Koinonia Cloud^™ — Terms of Service

Effective Date: May 28, 2026

Version: 1.2

Provider: Unbalanced Force Dynamics LLC ("Provider," "we," "us," "our")

1. Acceptance of Terms

By creating an account, clicking "Provision My Koinonia Cloud^™ Instance," or otherwise accessing or using the Koinonia Cloud^™ platform ("Service"), you ("Subscriber," "you," "your") agree to be bound by these Terms of Service ("Terms"), our Privacy Policy, and any additional terms referenced herein. If you are accepting on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

These Terms constitute a legally binding agreement. If you do not agree, do not use the Service.

2. Description of Service

Koinonia Cloud^™ is a cloud-hosted church management platform provided on a Software-as-a-Service (SaaS) basis. Each subscribing church receives an isolated instance consisting of:

• A dedicated database and application environment
• Member and family management tools
• Volunteer, attendance, event, and financial record-keeping
• Children's ministry check-in and roster management
• Data import/export utilities
• Communication tools (email, SMS)

The Service is hosted on Google Cloud Platform infrastructure managed by the Provider.

3. Accounts and Access

3.1 Registration

You must provide accurate, current, and complete information during registration. You agree to update this information as necessary to keep it accurate.

3.2 Account Security

You are responsible for:

• Maintaining the confidentiality of all login credentials
• Ensuring passwords are strong, unique, and never shared among users
• Restricting access to authorized personnel only
• Promptly notifying us at support@koinoniacloud.com if you suspect unauthorized access

Each user must have their own individual account. Shared or generic login credentials are prohibited.

3.3 Account Hierarchy

The initial account holder is designated as the SuperAdmin. SuperAdmins may create additional user accounts with varying permission levels (Admin, Staff, Member, Check-in). You are responsible for all activity that occurs under your organization's accounts.

4. Subscription and Payment

4.1 Billing

The Service is offered on a month-to-month subscription basis. Fees are billed monthly in advance via Stripe. You authorize recurring charges to your designated payment method.

4.2 Pricing Changes

We may adjust pricing with thirty (30) days' written notice via email to your SuperAdmin account. Continued use of the Service after the effective date of a price change constitutes acceptance.

4.3 Taxes

Subscription fees are exclusive of taxes. You are responsible for any applicable sales, use, or value-added taxes.

4.4 Failed Payments

We understand that startup churches occasionally encounter cash-flow timing issues, and we have built our payment-failure handling to give you ample runway to resolve the situation. If a payment fails, we will attempt to notify you and retry the charge over the following weeks. If payment remains outstanding for thirty (30) days — one full billing cycle — we reserve the right to suspend your instance. Following suspension, your Subscriber Data is retained for an additional ninety (90) days before permanent deletion, giving you time to update payment information, export your data, or migrate elsewhere. We will continue to send reminder communications throughout this period and our support team is available to discuss payment alternatives if needed.

5. Subscriber Data

5.1 Ownership

You retain all ownership rights to the data you and your users enter into the Service ("Subscriber Data"). We do not claim any ownership interest in Subscriber Data.

5.2 License to Provide Service

You grant us a limited, non-exclusive license to host, process, transmit, store, and display Subscriber Data solely as necessary to operate your dedicated instance of the Service on your behalf, perform backups and disaster recovery, and provide technical support when you request it. We do not use Subscriber Data to train machine-learning or AI models, develop new products, refine other features for other churches, target advertising, or for any purpose other than serving your specific instance.

5.3 Data Portability

You may export all of your Subscriber Data at any time using the built-in export tools. "All" means exactly that: member records, family relationships, household composition, groups, attendance history, giving records, volunteer information and certifications, communications history, event registrations, children's-ministry records, pastoral notes, uploaded documents, uploaded photos, and any other data your church has entered into the Service. Exports are provided in standard portable formats (CSV, JSON, and ZIP archives for binary assets) so your data can be migrated to any other system you choose. We do not gate, withhold, or charge extra for exports — your data is yours, and you can take it with you.

5.4 Single-Tenant Architecture

Koinonia Cloud^™ is a single-tenant platform — not a multi-tenant SaaS that partitions one shared database among many customers. Your church receives its own dedicated infrastructure stack: a separate frontend application, a separate backend application, a separate database instance, and separate file storage. There is no shared database, no shared application server, no multi-tenant query path, and no architectural pathway by which another church's instance could access your data. Each church's resources are namespaced and provisioned independently in our cloud-provider environment. This is a deliberate and more expensive design choice on our part — it eliminates "noisy neighbour" performance problems and reduces the cybersecurity blast radius between churches to zero.

5.5 Backups and Disaster Recovery

We maintain a layered backup strategy for every church's database:

• Automated daily snapshots with a thirty (30) day rolling retention window
• Continuous transaction log capture enabling point-in-time recovery (PITR) to any moment within the past seven (7) days — useful for recovering from accidental deletions, bulk-edit mistakes, or data corruption
• All backups are encrypted at rest using the same AES-256 standard as production data

In the event of a recovery request — whether triggered by accidental data deletion on your side, data corruption, or infrastructure failure on our side — our standard restoration commitment is seventy-two (72) hours from request to verified restoration. Most recoveries complete substantially faster (typically within one hour for the small-to-mid-size church databases we host); the 72-hour figure is our outer-bound commitment, not our typical response. Recovery is performed at no additional charge for incidents caused by our infrastructure; recoveries requested due to your own data-entry errors may be subject to a reasonable service charge after the first such request per calendar year.

6. Acceptable Use

You agree not to use the Service to:

• Store, transmit, or process unlawful content — including but not limited to child sexual abuse material (CSAM); content used to harass, threaten, defame, or stalk any person; stolen personal information; or content that infringes another party's intellectual-property, trade-secret, or privacy rights
• Process personal information unlawfully — collecting, storing, or transmitting personal information about any individual without legal basis, required consents, or compliance with applicable privacy laws (including but not limited to COPPA, CCPA/CPRA, GDPR where applicable, and analogous state and federal laws)
• Send communications without required consent — using the Service's email or SMS features to send messages without first obtaining the recipient consents required by the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and applicable state-level communications laws (see §7.2)
• Attempt unauthorized access — accessing or attempting to access another organization's instance, our infrastructure, or any system, account, or data you have not been explicitly granted access to
• Reverse-engineer the Service — decompiling, disassembling, or attempting to derive the source code, algorithms, or proprietary methods underlying the Service
• Conduct automated mapping, scraping, or competitive intelligence — using bots, headless browsers, scripted clients, AI agents, or any other automated means to systematically enumerate endpoints, harvest data, map application behavior, or otherwise probe the Service for the purpose of replicating its functionality, reverse-engineering its design, or competing with the Service. Customary, low-volume use of integration tools by your own administrators (CSV import, your own reporting connectors) does not violate this clause; systematic automated traversal of the application surface does
• Introduce malicious code — uploading viruses, malware, ransomware, worms, trojans, or any code designed to disrupt, damage, surveil, or gain unauthorized access to any system
• Misuse the Service — using the platform for any purpose other than legitimate church administration, ministry operations, and related activities
• Resell or redistribute — reselling, sublicensing, white-labeling, or otherwise redistributing access to the Service without our prior written consent

We reserve the right to suspend or terminate accounts that violate these terms — with reasonable notice when feasible, and immediately when necessary to protect the Service, other churches, or third parties.

6.1 Automated Abuse Detection and Response

We operate an automated system that continuously monitors signed-in API traffic patterns to detect activity consistent with automated abuse — including but not limited to bot-driven endpoint enumeration, scraping, headless-browser-driven mapping, and traffic patterns inconsistent with human interactive use. The data collected by this system is limited to traffic shape (endpoint patterns, timing, response codes, anonymous fingerprints, session identifiers, and IP addresses) and does not include the contents of your requests or your members' personal data; full details are documented in the User Guide section "Security Activity Monitoring."

You expressly authorize us, on the basis of signals from that detection system and at our reasonable discretion, to take any of the following actions against a session, user account, or originating network that we reasonably believe to be engaged in automated abuse or violating the Acceptable Use prohibitions in §6:

• Introduce latency — inject artificial delay into responses for the affected session, causing automated tools to operate at impractically slow speeds while imposing no material burden on a human user
• Restrict access to specific features — prevent the affected session from reaching parts of the Service that your organization has not previously used, prompting the user to contact our support team to enable that feature
• Invalidate or disconnect the session — terminate the affected session, requiring the user to authenticate again
• Suspend the user account or the originating IP address — block further sign-ins from the implicated credential or network until the matter is resolved with our support team
• Suspend or terminate the church's instance — in extreme cases involving sustained or large-scale abuse, suspend or terminate the entire subscription per §14.2

We will, where feasible, prefer the least-disruptive remedy and notify the SuperAdmin of the affected church before escalating beyond automated throttling. We are not, however, required to obtain prior notice or consent before invoking any of these measures, and we will not be liable for any loss, inconvenience, or business interruption you experience as a result of legitimate enforcement under this section.

Legitimate use by your own staff that is incorrectly flagged by the detection system will be restored promptly upon contact with our support team at support@koinoniacloud.com. We treat such contacts as a primary signal for calibrating the detection system to avoid recurrence.

7. Shared Responsibility Model

7.1 Provider Responsibilities

We are responsible for:

• Securing the cloud infrastructure (network, compute, storage, database)
• Encrypting data at rest (AES-256) and in transit (TLS 1.2+)
• Maintaining platform availability and performing security patches
• Conducting regular vulnerability assessments
• Maintaining automated backup systems
• Incident response for infrastructure-level security events

7.2 Subscriber Responsibilities

You are responsible for:

• Enforcing strong, unique passwords for all user accounts
• Ensuring credentials are never shared between individuals
• Managing user permissions appropriately (principle of least privilege)
• Securing local devices (computers, tablets, phones) used to access the Service
• Reviewing and managing the accuracy of Subscriber Data
• Enabling and using available security features (e.g., multi-factor authentication)
• Obtaining required consents for the personal information you enter into and the communications you send through the Service. This includes, but is not limited to:
• Express prior opt-in consent for sending email or SMS communications to members, volunteers, donors, or any other recipient, in compliance with the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and analogous state communications laws. The Service provides opt-in/opt-out tools to help you administer this; the legal obligation to obtain and honor consents is yours
• Verifiable parental or guardian consent for the collection and storage of children's information under the Children's Online Privacy Protection Act (COPPA) and applicable state laws
• Any other consents required under applicable privacy laws (CCPA/CPRA, GDPR where applicable, state-level analogues) for the collection, storage, and processing of personal data
• Training staff and volunteers on basic cybersecurity practices
• Promptly reporting suspected security incidents to us

8. Children's Data and COPPA Compliance

The Service includes children's ministry features that may involve the storage of minors' personal information (names, ages, medical/allergy notes, guardian relationships, attendance records).

• You are the data controller for all children's data entered into the platform
• You are responsible for obtaining verifiable parental or guardian consent as required under the Children's Online Privacy Protection Act (COPPA) and any applicable state laws
• We process children's data solely at your direction and in accordance with our Privacy Policy
• We do not knowingly collect personal information from children under 13 without organizational authorization through a subscribing church

9. Third-Party Service Integrations

The Service includes optional API integrations with selected third-party providers — payment processors, background-check services, communications providers, and others as the Service evolves. These integrations let your church connect external services that you select, authorize, and contract with directly. The third-party providers perform the actual work; the Service simply transmits data between your instance and their systems, at your direction.

9.1 General Principles for All Third-Party Integrations

When you enable a third-party integration through the Service:

• You are the customer of the third-party provider — not us. Your direct legal relationship is with that provider, governed by their terms of service, privacy policy, and any contracts you sign with them
• You authorize the data exchange. By connecting an integration, you authorize us to transmit relevant data between your instance and the third-party provider on your behalf
• You are responsible for compliance with the provider's terms, including any usage restrictions, fees, and acceptable-use limits they impose
• The third-party provider is solely responsible for the accuracy, completeness, freshness, and timeliness of the data they return through their API. We transmit what their API returns; we do not independently verify, audit, augment, or correct their data
• Service interruptions on the provider's side may interrupt the integration. We do not control their uptime, API stability, schema changes, or feature deprecations

9.2 Payment Processors (Stripe, PayPal, Square)

The Service may integrate with third-party payment processors for your church's giving and donation management. These integrations connect directly to your payment processor account.

• No transaction fees from us. We do not charge transaction fees, commissions, or percentage-based fees on donations or giving processed through the Service. Third-party payment processors may charge their own fees
• Funds flow directly to your account. Donations flow from donor → processor → your church's bank account. We do not handle, custody, or have access to donor funds at any point
• You are responsible for accurate financial record-keeping and for IRS compliance regarding charitable-contribution receipts, donor acknowledgments, and tax reporting

9.3 Background-Check Providers

The Service may integrate with third-party background-check providers (such as Checkr, GoodHire, MinistrySafe, Protect My Ministry, or others as the Service supports them) so churches can request, track, and store background-check results for volunteers, staff, and contractors as part of child-safety and risk-management programs.

Critical liability framing — please read this section carefully:

We provide the API connection that transmits background-check requests and results between your instance and the provider you have selected. We do not run the background check, evaluate the results, decide which databases to query, determine what constitutes a passing or failing result, or make any hiring, placement, supervision, or risk decision based on those results. Background checks are performed solely by the third-party provider; decisions based on them are made solely by your church. Specifically:

• We are not liable for the accuracy or completeness of background-check results. The provider you select is solely responsible for the data sources they query, the searches they perform, the time period covered, and the determinations they report. Background checks reflect publicly available records at a point in time and are inherently incomplete — they cannot surface offenses in jurisdictions not searched, offenses occurring after the check, sealed or expunged records, or conduct that has not resulted in a record
• We are not liable for "false-negative" outcomes. If a background check returns "clear" but the individual subsequently engages in misconduct that a different, more thorough, or more recent check might have flagged, your remedy (if any) lies with the provider that performed the check — not with us. A clear background check is not a guarantee of future behavior and does not transfer liability to the entity that supplied the API connection
• We are not liable for data-freshness or synchronization failures between the provider and your instance. Background-check data can change over time — a previously-clear individual may later have new criminal records, license revocations, or other adverse findings. If the provider updates their data and that update fails to transmit through their API to your instance (whether due to provider error, API outage, schema change, or any other cause), the provider — not us — bears responsibility for the synchronization failure. We display what the provider's API returns at the time of query. You should periodically re-run checks for high-risk roles rather than rely on a one-time historical query
• You are solely responsible for adverse-action procedures required by the Fair Credit Reporting Act (FCRA) and analogous state laws when adverse decisions are made based on background-check results. These procedures are between you and the provider, who acts as the consumer-reporting agency; we are not a party to that relationship
• Background-check results inform but do not determine outcomes. Your church remains solely responsible for hiring, volunteer-placement, supervision, training, and discipline decisions. Reliance on a clear background check does not absolve your church of the duty-of-care obligations you owe to children, members, employees, contractors, and others under your supervision

9.4 Communications Providers (Email and SMS)

The Service uses third-party providers (Postmark, Twilio, or similar) to send email and SMS messages composed by your church to its members.

• You compose the content; we transmit it. All message content originates from your church
• You are responsible for legal compliance — including TCPA, CAN-SPAM, state-level SMS regulations, and obtaining the required opt-in consents from recipients (see §6 and §7.2)
• The provider determines deliverability. We do not control whether a specific message reaches a specific recipient — that depends on the provider's policies, recipient mail/SMS servers, content filtering, and recipient settings
• You are responsible for honoring opt-outs. The Service provides tools (unsubscribe links, STOP-keyword handling, opt-out tracking) to facilitate compliance; the legal obligation to honor opt-outs in a timely manner is yours

9.5 Other Third-Party Integrations

We may add additional third-party integrations to the Service over time. Unless the integration's own subsection in this Section provides otherwise, the General Principles in §9.1 govern, and the liability framing in §9.3 (we provide the API connection; we do not run the underlying service or guarantee its data) applies by analogy. We will update these Terms when a materially different integration category is introduced.

10. Indemnification

10.1 Subscriber Indemnification

To the extent caused by the failure of your organization to maintain reasonable security practices as described in Section 7.2, or by your use of third-party services integrated through the Service as described in Section 9, you agree to indemnify, defend, and hold harmless Unbalanced Force Dynamics LLC, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorney's fees) arising from:

• Breaches or unauthorized access resulting from compromised, shared, or weak user credentials
• Failure to enable or use available security features
• Local device compromise or negligence by your staff, volunteers, or members
• Unauthorized or unlawful processing of personal data entered by your users
• Decisions, actions, or inactions taken by your church based on data, results, or recommendations from any third-party service integrated through the Service — including but not limited to background-check results, payment-processing outcomes, or communications deliverability. The Service transmits data between your instance and the third-party provider; we are not a party to your church's decision-making process and do not warrant the underlying data
• Failure of any third-party service integrated through the Service to provide accurate, complete, current, or timely data — your remedy in such cases lies with that provider, not with us. This includes (without limitation) outdated background-check results, payment-processor disputes or chargebacks, and email/SMS delivery failures
• Communications (email or SMS) sent through the Service in violation of TCPA, CAN-SPAM, or analogous laws — including failure to obtain required opt-in consents or honor opt-out requests
• Your violation of these Terms or applicable law

10.2 Provider Indemnification

We will indemnify and defend you against third-party claims alleging that the Service, as provided by us, infringes a valid U.S. patent, copyright, or trademark, provided you promptly notify us, grant us sole control of the defense, and cooperate as reasonably requested.

11. Limitation of Liability

11.1 Liability Cap

IN NO EVENT SHALL THE PROVIDER'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE EXCEED THE TOTAL SUBSCRIPTION FEES PAID BY YOU DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11.2 Exclusion of Damages

NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITY, REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Exceptions

The limitations in Sections 11.1 and 11.2 do not apply to: (a) your indemnification obligations under Section 10.1; (b) either party's breach of confidentiality obligations; or (c) either party's willful misconduct.

12. Service Availability

12.1 Uptime Target

We target 99.9% monthly uptime for the Service, excluding scheduled maintenance windows. This is a target, not a guarantee or service-level agreement (SLA).

12.2 Scheduled Maintenance

We will provide at least twenty-four (24) hours' notice for planned maintenance that may affect availability, except in cases of critical security patches.

12.3 Force Majeure

Neither party is liable for failure or delay caused by events beyond reasonable control, including natural disasters, acts of government, internet outages, or third-party service failures.

13. Intellectual Property

13.1 Provider IP

The Service, including its software, design, documentation, and trademarks, is the intellectual property of Unbalanced Force Dynamics LLC. These Terms do not grant you any rights to our intellectual property except the limited right to use the Service as described herein.

13.2 Feedback

If you provide suggestions, ideas, or feedback about the Service, you grant us a perpetual, royalty-free license to use and incorporate such feedback without obligation to you.

14. Termination

14.1 Termination by You

You may cancel your subscription at any time by contacting us or using the account management tools. Cancellation takes effect at the end of the current billing period.

14.2 Termination by Us

We may terminate your account immediately upon written notice if you materially breach these Terms and fail to cure within thirty (30) days of notice, or immediately for violations of Section 6 (Acceptable Use).

14.3 Effect of Termination

Upon termination — whether initiated by you under Section 14.1, by us under Section 14.2, or as a consequence of non-acceptance of revised Terms under Section 16.4:

• Your active access to the Service is revoked at the effective termination date
• Your Subscriber Data is retained for ninety (90) days after termination, during which the data-export tools remain fully available so you can pull a complete copy of your data and migrate it to another system
• After the ninety (90) day window, all Subscriber Data is permanently deleted from our production systems, with deletion from encrypted backups completed as those backups rotate (within the standard backup retention cycle)
• Account information (church name, billing history) may be retained for up to seven (7) years for tax and legal-compliance purposes — this is separate from Subscriber Data and consists only of the records needed for our own books and regulatory obligations
• No refunds will be issued for partial billing periods

If you need additional time to complete data migration beyond the standard 90-day window, contact us at support@koinoniacloud.com — we are generally able to accommodate reasonable extensions for churches actively transitioning to another system.

15. Dispute Resolution

15.1 Governing Law

These Terms are governed by the laws of the State of Florida, without regard to conflict-of-law principles.

15.2 Informal Resolution

Before filing any formal proceeding, you agree to contact us at support@koinoniacloud.com and attempt to resolve the dispute informally for at least thirty (30) days.

15.3 Arbitration

Any dispute not resolved informally shall be settled by binding arbitration under the rules of the American Arbitration Association (AAA), conducted in the State of Florida. Judgment on the arbitration award may be entered in any court of competent jurisdiction.

15.4 Class Action Waiver

You agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action.

16. Modifications to Terms

We may modify these Terms from time to time to reflect operational changes, new features, evolving legal requirements, or other legitimate business reasons. When we do, the following process applies:

16.1 Notice

We will notify your SuperAdmin via email at least thirty (30) days before the modified Terms take effect (the "Effective Date"). The notice will include a link to the revised document, a plain-language summary of material changes, and the Effective Date.

16.2 Review Period

During the thirty (30) day period between notification and the Effective Date, the existing Terms continue to govern your use of the Service. You may review the revised Terms, consult with your board or legal counsel, and export your Subscriber Data if you decide not to continue under the new agreement. The Service will display a non-blocking banner inside the application during this window so all administrators are aware that updated Terms are pending.

16.3 Explicit Acceptance Required

On or after the Effective Date, your SuperAdmin will be required to formally accept the revised Terms via an in-application acceptance flow. Until acceptance is recorded, full access to the Service will be restricted — read-only access and the data-export tools remain available, but normal operations (writes, communications, integrations, and standard daily use) are paused. We do not treat continued use alone as acceptance of modified Terms. Explicit acknowledgment by your authorized representative is required for the modified agreement to take effect with respect to your church.

16.4 If You Choose Not to Accept

If your SuperAdmin chooses not to accept the revised Terms, your subscription will end on the Effective Date (or the date you so notify us, whichever is later). Your data-export tools remain fully available throughout. Standard post-termination data retention under Section 14.3 applies, giving you time to export your data and migrate elsewhere if you so choose.

16.5 Limited Exceptions

We may make non-material changes (typo corrections, clarifications, contact-information updates) without invoking the 30-day notice and re-acceptance flow. We may also make changes required to comply with applicable law on a shorter timeline if necessary, in which case we will provide as much notice as is reasonably practicable and the rest of this Section 16 applies to the extent possible.

17. Miscellaneous

17.1 Entire Agreement

These Terms, together with the Privacy Policy and any order forms, constitute the entire agreement between you and the Provider regarding the Service.

17.2 Severability

If any provision is held unenforceable, the remaining provisions remain in full force and effect.

17.3 Waiver

Failure to enforce any provision does not constitute a waiver of future enforcement.

17.4 Assignment

You may not assign these Terms without our prior written consent. We may assign these Terms in connection with a merger, acquisition, or sale of substantially all assets.

17.5 Notices

Notices to us must be sent to support@koinoniacloud.com. Notices to you will be sent to the email address associated with your SuperAdmin account.

18. Contact

Unbalanced Force Dynamics LLC

Email: support@koinoniacloud.com

Website: www.koinoniacloud.com

Objects at rest don't stand a chance.