Image

KNOWN KEEP LLC

Data Processing Addendum (DPA)

Last Updated: 08/01/2025

This Data Processing Addendum (“DPA”) applies to all software and services provided by Known Keep LLC (“Known Keep”) under a valid subscription or licence agreement (the “Agreement”). This DPA is incorporated by reference into the Agreement and applies automatically to all Customers.

1. Scope

1.1 This DPA applies only where and to the extent that Known Keep processes personal data on behalf of Customer in connection with the services.

1.2 Known Keep does not generally host or process Customer data. The only instances where Known Keep may host or process Customer data are:

  • Report Runner Settings Backups – Certain configuration and settings data from Known Keep’s Report Runner software may be automatically backed up locally on Customer’s machine and optionally uploaded by Known Keep to a unique AWS S3 bucket (unique per customer and per machine) for the purpose of enabling restore and recovery of the Report Runner application.

  • PDF Board Cloud Storage – For customers of Known Keep’s PDF Board mobile application, Customer may optionally elect to store PDF reports in a unique AWS S3 bucket. Known Keep provisions the bucket and credentials, which are provided to the Customer for access via a QR code on their mobile device.

1.3 Except as expressly described above, Known Keep does not host, access, or process Customer data. Known Keep’s software products are generally installed and operated in Customer’s own environment, where Customer is solely responsible for hosting and processing any data.

2. Data Retention and Backups

2.1 Known Keep may retain Report Runner settings backups and PDF Board data (as described in Section 1.2) for up to ten (10) years, or for such shorter period as Known Keep deems the data no longer necessary, or until Customer specifically requests deletion.

2.2 Known Keep is under no obligation to maintain or preserve any backup of Customer data and makes no warranties or promises that such backups will be available, current, or complete. Backups are provided solely as a convenience feature, and Customer remains responsible for maintaining its own copies of all data.

3. Processing of Data

3.1 Known Keep will process personal data solely: (a) to provide the services, and (b) in accordance with Customer’s documented instructions under the Agreement.
3.2 Known Keep will not sell or use personal data for advertising or marketing purposes.

4. Security

4.1 Known Keep will implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, use, or disclosure.
4.2 Customer remains responsible for securely operating Known Keep’s software in its own environment, including managing access credentials, maintaining its own data backups, and securing its own systems and networks.

5. Sub-Processors

5.1 Customer authorizes Known Keep to use sub-processors (including cloud hosting providers such as AWS) to provide the services.
5.2 Known Keep will ensure that sub-processors are bound by obligations no less protective than those in this DPA.

6. Data Subject Rights

6.1 If Known Keep receives a request from an individual regarding personal data contained in Customer’s backups or stored reports, Known Keep will not act on the request directly and will instead refer the individual to Customer, who is solely responsible for handling such requests.
6.2 Known Keep will provide reasonable assistance to Customer, at Customer’s expense, to fulfill such requests if legally required.

7. Data Breach

7.1 In the event of a confirmed personal data breach, Known Keep will notify Customer without undue delay after becoming aware of the breach.
7.2 Known Keep’s sole obligation is to provide information about the breach and cooperate in Customer’s compliance efforts.

8. Liability

8.1 Each party’s liability under this DPA is subject to the limitations of liability in each product's Licensing Agreement.
8.2 This DPA does not create additional warranties, indemnities, or remedies beyond those set forth in each product's Licensing Agreement.

9. Governing Law

This DPA shall be governed by and construed in accordance with the laws of the State of Texas, without regard to conflict-of-laws principles. The parties submit to the exclusive jurisdiction of the state and federal courts located in Texas.