Data Processing Agreement
Last updated: April 27, 2026
1. Scope & Parties
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the subscribing organization ("Controller" or "you") and Holy Insights ("Processor" or "we"). This DPA applies to all personal data processed by the Processor on behalf of the Controller through the Service.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person, as defined by applicable data protection law.
- Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
- Sub-processor: A third party engaged by the Processor to process Personal Data on behalf of the Controller.
3. Data Processing Details
Categories of Data Subjects
- Church staff and administrators (account holders)
- Congregation members and attendees (demographic and attendance data)
- Volunteers
- Donors (aggregate giving data only; no individual donor identification)
Types of Personal Data
- Contact information (name, email, phone)
- Demographic data (age range, gender) imported from your Church Management System
- Attendance and participation records
- Account credentials (managed via Auth0; passwords are never stored by Holy Insights)
Purpose of Processing
Personal Data is processed solely to provide the Service as described in the Terms of Service, including generating analytics, reports, and AI-powered insights for the Controller's ministry operations.
4. Obligations of the Processor
- Process Personal Data only on documented instructions from the Controller, unless required by law.
- Ensure that persons authorized to process Personal Data have committed to confidentiality.
- Implement appropriate technical and organizational security measures (see Section 6).
- Assist the Controller in responding to data subject requests (access, rectification, deletion, portability).
- Notify the Controller without undue delay (and within 72 hours) upon becoming aware of a Personal Data breach.
- Delete or return all Personal Data upon termination of the Service, subject to the retention period in our Privacy Policy.
- Make available to the Controller all information necessary to demonstrate compliance with this DPA.
5. Sub-processors
The Controller authorizes the Processor to engage the following sub-processors. The Processor will notify the Controller at least 30 days before adding or replacing a sub-processor.
| Sub-processor | Purpose | Location |
|---|---|---|
| Auth0 (Okta) | Authentication & identity | United States |
| Railway | Application & database hosting | United States |
| Stripe | Payment processing | United States |
| Resend | Transactional email delivery | United States |
| Anthropic | AI-powered analytics (MAX) | United States |
| Planning Center | Church management system integration | United States |
The Controller may object to a new sub-processor by notifying us within 14 days. If the objection cannot be resolved, the Controller may terminate the Service.
6. Security Measures
The Processor implements the following technical and organizational measures:
- Encryption: All data encrypted in transit (TLS 1.2+) and sensitive tokens encrypted at rest (AES-256-GCM)
- Tenant Isolation: Each church's data is logically separated at the database level with automatic query scoping
- Access Control: Role-based access control with five permission tiers; least-privilege principle
- Authentication: Delegated to Auth0 with support for SSO and MFA
- Audit Logging: Administrative actions are logged with timestamps, user identity, and affected resources
- Infrastructure: Hosted on Railway with automated backups, redundancy, and monitoring
- Incident Response: Documented procedures for detecting, containing, and reporting security incidents
7. Data Subject Rights
The Processor will assist the Controller in fulfilling data subject requests under applicable law, including requests for access, rectification, erasure, restriction, portability, and objection. The Processor will respond to such assistance requests within 10 business days.
8. Data Breach Notification
In the event of a Personal Data breach, the Processor will:
- Notify the Controller within 72 hours of becoming aware of the breach
- Provide details of the nature of the breach, categories of data affected, approximate number of data subjects affected, and measures taken to address the breach
- Cooperate with the Controller in investigating and mitigating the breach
- Document the breach and remediation steps taken
9. International Transfers
All data is currently processed and stored within the United States. If data is transferred to a jurisdiction outside the United States, the Processor will ensure appropriate safeguards are in place in accordance with applicable data protection law.
10. Term & Termination
This DPA is effective for the duration of the Service agreement. Upon termination, the Processor will delete all Personal Data within 90 days unless retention is required by law. The Controller may request earlier deletion or a copy of their data before deletion occurs.
11. Governing Law
This DPA is governed by the same laws as the Terms of Service (State of Tennessee). Where applicable data protection laws require additional protections, those protections shall apply.
12. Contact
For questions about this DPA or to exercise data protection rights:
privacy@holyinsights.org