Compliance with Data Protection Act, 2019
Both parties shall comply with all applicable obligations under the Data Protection Act, 2019 (Kenya), the Data Protection (General) Regulations, 2021, and any other applicable data protection legislation.
How Convergly protects Customer Data, complies with Kenya's Data Protection Act, and operates as a trusted processor for your association.
The following provisions govern how Convergly processes Customer Data as a service provider under applicable Kenyan data protection law.
Both parties shall comply with all applicable obligations under the Data Protection Act, 2019 (Kenya), the Data Protection (General) Regulations, 2021, and any other applicable data protection legislation.
For the purposes of this Agreement:
The Provider's primary database and platform infrastructure is hosted on Supabase, a managed cloud database and backend provider. The primary database is located in the West EU (Ireland) region, operating on Amazon Web Services infrastructure in the eu-west-1 zone. All Customer Data is stored within this infrastructure environment. The Provider shall notify the Customer in writing not less than thirty (30) days in advance of any material change to the hosting provider or the geographic location of primary data storage.
The Provider uses the following categories of standard infrastructure sub-processors to deliver the Service:
The Customer acknowledges and consents to the engagement of the above sub-processors. Where the Provider proposes to engage any additional or replacement sub-processor, it shall notify the Customer in writing not less than fourteen (14) days in advance, and the Customer may object in writing within that period if the proposed sub-processor would result in a material change to the data processing arrangements.
The Provider shall:
The AI Admin Assistant feature operates solely by querying the Customer's own data within the Service to generate responses for authorised users. The Provider warrants that:
The Customer's prior written consent is required before Customer Data may be used for any purpose beyond the provision of the Service.
The Customer shall:
Customer Data will be retained for the duration of the active subscription. Upon termination, Customer Data will be available for export for thirty (30) days from the termination date. The Provider shall make Customer Data available for export in the following standard formats: CSV, Microsoft Excel (.xlsx), and PDF, as applicable by data type. After the thirty (30) day export window, Customer Data will be securely deleted from the Provider's systems within a further thirty (30) days, unless longer retention is required by applicable Kenyan law.
Upon written request from the Customer made prior to or within the export window, the Provider shall provide reasonable technical cooperation and migration assistance to facilitate the Customer's transition to an alternative provider, at no additional charge for standard data extraction.
The Provider warrants that it maintains automated backup systems and disaster recovery infrastructure adequate to protect and restore Customer Data in the event of system failure or operational disruption. Specifically:
The Provider shall maintain reasonable security measures including, but not limited to:
The Customer shall have the right, upon not less than thirty (30) days' written notice and no more than once per calendar year, to request written confirmation and evidence of the Provider's compliance with its security and data protection obligations under this Agreement. The Provider shall respond to such requests within fifteen (15) business days and shall provide reasonable documentary evidence of its security controls, backup systems, and data processing arrangements. Where the parties agree, such audit rights may be satisfied by the Provider supplying a current third-party security assessment or equivalent compliance attestation.
Upon discovery of a personal data breach or security incident affecting Customer Data, the Provider shall, in addition to the notification obligation in Clause 4:
Questions about this policy?
Contact us at info@convergly.app for data protection enquiries.
Back to home