Skip to main content
Kinglify logo

Kinglify

The AI-Powered OS for Organisations

Legal

Kinglify Data Processing Agreement (DPA)

Version 1.0 · Last updated: 6 July 2026

0. Incorporation

This DPA is incorporated into, and forms part of, the Terms of Service accepted by the Organisation via clickwrap at sign-up.

1. Purpose

This Data Processing Agreement (“DPA”) forms part of the agreement between Kinglify (“Processor”) and the Organisation (“Controller”) and governs Kinglify’s processing of personal data on the Organisation’s behalf.

2. Definitions

  • Controller: the Organisation, which determines the purposes and means of processing its members’ personal data.
  • Processor: Kinglify, which processes personal data solely on the Controller’s documented instructions.
  • Data Subject: an individual whose personal data is processed (e.g., a church member).
  • Personal Data: any information relating to an identified or identifiable Data Subject, including sensitive categories such as data revealing religious affiliation.
  • Sub-processor: a third party engaged by Kinglify to assist in processing (see Section 6).

3. Scope and Nature of Processing

Kinglify processes the following categories of personal data on the Controller’s behalf, for the purpose of providing the Platform:

CategoryExamples
Identity dataName, title, date of birth, gender
Contact dataEmail, phone, address
Membership dataJoin date, department, membership type
Family dataMarital status, spouse name, children count
Sensitive dataPastoral notes; religious affiliation (implicit in the nature of the service)

Processing continues for the duration the Controller’s account remains active.

4. Controller Obligations

The Controller warrants that:

  • It has a valid legal basis for collecting and providing all personal data to Kinglify
  • It has obtained any necessary consents, including parental/guardian consent where data relates to a minor
  • Its instructions to Kinglify comply with applicable data protection law

5. Processor Obligations

Kinglify shall:

  • Process personal data only on the Controller’s documented instructions
  • Ensure personnel with access to personal data are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures, including:
    • Encrypted connections
    • Database-level tenant isolation (Row Level Security) preventing any Organisation from accessing another’s data
    • Restricted internal access to sensitive fields (e.g., pastoral notes limited to pastoral/admin roles)
  • Notify the Controller without undue delay upon becoming aware of a personal data breach affecting the Controller’s data
  • Assist the Controller in responding to Data Subject rights requests
  • Delete or return all personal data upon termination of services, except where retention is required by law
  • Not engage a new Sub-processor without giving the Controller a reasonable opportunity to object

6. Sub-processors

The Controller authorizes Kinglify to engage the following Sub-processors:

Sub-processorPurposeLocation
SupabaseDatabase hosting, authenticationProvider-managed — see Section 7 (International Transfers)
VercelApplication hostingProvider-managed — see Section 7 (International Transfers)
PaystackPayment processing (NGN)Nigeria
StripePayment processing (international)Provider-managed — see Section 7 (International Transfers)

7. International Transfers

Where a Sub-processor stores or processes personal data outside Nigeria, Kinglify shall ensure such Sub-processor maintains security measures materially equivalent to those described in this DPA. The Controller consents to such transfers as necessary for Kinglify to provide the Platform.

8. Data Breach Notification

Kinglify shall notify the Controller within [72] hours of becoming aware of a breach affecting the Controller’s data, including known details of the breach and mitigation steps taken.

9. Audits

Kinglify shall, upon reasonable written request no more than once per year, provide the Controller with a written summary of its security practices. Kinglify is not obligated to permit on-site audits given the shared, multi-tenant nature of the Platform, but will cooperate in good faith with reasonable information requests.

10. Liability

Liability under this DPA is subject to the same limitations set out in Section 11 (Limitation of Liability) of the Kinglify Terms of Service, which this DPA incorporates by reference.

11. Term and Termination

This DPA remains in effect for as long as Kinglify processes personal data on the Controller’s behalf under the main service agreement.

12. Contact

Data protection queries: info@kinglify.com