Hive LineHIVE LINEHive Line

Data Processing Agreement

Last Updated: 24-05-2026

This Data Processing Agreement ("DPA") forms part of the agreement between No31AB ("Hive Line", "Processor") and the customer ("Controller") and applies whenever Hive Line processes personal data on the Controller's behalf in connection with the Services.

1. Roles and Scope

The Controller determines the purposes and means of processing. Hive Line acts as Processor and processes personal data only on documented instructions from the Controller, including with regard to transfers to a third country.

2. Categories of Data & Data Subjects

  • Data subjects: the Controller's customers, prospects, employees, and end-callers/end-recipients.
  • Categories of data: identifiers (name, email, phone), call audio and metadata, transcripts, summaries, SMS and email content, calendar entries, appointment data, and any data the Controller chooses to upload.

3. Sub-processors

The Controller authorises Hive Line to engage sub-processors. The current list is maintained at /sub-processors. Hive Line will give 30 days' notice of any new sub-processor and provides an objection mechanism by email to hello@hiveline.live.

4. International Transfers

Where personal data is transferred outside the EEA, Hive Line relies on the European Commission's Standard Contractual Clauses (SCCs, Module 2 or Module 3 as applicable) and implements supplementary measures including encryption in transit and at rest.

5. Security Measures

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control, least-privilege, audit logging.
  • Row-Level Security on all tenant data.
  • Backups with documented retention and disaster recovery.
  • Vendor assessment for all sub-processors.

6. Personal Data Breach

Hive Line will notify the Controller without undue delay and within 72 hours after becoming aware of a personal data breach affecting Controller data, with the information required by Art. 33(3) GDPR to the extent known.

7. Data Subject Rights

Hive Line will assist the Controller, by appropriate technical and organisational measures, in responding to requests from data subjects to exercise their rights under GDPR.

8. Return or Deletion

On termination of the Services, Hive Line will, at the Controller's choice, return or delete all personal data, except where retention is required by Union or Member State law.

9. Audits

Hive Line will make available to the Controller all information necessary to demonstrate compliance and will allow audits, including inspections, with reasonable prior notice and under confidentiality.

10. Contact

To execute a signed DPA or for questions, email hello@hiveline.live.