Back to Home

Data Processing Addendum

Effective Date: January 1, 1988

Your Data, Your Rights

This Data Processing Addendum (DPA) explains how we collect, process, and protect your personal data in accordance with our commitment to transparency and your privacy rights.

1. Introduction & Scope

This Data Processing Addendum ("DPA") forms an integral part of our Privacy Policy and governs the processing of personal data collected through keeperofthefiyah.com ("the Site"). This DPA applies to all data subjects whose personal data we process, including:

  • Newsletter subscribers (INSPIYAH MAIL)
  • Website visitors
  • Contact form submitters
  • Any individual whose data we process in connection with our services

2. Definitions

2.1 Key Terms

  • Data Controller: CT / KEEPER OF THE FIYAH, who determines the purposes and means of processing personal data
  • Data Subject: Any identified or identifiable natural person whose personal data we process
  • Personal Data: Any information relating to an identified or identifiable individual, including but not limited to: name, email address, IP address, usage data
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion
  • Data Processor: Any third party that processes personal data on our behalf (currently: MongoDB for database services)

3. Data We Collect & Process

3.1 Data You Provide

Email Subscription (INSPIYAH MAIL)

  • Email address
  • Subscription timestamp
  • Subscription source (portfolio_website)
  • Subscription status (active/inactive)

Contact Forms (Future)

  • Name
  • Email address
  • Message content
  • Submission timestamp

3.2 Data We Collect Automatically

Analytics Data

  • Welcome Gate view count (anonymous - no personal identifiers)
  • Page views (aggregate counts only)
  • Browser session data (temporary, not stored)

Note: We do NOT collect IP addresses, device IDs, or tracking cookies beyond functional session management.

4. Purpose of Processing

We process personal data solely for the following legitimate purposes:

4.1 Email Newsletter Service (INSPIYAH MAIL)

  • Sending spiritual insights, YAHFFIRMATIONS, and content updates
  • Managing subscription status and preferences
  • Providing unsubscribe functionality

Legal Basis: Consent (explicit opt-in)

4.2 Website Analytics

  • Understanding site engagement and visitor counts
  • Improving user experience and content
  • Measuring conversion rates (visitors to subscribers)

Legal Basis: Legitimate interest (website improvement)

4.3 Communication & Support (Future)

  • Responding to inquiries and requests
  • Providing customer support
  • Processing feedback and suggestions

Legal Basis: Consent & legitimate interest

🚫 What We Will NEVER Do:

  • Sell, rent, or trade your personal data to third parties
  • Use your data for AI training or machine learning
  • Share your data for marketing purposes without explicit consent
  • Process your data for purposes other than stated above

5. Data Security Measures

Our Security Commitment

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration.

5.1 Technical Measures

  • Encryption: All data transmitted via HTTPS/TLS encryption
  • Database Security: MongoDB hosted with secure authentication and access controls
  • Access Controls: Password-protected analytics dashboard with token-based authentication
  • Session Management: Secure token generation with 24-hour expiration
  • Regular Updates: Software and security patches applied promptly

5.2 Organizational Measures

  • Access Limitation: Only authorized personnel have access to personal data
  • Data Minimization: We collect only data necessary for stated purposes
  • Regular Reviews: Quarterly security and privacy assessments
  • Incident Response: Documented procedures for data breach response

6. Data Retention

Email Subscribers

Retention Period: Until you unsubscribe or request deletion
Deletion: Within 30 days of unsubscribe request
Inactive Accounts: Accounts inactive for 2+ years will be reviewed for deletion

Analytics Data

Retention Period: Indefinitely (aggregate counts only, no personal data)
Note: This data is anonymous and cannot be tied to individuals

Authentication Tokens (Analytics Login)

Retention Period: 24 hours
Automatic Deletion: Expired tokens are automatically removed from database

7. Your Data Rights

As a data subject, you have the following rights regarding your personal data:

✓ Right to Access

Request a copy of all personal data we hold about you

✓ Right to Rectification

Correct any inaccurate or incomplete personal data

✓ Right to Erasure

Request deletion of your personal data ("right to be forgotten")

✓ Right to Restrict Processing

Limit how we process your personal data

✓ Right to Data Portability

Receive your data in a structured, machine-readable format

✓ Right to Withdraw Consent

Unsubscribe or withdraw consent at any time

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: success@keeperofthefiyah.com

Subject line: "Data Rights Request - [Your Name]"

We will respond to all valid requests within 30 days.

8. Third-Party Data Processors

We engage the following third-party processors to help us provide our services:

Current Data Processors

MongoDB Atlas

Purpose: Database hosting and management

Data Processed: Email addresses, subscription data, analytics counts

Location: United States

Security: SOC 2 Type II certified, encryption at rest and in transit

Emergent Cloud Services

Purpose: Application hosting and infrastructure

Data Processed: Website content, session data (temporary)

Location: United States

Security: HTTPS/TLS encryption, secure container infrastructure

All processors are bound by data processing agreements that ensure they process personal data only in accordance with our instructions and implement appropriate security measures.

9. International Data Transfers

Your personal data may be transferred to and processed in the United States, where our servers and service providers are located. We ensure that any international transfers comply with applicable data protection laws.

For EU/UK Data Subjects: Data transfers are based on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards as required by GDPR.

10. Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will:

  • Assess the breach: Determine the scope, nature, and risk level within 24 hours
  • Notify authorities: Report to relevant data protection authorities within 72 hours (as required)
  • Notify affected individuals: Inform you directly via email within 72 hours if high risk
  • Provide guidance: Offer clear instructions on protective measures you can take
  • Remediate: Implement measures to prevent future breaches

11. Changes to This DPA

We may update this Data Processing Addendum periodically to reflect changes in our data processing practices or legal requirements. Material changes will be communicated via:

  • Email notification to subscribers
  • Prominent notice on the website
  • Updated "Effective Date" at the top of this document

Continued use of our services after changes constitutes acceptance of the updated DPA.

12. Questions & Contact

If you have any questions about this Data Processing Addendum, our data practices, or wish to exercise your data rights, please contact us:

Data Controller

CT / KEEPER OF THE FIYAH

Email: success@keeperofthefiyah.com

Website: keeperofthefiyah.com

All inquiries will be responded to within 5-7 business days.

Related Policies

This DPA should be read in conjunction with our other governance documents:

Privacy Policy

How we collect and use data

AI Usage Policy

Content protection measures

Terms of Service

Website usage terms

Made with Emergent