Kihapp Terms and Conditions

Effective Date: 2025-10-01
Last Updated: 2025-10-01

1. INTRODUCTION

  1. 1.1. Welcome to Kihapp ("Service"). The Service is a martial arts tournament management service designed to help Event Organizers set up and run tournaments (and other events such as seminars or tests) and to allow End Users to easily register for events and follow results.
  2. 1.2.

    The Service is provided by, and You are contracting with:

    Kihapp AB
    c/o Sundberg
    Elias Lönnrots väg 13 lgh 1102
    168 46 Bromma
    Sweden
    ("Service Provider").

  3. 1.3. Contact Information. If You have any questions regarding these Terms, please contact the Service Provider at: hello@kihapp.com.
  4. 1.4. Acceptance of Terms. These Kihapp Terms and Conditions ("Terms") form a binding legal agreement between the Service Provider and the individual or entity accessing or using the Service ("You"). Your specific role is further defined in the User Categories below.

    By registering for an account, or by otherwise accessing or using the Service, You confirm that You have read, understood, and agreed to these Terms including, if relevant, the Data Processing Agreement attachment. If You disagree with any part of these Terms, You must refrain from using the Service.

  5. 1.5. User Categories. Your relationship with the Service and the specific terms that apply to You depend on how You interact with it. For the purposes of these Terms, You will be categorized as one of the following types of "Users":
    1. A. Event Organizer: refers collectively to the individual(s) and/or entity(ies) designated within the Service to create, manage and administer an event. In marketing materials for the Service, the term "host" may also be used. Event Organizer includes following sub-roles:
      1. i. The Owner who holds ultimate authority over the event. Each event has one (1) Owner.
      2. ii. An Admin is a user granted permissions by the Owner to manage the event. An event may have multiple Admins.
      3. iii. An Observer is an event organizer-user granted read-only access to an event. An Observer can view all event data but cannot make any changes.
    2. B. End User: An individual using the Service to register for an event, make payments to the Event Organizer, follow results, or browse public event information. This includes i.a. competitors, guardians registering minors, coaches registering competitors and other participants such as individuals who have purchased an admission ticket.
    3. C. Authorized User: An individual authorized by an Event Organizer to perform a designated role, such as a referee, judge, or timekeeper. This authorization may be granted via a User account or through other means, such as a specific link or QR code, that do not require account creation.
    4. D. School Administrator: An individual who uses their User account to create and manage a "School" entity within the Service, and to administer the registration data of their School's members for events.

    The terms "User" and "Users" in these Terms refer to anyone acting in one or more of these capacities.

2. GENERAL TERMS (APPLICABLE TO ALL USERS)

  1. 2.1. User account, Security, and Privacy.

    A User account, tied to an email address and a name, is required to create and manage events. To facilitate easy setup, creating an initial event may not require complete contact information. However, to publish an event and collect entry fees You must provide and maintain accurate and complete contact and billing information.

    The User account may be used by the natural person or organization that registered it. A User account can also be used to create and manage a "School" entity, linking the account holder to that specific school.

    You are responsible for all activities that occur under Your User account and must report any unauthorized use or security breaches to the Service Provider immediately. For security, You agree to choose a strong, unique password and avoid sharing it. The Service Provider takes reasonable measures to ensure the security and safety of Your User account.

    You are also responsible for adhering to the data protection laws of your jurisdiction, in addition to the EU’s General Data Protection Regulation (GDPR). In particular, you must ensure that:

    • You only enter information into the Service for which you have the legal basis and authorization to process and transfer.
    • You understand and fulfill your obligations as a data controller as defined by the GDPR.
    • You handle the personal data of minors with special care and diligence.

    For detailed information on how personal data is handled, please read our Privacy Policy.

  2. 2.2. Eligibility and Use by Minors. If you are under 16, you may only use the Service with the consent and supervision of a parent or legal guardian.
  3. 2.3. Acceptable Use and Content Policy. You agree not to use the Service for any unlawful purpose or in any way that could harm the Service or impair anyone else's use of it. In addition, The Service should be used in accordance with good manners, and respectful behavior is especially expected in all situations where You may interact with other Users. You may not post or transmit any content that:
    • Is unlawful, fraudulent, threatening, harassing, defamatory, or obscene;
    • Infringes on any third party's intellectual property rights or other proprietary rights or
    • Contains software viruses or any other computer code designed to interrupt, destroy, or limit the functionality of any computer software or hardware.
  4. 2.4. Intellectual Property Rights and License to Use the Service. The Service Provider retains all rights, title, and interests in the intellectual property associated with the Service. Users are prohibited from, for example but not limited to, reproducing, modifying, or distributing the Service.

    In accordance with these Terms, the Service Provider grants You a limited, non-exclusive right to access and use the Service. The continued validity of this license is conditional upon Your compliance with these Terms.

  5. 2.5. User Data and Content. The rights to all data and content You provide to the Service ("User Content") belong to You, or to the third parties from whom You have obtained permission to provide the User Content.

    The Service Provider may remove User Content or restrict Yours or others access to User Content according to the Notice and Action Policy.

    User Content is stored in the Service for as long as Your User account is active. Event Organizers may have the ability to export certain User Content, such as participant and result lists, through the Service's functionalities.

    The principles of personal data processing are further detailed in our Privacy Policy.

  6. 2.6. Service Model and Support. The Service is provided primarily as a self-service platform. Instructions for use are available on the Service Provider's website. The Service Provider aims to offer modest technical support via email. However, the Service Provider does not guarantee that any technical support or other customer service will be available. Any technical support or other customer service binding on the Service Provider must be separately agreed upon in writing between the Parties. The Service Provider does not commit to providing such additional services.
  7. 2.7. Modifications to the Terms. The Service Provider reserves the right to update or modify these Terms at any time. Any changes will become effective upon their posting on the Kihapp website or through other notification. By continuing to use the Service after the modified Terms have been posted, You agree to be bound by the updated Terms.
  8. 2.8. Termination of Account and Service
    1. 2.8.1. Termination by You: You may terminate Your account and discontinue using the Service at any time by contacting the Service Provider or using any available account deletion tools.
    2. 2.8.2. Suspension and Termination by the Service Provider: The Service Provider may suspend or terminate Your access to the Service, if the Service Provider reasonably believes You have violated these Terms or any applicable laws. This may occur without prior warning if the violation is of a serious nature and immediate action is necessary.
    3. 2.8.3. The Service Provider also reserves the right to terminate User accounts that have been inactive for an extended period. The Service Provider also has specific procedures for handling certain repeated infringements, as further detailed in our Notice and Action Policy.
    4. 2.8.4. Discontinuation of the Service: In its sole discretion, the Service Provider may also choose to discontinue the Service altogether and if so, it will notify You about this decision through online means.
    5. 2.8.5. Effect of Termination: Terminating Your User account does not automatically delete public competition data (such as participant lists and results) associated with events You have participated in. The retention of such data, for which the Service Provider acts as a data processor, is determined by the respective Event Organizer (the data controller, please see the Data Processing Addendum). For more detailed information on data retention and your rights, please see our Privacy Policy. The Service Provider is under no obligation to retain any of Your personal account data after Your account has been terminated.
  9. 2.9. Limitation of Liability.

    The Service is provided on an "as is" and "as available" basis without any warranties. The Service Provider does not warrant that the Service will be uninterrupted or error-free.

    The Service Provider does not pre-screen or proactively monitor or edit the content published by its Users and is not responsible for any User Content posted or transmitted through the Service. The responsibility for all User Content lies with the User who provided it. Similarly, the Service may contain links to third-party websites or services that are not owned or controlled by the Service Provider.

    To the fullest extent permitted by law, You acknowledge and agree that Your use of the Service is at Your own risk, and the Service Provider shall not be held liable for any damages or losses, including indirect, incidental, special, consequential, or punitive damages, arising from the use or inability to use the Service.

    For the avoidance of doubt, the Service Provider shall not be liable in any respect for the safety or security of the event. Serious personal injuries can occur in martial arts, and the Service Provider assumes no liability whatsoever for any such injuries, among other things.

    In all cases, the Service Provider's total liability is limited to the amount of the fee paid by You for the Service Provider for the specific event giving rise to the claim. If the claim does not relate to any single event, the liability is instead limited to the total amount of fees paid by You to the Service Provider during the six (6) months immediately preceding the event giving rise to the claim, divided by six. Notwithstanding the foregoing, if the claim arises from Your use of any free-of-charge services or features, the Service Provider shall have no financial liability whatsoever.

  10. 2.10. Indemnification. You agree to indemnify, defend, and hold harmless the Service Provider from and against any and all claims, liabilities, damages, losses, or expenses, including reasonable attorneys' fees and costs, arising out of or in any way connected with Your access to or use of the Service, Your violation of these Terms, or Your infringement of any intellectual property or other right of any third party.
  11. 2.11. Dispute Resolution and Governing Law. These Terms shall be governed by the laws of Finland. Any dispute, controversy or claim arising out of or relating to this contract between a User and the Service Provider shall be finally settled by the Helsinki, Finland District Court (Helsingin käräjäoikeus).

3. Miscellaneous

  1. 3.1. Severability: If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms will remain in full force and effect.
  2. 3.2. No Waiver: The failure of the Service Provider to enforce any right or provision of these Terms will not be deemed a waiver of such right or provision.
  3. 3.3. Force Majeure: The Service Provider shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond the Service Provider's reasonable control, including, without limitation, mechanical, electronic or communications failure or degradation.
  4. 3.4. Feedback: If You provide the Service Provider with any feedback, suggestions, or ideas regarding the Service, You grant the Service Provider a perpetual, irrevocable, royalty-free, worldwide license to use and incorporate such feedback into any of its products and services without any obligation to compensate You.

4. SPECIFIC TERMS FOR EVENT ORGANIZERS (USER GROUP A)

  1. 4.1. Relationship with End Users: You acknowledge that the Service Provider is a technology platform provider. The contractual relationship for participation in an event is solely between You and the End User. You are exclusively responsible for setting and communicating your own terms and conditions, including cancellation policies, liability waivers, and event rules, to End Users.
  2. 4.2. Content and Data Ownership: You retain all ownership rights to the content You create and upload to the Service. You grant the Service Provider a perpetual, worldwide, non-exclusive, royalty-free license to make the content available to the public and produce copies of it, in an unmodified or modified form, for the purpose of providing, developing, and improving the Service.
  3. 4.3. Responsibility for Content: You are solely responsible for the accuracy, legality, and appropriateness of all content You publish. This includes ensuring You have the necessary rights to use any logos, images, or text.
  4. 4.4. Management of Authorized Users: You are responsible for managing Your Authorized Users (e.g., referees), granting them appropriate access levels, and ensuring their compliance with these Terms. You are liable for the actions of Your Authorized Users within the Service.
  5. 4.5. Fees and Payments: For events that require an entry fee from End Users, You agree to pay the Service Provider a service fee. The fee structure is detailed on our official pricing page. This fee creates a direct payment obligation between You and the Service Provider. The standard payment method for the service fee is an invoice sent to You after the conclusion of the event. You are responsible for providing and maintaining accurate billing information. The invoice will be sent to the details associated with your User account unless otherwise requested and agreed upon. Other payment methods may be available upon request. You acknowledge that this service fee is separate from any transaction fees charged by third-party payment processors (e.g., Stripe, PayPal) that you may use to collect entry fees from End Users.

5. SPECIFIC TERMS FOR END USERS (USER GROUP B)

  1. 5.1. Relationship with Event Organizer: When You register for an event through the Service, You are entering into a direct agreement with the Event Organizer, not the Service Provider. All inquiries, claims, or disputes regarding the event itself – including but not limited to scheduling, rules, results, safety, or refund requests – must be directed to the Event Organizer.
  2. 5.2. Your Content: If You decide to upload or share any content, please make sure You have the necessary rights and that the content is legal. You grant the Service Provider a perpetual, worldwide, non-exclusive, royalty-free license to make the content available to the public and produce copies of it, in an unmodified or modified form, for the purpose of providing, developing, and improving the Service.
  3. 5.3. Payments: You acknowledge that all payments for event participation are made to the Event Organizer. When registering a minor, the parent or legal guardian completing the registration is responsible for the payment. If a club makes the registration, it is responsible for ensuring that it has the parents' permission for the registration and any payments. The Service Provider acts only as a technical intermediary for processing these payments on behalf of the Event Organizer.
  4. 5.4. Publicity of Competition Information: You understand and agree that by registering for an event, your name, club, competition category, and other information essential to the tournament (such as draw positions and results) will be published in the Service. This information will be publicly visible as part of the event's participant lists, brackets, and results service, which is necessary for the execution of the competition. The Event Organizer's settings may impact visibility but this does not limit the aforementioned approval. Furthermore, when You sign up as a competitor from a specific club, Your information is made visible to the club's representative to allow for the verification of their information and confirmation of their membership status.

6. SPECIFIC TERMS FOR AUTHORIZED USERS (USER GROUP C)

  1. 6.1. Acting on Behalf of Event Organizer: Your access to the Service is granted and managed by an Event Organizer. You agree to use the Service only for the specific purpose for which you were authorized (e.g., entering match results, checking competitors in, weighing competitors in).
  2. 6.2. Confidentiality: You must maintain the confidentiality of any non-public information You access through the Service.
  3. 6.3. Responsibility: You agree to follow the instructions of the Event Organizer and use the Service accurately and responsibly. Your actions within the Service are performed under the authority and liability of the Event Organizer who granted you access.

7. SPECIFIC TERMS FOR SCHOOL ADMINISTRATORS (USER GROUP D)

  1. 7.1. User Account Required: You must have a User account to create and manage a School entity in the Service.
  2. 7.2. Responsibility for Member Data: You are responsible for the accuracy and maintenance of the registration data of your School's members, such as their names, belt colors, and other relevant competition details.
  3. 7.3. Authorization: By managing your School's members, you confirm that you have obtained the necessary consent from the members (or their legal guardians) to process their personal data for the purpose of event registrations within the Service.

Kihapp Data Processing Agreement ("DPA")

  1. 1. Scope

    This DPA is an integral part of the Kihapp Terms and Conditions ("Terms") and applies to the processing of Personal Data as defined below. This DPA and the Terms constitute the documentation in accordance with which personal data shall be processed.

  2. 2. Parties

    This DPA is entered into between:

    • The Controller: The Event Organizer using the Kihapp Service, also referred to as "Customer".
    • The Processor: Kihapp AB ("Kihapp"), also referred to as "Service Provider".

    The Customer is the controller of personal data as defined in the Data Protection Regulation and is responsible for the processing of this data. The Customer is obligated to comply with all obligations imposed on a data controller by the Data Protection Regulation and other applicable legislation.

    The Service Provider and its potential sub-processors are processors of personal data as referred to in the Data Protection Regulation. The Service Provider is obligated to comply with all obligations imposed on a data processor by the Data Protection Regulation and other applicable legislation, and to ensure in its sub-processing agreements that its sub-processors also comply with them.

  3. 3. Definitions

    "Personal Data" means personal data as defined in Article 4(1) of the Data Protection Regulation, which the Customer has stored in the Service or which has otherwise come to the Service Provider's knowledge in the course of providing the Service, and which the Service Provider processes on behalf of and for the Customer.

    "Processing of Personal Data" means, in accordance with Article 4(2) of the Data Protection Regulation, an operation or set of operations performed on personal data or on sets of personal data, whether by automated means or manually, such as collection, recording, and organization (including the other examples set forth in the regulation).

    "Service" means the Service as defined in the Terms.

    "Data Protection Regulation" means Regulation (EU) 2016/679 of the European Parliament and of the Council (also "GDPR").

  4. 4. Sub-processing

    At the time of entering into this agreement, the Service Provider reserves the right to use the following sub-processors:

    Company Location
    Amazon, Inc. United States
    Google, Inc. United States
    Heroku, Inc., a subsidiary of Salesforce, Inc. United States
    Memcachier, Inc. United States
    Slack, Inc. United States
    Stripe Payments Europe, Ltd Ireland
    Wideko AB Sweden

    The Service Provider must notify the Customer if it plans to change sub-processors or engage new ones.

    The Service Provider is responsible for ensuring that its sub-processors act in accordance with this DPA. The Service Provider is responsible for its sub-processors in the same way as for its own actions.

  5. 5. Processing of Personal Data

    The Service Provider permits the storage of data in its system to enable the functioning of the Service. The data subjects, in accordance with the Data Protection Regulation, are:

    • The primary data subjects are the End Users.
    • However, organizing an event may also require processing of data from other user categories defined in Terms.

    The Controller decides what data to collect. Typical data is described in Privacy Policy Part 2 and the main types of personal data collected are a competitor's contact details, information required to assign them to an appropriate competition group, and their results. Data that is not relevant for the purpose of organizing the event shall not be collected.

    The processing will last until the Customer (Event Organizer) either

    • Deletes the event or
    • Deletes its entire user account or
    • Request the termination of data processing or
    • The default retention period set by the Processor for the Service expires

    unless law or official regulations still require the processing.

    The Service Provider is not entitled to use the Personal Data for its own operations. The Service Provider is responsible for ensuring that the Customer's data is kept separate or is separable from the Service Provider's other data. The Service Provider shall offer the Customer the opportunity to download the material containing Personal Data that has accumulated during the Customer's subscription.

    The Service Provider must restrict access to personal data – unless it is public by the nature of the Service – to only the personnel (including its sub-contractors') who require it for their work tasks, and ensure they comply with the relevant agreements (DPA and Terms) and that they are under an appropriate obligation of confidentiality. The Service Provider is obligated to record sufficient log data of all processing activities concerning Personal Data.

    The Service Provider shall inform the Customer of all requests from data subjects which concern the exercise of a data subject's rights under the Data Protection Regulation and other applicable legislation, and which have been received by the Service Provider instead of the Customer. The Service Provider may also direct the person making the request to contact the Customer. The Customer is responsible for responding to the requests.

    The Service Provider undertakes to assist the Customer with appropriate technical and organizational measures, enabling the Customer to fulfill its obligation to respond to requests concerning the exercise of a data subject's rights.

    In the event of a data security breach, the Service Provider must assist the Customer in making the notification required by the Data Protection Regulation to the supervisory authority and to the data subject. Similarly, the Service Provider assists the Customer in other GDPR related obligations when GDPR demands so.

    The Controller may audit the Service at its own expense and in the limits that GDPR requires.

  6. 6. Service Provider's Data Security

    The Service Provider undertakes to implement appropriate technical and organizational measures to ensure a level of security for the processing of Personal Data that is appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.

    The Service Provider shall regularly monitor the implementation of the security level required by this DPA in its operations.

    The Service Provider shall inform the Customer in writing of any data security breaches concerning the Service without undue delay after becoming aware of them.