by the in-product sub-processor list and/or email to your administrators) before adding or replacing a Sub-processor that processes Customer Content. You may object on reasonable data-protection grounds within 30 days; if the parties cannot resolve the objection, you may terminate the affected Service as your sole remedy.

7. Assistance to the Controller

Taking into account the nature of the processing, AIVM will assist you, by appropriate technical and organizational measures and insofar as possible, to:

  • respond to Data Subject requests (access, rectification, erasure, restriction, portability, objection). The Service's self-service controls (member management, document deletion, query-text redaction, digest-only mode) are the primary mechanism; AIVM supports requests these cannot satisfy.
  • meet your obligations to secure processing, notify breaches, conduct data protection impact assessments, and consult supervisory authorities.

8. Personal Data breach

AIVM will notify you without undue delay, and in any case within 72 hours, after becoming aware of a Personal Data breach affecting Customer Content, and will provide the information reasonably available to help you meet your own notification obligations. AIVM's notification is not an acknowledgment of fault.

9. Audit

  • AIVM will make available the information necessary to demonstrate compliance with this DPA, including third-party audit reports and security documentation, on request.
  • Where that is insufficient to satisfy a documented regulatory requirement, AIVM will allow an audit by you (or an independent auditor you mandate, bound by confidentiality), on reasonable prior notice, no more than once per year, during business hours, without unreasonably disrupting AIVM's operations.

10. International transfers

Where AIVM processes Personal Data subject to GDPR/UK GDPR and transfers it to a country without an adequacy decision, the Standard Contractual Clauses (with the UK Addendum where applicable) are incorporated into this DPA by reference and apply to that transfer. For the Module Two (Controller-to-Processor) Clauses: the data exporter is Customer, the data importer is AIVM; the optional docking clause applies; the audit and sub-processor terms of this DPA apply; the governing law and forum follow the Clauses; and Annexes I–III below populate the Clauses' appendices.

11. Deletion and return

On termination or expiry of the Agreement, AIVM will delete Customer Content within 30 days, except (a) the content-blind audit ledger (cryptographic digests and metadata, no content body), which is retained for up to 12 months to preserve the integrity of the trail, and (b) where retention is required by law. On request before deletion, AIVM will make Customer Content available for export.

12. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability in the Agreement.

---

Annex I — Details of processing

  • Subject matter: provision of the Brain by AIVM governed knowledge service.
  • Duration: the term of the Agreement, plus the deletion/retention periods in Section 11.
  • Nature and purpose: ingesting and indexing authorized sources; enforcing access governance and tenant isolation; synthesizing answers from authorized content; maintaining a content-blind audit trail; rate-limiting and abuse prevention; support.
  • Types of Personal Data: any Personal Data contained in the documents and connected sources you authorize, plus member identifiers (email, name, role, department) and authentication identifiers. You control what content enters the Service.
  • Categories of Data Subjects: your personnel, contractors, and any individuals referenced in the content you authorize.
  • Special categories: not intended; you are responsible for not submitting special-category data except under your own lawful basis and configuration.
  • Frequency: continuous, for the duration of the Agreement.

Annex II — Technical and organizational measures

  • Tenant isolation enforced at the database layer via PostgreSQL row-level security under a non-superuser application role, with the tenant bound from the verified session — never from request input.
  • Access governance: least-privilege, relationship/attribute-based authorization applied to every query and write; filter-before-retrieval so out-of-policy content is never surfaced.
  • Content-blind audit ledger: a tamper-evident hash-chain over cryptographic digests and metadata; answer bodies are never stored; query text is excluded from the integrity chain and can be redacted, with an optional digest-only mode.
  • Encryption: in transit (TLS); secrets (invite tokens, agent keys) stored only as salted hashes; connector credentials stored to maintain the connection.
  • Operational: rate-limiting and abuse protection; error and access logging without content; optional OpenTelemetry traces carrying governance/usage attributes and no content.
  • Organizational: least-privilege personnel access under confidentiality obligations; change management through version control and review.

Annex III — Approved Sub-processors

  • Render (United States, Oregon) — application hosting, managed PostgreSQL and Redis. Processes account data, Customer Content, and the audit ledger, per-tenant isolated.
  • WorkOS — SSO / directory authentication. Processes member identifiers.
  • Anthropic — answer synthesis (default hosted model). Processes the authorized content for a given query; does not train on data submitted through its API.
  • Resend — invite and notification email delivery. Processes member email addresses.
  • Connector platforms you authorize (e.g. Slack, GitHub, Box, Confluence, Salesforce, Telegram) — process the sources you choose to connect.

A current Sub-processor list is available on request and is updated before a new Sub-processor that processes Customer Content is added.

Contact

ChainGPT AI S.A., Republic of Panama. Data protection contact: privacy@chaingpt.org.

This DPA is a template provided for convenience and does not constitute legal advice. Have it reviewed by counsel before relying on it for a specific engagement.