Application Privacy Policy

Kingsley Integrators acts as a processor or service provider for customer data that a customer connects to the application. The customer decides which HRMS and SaaS applications to connect, which workflows to configure, which approvals are required, and how long customer records should remain active.

Kingsley Integrators may act as a controller for limited business information such as account administration, billing, security logs, website analytics, and direct support communications.

Depending on the connectors and features enabled by a customer, the application may process:

When a customer authorizes Google Workspace, Microsoft, Slack, GitHub, Atlassian, HRMS, or other SaaS connectors, the application requests only the scopes needed to deliver the selected workflow, sync, evidence, or intelligence feature.

Google API data and other provider API data are used to provide and improve customer-requested identity lifecycle automation, access review, audit evidence, connector health, support, security, and reliability features. Provider data is not sold, used for advertising, or used to train general-purpose AI models.

Customers can disconnect a provider integration from the application and may also revoke access from the provider's own security or app console.

AI and MCP features are optional and human-supervised. Read operations can summarize identity state or surface findings. Write operations require customer-approved workflow controls and use the same governed workflow engine and audit trail as human-triggered actions.

The application does not permit an AI agent to bypass customer approvals, connector permissions, or audit logging.

The application shares data only as needed to operate the service, follow customer instructions, comply with law, protect the service, or complete a business transaction such as a merger or acquisition.

Service providers may include cloud hosting, database, observability, payments, authentication, email, support, analytics, and security providers. These providers are bound to process data only for authorized purposes.

Kingsley Integrators uses role-based access controls, encrypted transport, credential protection, audit logging, environment separation, least-privilege connector scopes, operational monitoring, and workflow lineage controls designed for enterprise identity operations.

No security program can guarantee absolute protection. Customers should configure least-privilege app permissions, keep administrator accounts secure, and promptly remove users who no longer need access.

Customer data is retained for the period needed to provide the service, keep workflow and audit evidence, meet legal obligations, resolve disputes, and enforce agreements. Customers may request deletion or export of customer data, subject to contractual retention, audit, security, and legal requirements.

Backups and logs may remain for a limited period before automatic deletion or overwriting under normal retention controls.

The application may process information in countries where Kingsley Integrators, its infrastructure providers, or subprocessors operate. Where required, customer agreements, data processing terms, and transfer safeguards govern cross-border processing.

Customer administrators can configure connectors, scopes, workflows, approvals, retention requests, and deletion requests through the application or support process.

Depending on applicable law, individuals may have rights to access, correct, delete, export, restrict, or object to processing of personal data. Because most application data is processed on behalf of a customer, individual requests should usually be directed to the customer's administrator. Kingsley Integrators will support customers in responding to valid requests.

The application is a business service and is not intended for children or personal household use.

This policy may be updated as the application, laws, or operating practices change. Material updates will be posted on this page, and customer administrators may receive additional notice when required.