For procurement

Everything counsel needs, in one place.

ArthurAI is operated by Eve-Education, LLC, a wholly-owned subsidiary of MindHYVE.ai, Inc. (a Nevada C-Corporation). The platform is engineered to satisfy the substantive controls institutional procurement reviews depend on — and we've written the trust documentation in plain enough language that a counsel reviewer can verify the substance without an engineer in the room.

For executable documents, NDA-gated reports (penetration test, SOC 2 readiness summary, full subprocessor agreements, VPAT 2.5), talk to our team or write directly to hello@mindhyve.ai.

Counsel resources

  • Data Processing Agreement (DPA)

    Article 28 GDPR-aligned, with Standard Contractual Clauses for international transfer, FERPA-school-official terms for U.S. educational deployments, and regional incorporations for Kenya, Nigeria, Pakistan, EU/UK. Executable document available on request.

  • Security FAQ (30 questions)

    Encryption, identity & access, network isolation, data handling, AI safety, vulnerability management, compliance — the 30 questions every institutional security review asks, with calibrated, code-traceable answers.

  • Subprocessor list

    Every third party that processes institutional data on our behalf, with role, region, and agreement reference. Material changes are disclosed under change-control with a documented notice period.

  • Security pillars

    Engineered into the reasoning substrate, not bolted on at the application layer: encryption, identity, audit, network isolation, vulnerability management, subprocessor governance.

  • Data handling

    Categories of data, processor / controller roles, regional residency map, retention policy, deletion mechanics. No customer data is ever used for AI model training.

  • Accessibility conformance

    WCAG 2.1 AA target with automated and manual verification, Section 504 / 508 alignment, VPAT 2.5 available on request.

  • Responsible AI

    Pre-LLM and post-LLM guardrails, logging discipline (we never log conversation content), human-in-the-loop posture, training-data discipline.

  • Incident response

    Severity classification, runbook, notification cadence including 72-hour breach notification, customer communication path, post-incident review process, quarterly tabletop exercises.

  • Compliance posture

    Statute by statute: FERPA, COPPA, ADA / Section 504 / Section 508, WCAG 2.1 AA, AB-1791 and analogous state laws, GDPR, CCPA / CPRA, Kenya DPA 2019, Nigeria DPA 2023, Pakistan regime.

  • AI disclosures

    AI-disclosure language for educators, students, parents, faculty-of-record, vocational, and corporate contexts. Configurable per institution, in-line not modal, present at every AI-assisted surface.

  • SOC 2 readiness (CLE)

    Control narratives, evidence-collection automation, the audit window, the path to Type 2 attestation. Current readiness summary available under NDA.

  • Privacy policy

    Marketing-site privacy policy. SaaS portal privacy is governed by the executed institutional agreement and the DPA.

  • Terms of service

    Marketing-site terms. Use of the ArthurAI™ SaaS edition portals is governed by separate institutional agreements.

Operating entity at a glance

  • Operator. Eve-Education, LLC — wholly-owned subsidiary of MindHYVE.ai, Inc.
  • Parent. MindHYVE.ai, Inc., a Nevada C-Corporation.
  • Address. 1501 Quail Street, Suite 130, Newport Beach, CA 92660, USA.
  • Regions of operation. Newport Beach · Islamabad · Nairobi.
  • Contracting entity. Eve-Education, LLC executes institutional agreements and the DPA.
  • Trademark holder. MindHYVE.ai, Inc. owns ArthurAI, Eve-Education, Eve-Genesis, Eve-Grid, Eve-Fusion, MindHYVE, and the sister product marks.

Common procurement questions, answered

  • “Are you a controller or a processor?” Eve-Education, LLC is a processor under Article 28 GDPR. The institution is the controller.
  • “Where does our data live?” U.S. Azure regions by default. EU/Africa/Asia on request, with Standard Contractual Clauses for cross-border transfer where applicable.
  • “Will our data be used to train AI?” No. Customer data is never used for AI model training. Eve-Education capability is built on Eve-Genesis synthetic data.
  • “What is the breach notification timeline?” Within 72 hours of confirmed unauthorized access to personal data, per Article 33 GDPR and analogous regimes. See the incident response page for the full SLA matrix.
  • “Do you have SOC 2?” Type 2 readiness posture. The audit window is being defined; engagement with an independent auditor is scheduled. We do not claim attested Type 2 yet.
  • “Do you have a VPAT?” Yes — VPAT 2.5 covering WCAG 2.1, Section 508 Refresh, and EN 301 549, available on request under NDA.
  • “Can we audit you?” Yes, on documented terms (advance notice, confidentiality, scope, frequency) per the DPA.
  • “What happens at termination?” Full export followed by coordinated deletion across DB / blob / cache layers, with audit-log writes and written confirmation. Audit logs are retained per the contracted retention period.