1. Introduction

Kitjimanitou Studios Inc. (“We”) provide cloud-based Software-as-a-Service (SaaS) platforms that enable business clients (“Clients”) to manage resources, communications, and customer engagement. Our solutions may integrate with third-party services, including but not limited to WhatsApp, and are supported by infrastructure providers such as Google Cloud Platform (GCP), Microsoft Azure, Amazon Web Services (AWS), among others. By using our platform, you agree to these Terms of Service and acknowledge our Privacy Policy

2. Use of Service

Our services are offered on a subscription basis and are intended exclusively for legitimate business purposes. Clients are expected to use the platform in accordance with all applicable laws and regulations. Each client is responsible for maintaining the confidentiality of their access credentials and ensuring that their accounts are not shared or misused. Any form of misuse—including unauthorized access, reverse engineering, tampering with the platform, or engaging in unlawful data processing—is strictly prohibited and may result in immediate suspension or termination of service, as well as potential legal action.

3. Data Processing & GDPR Compliance

We act as a Data Processor on behalf of our Clients (the Data Controllers ) and process personal data only under the Client’s instructions in accordance with GDPR Article 28 .

Our obligations include:

• Processing data solely to deliver agreed services
• Implementing technical and organizational safeguards (see section 9)
• Assisting Clients with data subject rights (access, erasure, etc.)
• Notifying Clients promptly in case of a data breach
• Using subprocessors only under contract and with Client awareness

4. Subprocessors & Data Transfers

We may engage third-party subprocessors—such as cloud infrastructure providers, API service vendors, or customer support platforms—to support the delivery and functionality of our services. These subprocessors are contractually required to uphold data protection and security standards equivalent to our own, in compliance with applicable laws including the EU General Data Protection Regulation (GDPR).

Where personal data is transferred or accessed from outside the European Economic Area (EEA) , we implement appropriate legal safeguards to ensure the continued protection of that data. These safeguards may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries that have received an adequacy decision .

For data transfers involving other jurisdictions, we also consider equivalent frameworks, such as the UK GDPR , the European Union (EU) GDPR , to ensure lawful and secure handling of international data flows.

5. Data Retention

Personal data is retained only for as long as necessary to fulfill the specific purposes for which it was collected, including the delivery of our services, contractual obligations, compliance with legal requirements, and legitimate business operations such as record-keeping, fraud prevention, and dispute resolution. We regularly review the data we hold to ensure it remains necessary and relevant.

Upon contract termination or at the written request of the Client (the Data Controller), we will securely delete or anonymize all personal data associated with the Client’s account, unless continued retention is required to comply with legal obligations, enforce our agreements, or protect our legal rights (e.g., under tax, employment, or financial laws). In such cases, data will be archived in a secure, access-restricted environment until deletion is permitted.

We maintain internal retention schedules and apply technical and organizational safeguards to ensure data is securely disposed of in accordance with industry standards and applicable data protection laws, including GDPR Article 5(1)(e) , which mandates that personal data be kept no longer than necessary.

• EDPB Guidelines on Data Subject Rights (Retention & Access)
• UK ICO Guidance on Retention and Right to Erasure
• GDPR.eu Overview of Data Retention Principles

6. User Rights

Data subjects have the right to access their personal data, request rectification or deletion, object to or restrict processing, request data portability, and file complaints with a data protection authority. All such requests should be directed to the Client (Data Controller). We will support Clients in responding promptly and effectively. For assistance, please contact us at Email: kitjisupport@kitjistudios.com

7. Limitation of Liability

We are not liable for data loss or unauthorized access resulting from client-side actions or misconfigurations. Additionally, we disclaim responsibility for any indirect or consequential damages arising from service outages. Our total liability is limited to the fees paid in the 12 months preceding any claim.

8. Termination

Either party may terminate the agreement with written notice if the other party breaches these terms. Upon termination, Client data will be deleted within 30 days unless otherwise contractually specified.

9. Data Security

We implement industry-standard technical and organizational measures to protect personal data, including encrypted communications, access control, role-based permissions, and regular security audits. All systems are hosted in secure environments with strict firewall and monitoring policies.

10. Legal Basis for Processing

Where we process personal data independently (e.g. for analytics, account management, or support), we rely on legal bases such as performance of a contract, compliance with legal obligations, or our legitimate interest in improving service delivery.

11. Cookie Usage

We may use cookies or similar technologies to enhance the user experience, analyze usage, and personalize content. For more details, see our Cookie Policy.

12. Changes to Terms

We may update this policy periodically to reflect changes in our practices, legal or regulatory requirements, or improvements to our services. Any material changes that affect Clients' rights or obligations will be communicated in advance, either via email or through a prominent in-platform notification, no less than 30 days before the changes take effect. We encourage Clients to review the policy regularly. Continued use of our services after the effective date of any updates will constitute acceptance of the revised terms.

13. Governing Law

These terms are governed by and construed in accordance with the laws of Barbados. Any disputes shall be subject to the exclusive jurisdiction of the courts of that location.

14. Contact

For any questions, data access requests, or concerns, please contact our Data Protection Officer Email: privacy@kitjimanitou.com