Legal · Template
Data Processing Agreement
For dioceses and parishes · Template, June 2026
This is a template to be completed (items in [brackets]) and reviewed by counsel before execution. It becomes binding only when incorporated into and signed with the parties' Agreement. It mirrors the commitments in our Security Overview and Trust Center.
1. Definitions & roles
- 1.1This Data Processing Agreement ("DPA") forms part of the agreement (the "Agreement") between [Diocese/Archdiocese of ___] and the parishes it designates (together, the "Controller") and [Nave, Inc.] ("Nave" or the "Processor") for use of the Nave platform (the "Service").
- 1.2"Personal Data," "Processing," "Controller," "Processor," and "Data Subject" have the meanings given under applicable data-protection law.
- 1.3The Controller determines the purposes and means of Processing the Personal Data entered into the Service. Nave Processes that Personal Data only as a Processor, on the Controller's documented instructions.
- 1.4Where this DPA and the Agreement conflict on data protection, this DPA controls.
2. Scope & instructions
- 2.1Nave Processes Personal Data only to provide and support the Service, as described in Annex I, and on the Controller's documented instructions — including the configuration choices each parish makes within the Service.
- 2.2Nave will not Process Personal Data for its own purposes, will never sell or rent it, and will never use it for advertising.
- 2.3If Nave believes an instruction violates applicable law, it will inform the Controller without undue delay.
3. Confidentiality
- 3.1Nave keeps Personal Data confidential and ensures that personnel authorized to Process it are bound by appropriate confidentiality obligations.
- 3.2Access within Nave is limited to those who need it to operate and support the Service; Nave staff do not browse parish data in the ordinary course of operations.
4. Security measures
- 4.1Nave implements and maintains the technical and organizational measures described in Annex II, designed to protect Personal Data against unauthorized access, loss, or disclosure.
- 4.2Measures include per-parish isolation enforced at the database layer (row-level security), encryption in transit and at rest, least-privilege role-based access, and reliance on independently-audited infrastructure providers.
- 4.3Nave may update its measures over time provided the level of protection is not materially reduced.
5. Subprocessors
- 5.1The Controller authorizes Nave to engage the subprocessors listed in Annex III to Process Personal Data, each under a written contract imposing data-protection obligations no less protective than this DPA.
- 5.2Nave remains responsible for its subprocessors' performance. Nave will give the Controller reasonable prior notice of any new or replacement subprocessor and a chance to object on reasonable data-protection grounds.
6. Assistance with data-subject rights
- 6.1Taking into account the nature of the Processing, Nave will assist the Controller with reasonable measures to respond to Data Subjects exercising rights of access, correction, deletion, and portability.
- 6.2The Service provides self-service tools (a member portal and admin exports) that let parishes fulfill most requests directly; Nave will help with the remainder.
7. Personal-data breach notification
- 7.1Nave will notify the Controller without undue delay, and in any case within seventy-two (72) hours, after becoming aware of a Personal Data breach affecting the Controller's data.
- 7.2The notice will describe, to the extent known, the nature of the breach, the data and Data Subjects affected, the likely consequences, and the measures taken or proposed. Nave will reasonably assist the Controller with its own notification obligations.
8. Return & deletion of data
- 8.1At any time during the term, the Controller may export its Personal Data from the Service.
- 8.2On termination, Nave will, at the Controller's choice, return or delete the Personal Data within a reasonable period (target: thirty (30) days), except where retention is required by law, and will then delete remaining copies.
9. Audits & information
- 9.1Nave will make available the information reasonably necessary to demonstrate compliance with this DPA, including its security overview and any third-party certifications held by its infrastructure providers.
- 9.2On reasonable prior notice and no more than once per year (unless required by a supervisory authority or following a breach), Nave will respond to a reasonable security questionnaire or support an audit, subject to confidentiality and without compromising other customers' data.
10. International transfers
- 10.1Personal Data is Processed and stored on infrastructure located in the United States. Where data-protection law requires a transfer mechanism, the parties will put an appropriate one in place.
11. Term, liability & governing law
- 11.1This DPA takes effect on the Effective Date and continues for as long as Nave Processes Personal Data under the Agreement.
- 11.2Each party's liability under this DPA is subject to the limitations of liability in the Agreement.
- 11.3This DPA is governed by the law of [State/Jurisdiction], consistent with the Agreement.
Annex I — Details of Processing
- Controller
- [Diocese/Archdiocese of ___] and its designated parishes
- Processor
- [Nave, Inc.]
- Subject matter
- Provision of the Nave parish website and back-office platform
- Duration
- The term of the Agreement, plus the return/deletion period
- Categories of Data Subjects
- Parishioners and their households; prospective/registering families; clergy, staff, and volunteers; ministry members; donors
- Categories of Personal Data
- Names and contact details; household/family information; ministry and volunteer involvement; service hours; prayer and Mass-intention requests; sacramental requests and case status; safe-environment / background-check records; donation records (payment details handled by the payment processor, not stored by Nave); communication preferences
- Special-category / sensitive data
- Religious-affiliation context is inherent; data relating to minors (faith formation) and safe-environment compliance is handled with the tightest access
- Purpose
- To operate the parish's website, member portal, and administrative tools, and to communicate with parishioners as the parish directs
Annex II — Technical & Organizational Measures
- Tenant isolation: each parish's data is segregated and enforced by row-level security policies at the database layer, not application code alone.
- Encryption: TLS in transit; encryption at rest on managed cloud infrastructure.
- Access control: role-based, least-privilege access within each parish; sensitive areas (finance, safe-environment, census) restricted to designated roles; managed authentication with confirmed email and server-validated sessions.
- Operational security: reliance on SOC 2 / ISO 27001-certified infrastructure providers; automated backups; principle of no routine staff access to parish data.
- Payments: card and bank data are handled exclusively by a Level 1 PCI-certified processor and never stored on Nave's systems.
- AI/translation: parish content is processed for translation under enterprise terms that prohibit training on customer data; private records are not used for AI.
Annex III — Approved Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and storage | United States |
| Vercel | Application hosting and content delivery | United States |
| Stripe | Payment processing (PCI L1) | United States |
| Google Cloud Translation | Machine translation of parish content | United States |
| Anthropic | AI assistance (no training on customer data) | United States |
| Resend | Transactional email delivery | United States |
Execution
Agreed and accepted by the parties as of the Effective Date: [__________].
Controller — [Diocese/Archdiocese of ___]
Signature
Name & title
Date
Processor — [Nave, Inc.]
Signature
Name & title
Date
Questions about this DPA? hello@nave.live. See also our Terms and Privacy Policy.