Data Processing Agreement

This Data Processing Agreement (“DPA”) supplements the Terms of Service and the Privacy Policy. It applies whenever you, as a landlord using Stimafy, store personal data about your tenants in the Service. It is written to align with the Kenya Data Protection Act 2019 and recognises that tenant data is personal data subject to that Act.

1. Roles

• You (the landlord) are the Data Controller. You decide which tenants to record, what details to enter, and for what purpose.
• Stimafy is the Data Processor. We store and process tenant data on your written instruction, which is your continued use of the Service.

2. Categories of data we process for you

• Tenant name, phone number, and (optional) email address
• The unit a tenant currently occupies, and history of moves
• Monthly meter readings (previous and current kWh)
• Computed bill amounts and payment status
• The text of WhatsApp messages we help you compose

Stimafy does not process special-category personal data (health, religion, sexual orientation, etc.) about tenants. Do not enter such data into the Service.

3. Purposes of processing

We process tenant data only to provide you with the Service: storing it, calculating bills from it, and rendering invoice messages and dashboards from it. We do not process tenant data for any other purpose without your explicit further instruction.

4. Security measures

We take the following measures to protect tenant data:

• Encryption at rest: Aurora PostgreSQL uses AWS-managed KMS encryption for all stored data, including database snapshots.
• Encryption in transit: All connections to the Service (HTTPS to Amplify Hosting, then to AWS Data API) use TLS 1.2 or higher.
• Access control: Application-level authorisation ensures each landlord can only see their own records (every query is scoped to the landlord ID derived from a verified Cognito ID token).
• Infrastructure access: Direct database access is restricted to a small number of administrators using IAM roles with multi-factor authentication.
• Network isolation: The Aurora cluster lives in a private VPC subnet with no public internet route; it is only reachable via the AWS RDS Data API endpoint.
• Backups: Daily automated backups with 7-day retention. Backups inherit the same encryption.
• Deletion protection: Production database has deletion protection enabled to prevent accidental data loss.

5. Sub-processors

We use the sub-processors listed in our Privacy Policy, section 5. We will notify you before adding a new sub-processor. Each sub-processor is bound by their own data-protection commitments equivalent to or stronger than these.

6. Cross-border transfers

Tenant data is stored in AWS af-south-1 (Cape Town, South Africa). This is the closest AWS region to Kenya. The Service's web tier runs in eu-west-1 (Ireland); when it queries the database, the data crosses regions but remains within AWS's encrypted private network. Tenant data is not stored permanently outside Africa.

7. Tenant rights (data subject requests)

Your tenants have rights under the Data Protection Act to access, correct, or delete their data. As the Data Controller, you are primarily responsible for responding to these requests.

Stimafy provides the tools you need:

• Access: Every detail we hold about a tenant is visible to you in the Tenants section of the application.
• Correction: Edit a tenant's details from Tenants → Edit.
• Deletion: Delete a tenant from the Tenants list. This removes their record and ends any unit assignments, but retains historical bills (which may be required for your own accounting).

If you need full removal of historical bills, email support@stimafy.online with the request.

8. Personal data breach notification

If Stimafy becomes aware of an actual or suspected breach affecting tenant data, we will notify affected landlords within 72 hours, with the information needed for you to meet your own obligations under section 43 of the Data Protection Act (notification to the ODPC and to data subjects where required).

9. Audit rights

On reasonable written notice, you may request information sufficient to verify our compliance with this DPA. We will respond with appropriate detail. Given that we are a single-tenant SaaS, formal on-site audits are not practical; we offer documentation and attestations instead.

10. End of agreement

When you stop using Stimafy or request account deletion, we delete all your landlord data and the tenant records you added within 30 days. Server logs containing technical identifiers may persist for up to 90 days for security purposes. After that, all personal data is purged.

11. Contact

For DPA-related questions or to request a Data Protection Impact Assessment input: support@stimafy.online