Hive Centra Data Processing Addendum

Effective June 2026

1. Roles

This Addendum forms part of the Hive Centra Terms of Service between NLG, LLC (d/b/a Next Level Group) (“Processor”) and the Customer (“Controller”). For personal data contained in Customer Data, the Customer is the controller and Hive Centrais the processor acting on the Customer’s documented instructions.

2. Subject matter and purpose

Processing is for the sole purpose of providing the Service: storing and organizing the Customer’s contacts, deals, and communications, and generating the AI drafts, scores, and recommendations the Customer requests. Duration is the term of the subscription plus the deletion window in Section 8.

3. Categories of data and data subjects

Data subjects: the Customer’s clients, leads, and contacts. Personal data: names, contact details (email, phone, address), communication history, property interests, and related notes the Customer chooses to store. The Customer controls what it imports; the Customer must not store special-category data it is not entitled to process.

4. Processor obligations

We will: process Customer Data only on the Controller’s documented instructions; ensure personnel are bound by confidentiality; not sell Customer Data; and not use Customer Data to train any general-purpose or third-party AI model. We will assist the Controller, taking into account the nature of processing, with security, breach notice, and data-subject requests.

5. Security measures

Technical and organizational measures include encryption in transit, encryption of sensitive secrets at rest, role-based access controls, tenant isolation enforced at the data layer so one organization cannot access another’s data, audit logging, and least-privilege operational access.

6. Subprocessors

The Controller authorizes use of subprocessors to deliver the Service. Categories: cloud hosting and database; AI model provider; messaging/telephony; email delivery; payment processing; property and market data. We impose data-protection terms on subprocessors consistent with this Addendum and will give notice of any intended change so the Controller may object.

7. Data subject requests

If we receive a request from a data subject regarding Customer Data, we will refer it to the Controller and, where the Controller cannot address it through the Service’s self-service tools, provide reasonable assistance to respond.

8. Return and deletion

On termination, the Controller may export Customer Data. We will delete Customer Data within a commercially reasonable period after the export window, except backups that age out on our normal cycle and data we must retain by law.

9. Breach notification

We will notify the Controller without undue delay after becoming aware of a personal-data breach affecting Customer Data, with the information reasonably available to support the Controller’s own notification obligations.

10. International transfers

Where Customer Data is transferred across borders, the parties will rely on a lawful transfer mechanism.

11. Audits

On reasonable request and subject to confidentiality, we will make available information necessary to demonstrate compliance with this Addendum.

12. Contact

Data-protection contact: mazz@hivecentra.com. Processor: NLG, LLC (Next Level Group), 10210 Quaker Ave., Lubbock, TX 79424.