Policy Documents
ARTICLE 7: CONFIDENTIALITY
Section 7.1 Confidential Information
Both parties may share proprietary or confidential information not publicly known at the time of disclosure, including business plans, financial details, processes, designs, customer data, and more. Confidential Information can be provided in any form and is considered confidential whether explicitly marked or understood to be so by its nature. For North American clients, the enterprise app is work-related, and personal data collection is not applicable. Data collected includes prompts essential for service functionality, which are retained for improvement purposes.
Section 7.2 Obligations
The receiving party must protect Confidential Information using at least the same level of care it uses for its own confidential information, and no less than a reasonable standard of care. Pristine will ensure its personnel use ‘Named Customer’ Confidential Information only as needed to fulfill its obligations under this agreement. Any unauthorized disclosure or use of Confidential Information must be promptly reported, and corrective action specified. Neither party will share the other’s Confidential Information with third parties unless allowed under this Agreement. Since this is an enterprise application, user interaction primarily occurs in a work context, and there are no privacy violations as no personal data is collected.
Section 7.3 Exceptions
Confidentiality obligations do not apply if the receiving party can demonstrate that the information: (i) was known prior to disclosure, (ii) becomes public without breach, (iii) is independently developed, or (iv) was lawfully obtained from a third party. Legal disclosure of Confidential Information requires reasonable prior notice to the disclosing party, allowing for protective measures unless impractical.
Section 7.4 Return or Destruction
Upon request or when no longer needed, the receiving party will return or destroy all Confidential Information and provide a certification of destruction upon request.
Section 7.5 Survival
The confidentiality obligations will survive the termination or expiration of this Agreement.
ARTICLE 8: INFORMATION SECURITY
Section 8.1 Compliance and Security
Both parties will comply with applicable laws related to the handling of data. For North American clients, under the U.S jurisdiction, Pristine will implement and maintain an information security program designed to protect ‘Named Customer’ data from loss, misuse, and unauthorized access. This includes annual security training and security policy updates. Any changes to these obligations require prior written consent from ‘Named Customer.’ The application does not collect personal data, including photos, videos, or voice recordings. However, it collects prompts, which are essential to its functionality, and retains them to improve the service.
Section 8.2 Audit Rights
‘Named Customer’ reserves the right to conduct audits, at its expense, of Pristine’s information security architecture as it relates to ‘Named Customer’ data.
Section 8.3 Compliance with Policies
Pristine will adhere to ‘Named Customer’s Acceptable Use Policies, Information Security Policies, and Non-Disclosure agreements.
Section 8.4 Data Deletion
Upon contract termination, Pristine will securely delete all ‘Named Customer’ data within seven days. Since this is an enterprise application, and no personal data is stored, the data retained for R&D purposes (such as prompts) is subject to this deletion clause. Users do not provide personal information, and data retention is solely for functionality improvement.
Section 8.5 Specific Data Security Obligations
Sensitive Personal Information (SPI) should not be exchanged, but if exchanged, the following applies:
– Use of role-based security models.
– Session integrity verification.
– Data encryption (256-bit or higher) for transmission.
– Breach reporting within 48 hours.
– Audit logs retained for 90 days showing access to data.