Know Reply Know Reply
Login / Signup

Data Processing Agreement

Last updated: February 1, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between Know Reply ("Processor" or "we") and the customer ("Controller" or "you") for the use of the Know Reply AI-powered email intelligence platform. This DPA applies where Know Reply processes personal data on your behalf in the course of providing the Service.

1. Scope of Processing

Know Reply processes personal data solely for the purpose of providing the Service as described in our Terms of Service. This includes receiving email content submitted by you, analyzing that content using AI models to generate suggested responses, storing processing history, and delivering the Service through our platform at app.knowreply.ai. We do not process personal data for any purpose other than delivering the Service as instructed by you.

2. Categories of Data

The categories of personal data processed through the Service may include:

  • Email content: Subject lines, body text, and attachments submitted for AI processing
  • Email metadata: Sender and recipient names, email addresses, timestamps, and email headers
  • Customer PII in emails: Any personally identifiable information contained within the emails you submit, which may include names, addresses, phone numbers, and other personal details of your contacts or customers
  • Account data: Your name, email address, company name, and billing information
  • Usage data: Logs of your interactions with the Service, including feature usage and processing timestamps

3. Processor Obligations

As a data processor, Know Reply commits to the following obligations:

  • Process personal data only on your documented instructions, unless required by applicable law
  • Ensure that all personnel authorized to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures as described in Section 5
  • Assist you in fulfilling your obligations to respond to data subject rights requests
  • Make available all information necessary to demonstrate compliance with this DPA and allow for audits
  • Notify you without undue delay upon becoming aware of a personal data breach
  • Delete or return all personal data upon termination of the Service, at your election

4. Sub-Processors

Know Reply uses the following sub-processors to deliver the Service:

  • Cloud infrastructure providers: For hosting, storage, and compute resources used to operate the platform
  • AI model providers: For processing email content and generating AI responses
  • Stripe: For payment processing and subscription management
  • Email service providers: For sending transactional emails (e.g., account notifications and billing confirmations)

We will notify you before engaging any new sub-processor that processes personal data. You may object to a new sub-processor within 30 days of notification. If we cannot reasonably accommodate your objection, either party may terminate the affected portion of the Service. A current list of sub-processors is available upon request at support@knowreply.ai.

5. Data Security Measures

Know Reply implements and maintains the following technical and organizational security measures to protect personal data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: All stored data, including email content and account information, is encrypted using AES-256 encryption
  • Access controls: Role-based access controls, multi-factor authentication for administrative access, and principle of least privilege
  • Infrastructure security: Network segmentation, firewalls, intrusion detection systems, and regular vulnerability scanning
  • SOC 2 compliance: Know Reply is pursuing SOC 2 Type II certification and implements controls aligned with the AICPA Trust Services Criteria for security, availability, and confidentiality
  • Employee security: Background checks for employees with access to personal data, regular security training, and signed confidentiality agreements

6. Breach Notification

In the event of a personal data breach, Know Reply will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach. We will cooperate fully with you in investigating and remediating any breach.

7. Data Deletion

Upon termination of the Service or upon your written request, Know Reply will delete all personal data processed on your behalf within 30 days, unless retention is required by applicable law. We will provide written confirmation of deletion upon request. Email content submitted for AI processing is automatically deleted after 90 days in the normal course of operations.

8. Audit Rights

You have the right to audit Know Reply's compliance with this DPA. Audits may be conducted by you or a qualified third-party auditor, subject to reasonable advance notice (at least 30 days), confidentiality obligations, and scheduling during regular business hours. Know Reply will cooperate with reasonable audit requests and provide access to relevant records, facilities, and personnel. We may satisfy audit requests by providing copies of relevant certifications, audit reports (such as SOC 2 reports), or other documentation demonstrating compliance.

9. International Transfers

Where personal data is transferred outside the European Economic Area, Know Reply ensures adequate safeguards are in place through Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

10. Contact Us

For questions about this Data Processing Agreement or to request a signed copy, please contact us at support@knowreply.ai.