Mighty Workflow logo
Sign in Get Mighty free

Terms of Service

  • Effective Date: 7 Sep 2025
  • Last Updated: 7 Sep 2025

Welcome to Mighty Workflow!

These Terms of Service (“Terms”) constitute a binding legal agreement between you (“User,” “you,” or “your”) and Mighty Toolkit (Pty) Ltd, trading as Mighty Workflow (“Mighty Workflow,” “we,” “ us,” or “our”).

These Terms govern your access to and use of our website, applications, and related services (collectively, the “Services”). By creating an account, accessing, or using the Services, you agree to be bound by these Terms.

If you do not agree to these Terms, you must not access or use the Services.

We are committed to handling personal information in compliance with applicable data-protection laws, including the Protection of Personal Information Act, 2013 (POPIA) and, where relevant, the General Data Protection Regulation (GDPR).

1. Who We Are

Mighty Workflow is a workflow automation platform that enables Subscribers and their Invited Users to create and manage workflow steps and collect documents or information from clients.

Mighty Workflow is owned and operated by MIGHTY TOOLKIT (PTY) LTD, a company registered in South Africa under registration number 2025/685291/07. By using Mighty Workflow, you are entering into an agreement with MIGHTY TOOLKIT (PTY) LTD.

  • Company Name: MIGHTY TOOLKIT (PTY) LTD (trading as Mighty Workflow)
  • Registered Address: 2 Willow Ridge, Royal Ascot, Cape Town, Western Cape, 7441, South Africa
  • Contact Email: [email protected]

2. Definitions

For clarity in these Terms:

  • “Mighty Workflow,” “we,” “us,” or “our”: Mighty Toolkit (Pty) Ltd, a company incorporated in South Africa, trading as Mighty Workflow. This is the entity you contract with and, where applicable, pay fees to for use of the Services.
  • “Services”: Our websites, web and mobile applications, APIs, tools, features, and related services we make available now or in future.
  • “Subscriber”: The individual or legal entity that enters into these Terms by signing up for and creating a Workspace in the Services. The Subscriber is legally responsible for the Workspace, including payment of any applicable fees, control of User access and management of User roles and permissions. In Mighty Workflow, the Subscriber is assigned the role of Owner.
  • “Invited User”: Any individual the Subscriber invites to access the Workspace within the Services (e.g., employees, contractors, external clients). The Subscriber controls Invited Users’ roles, permissions, and access, and may change or revoke such access at any time. This includes:
    • Team Members – added by the Subscriber to collaborate in creating and managing workflows.
    • Contacts – external participants (e.g., clients, applicants, suppliers) who are added by the Subscriber or Team Members to complete assigned workflow steps, upload documents, or provide information.
  • “User,” “you,” or “your”: Collectively, the Subscriber and any Invited User. Context will indicate who a clause applies to; where obligations concern billing, access control, and account configuration, they apply to the Subscriber.
  • “Workspace”: The environment created by the Subscriber within the Services that contains Customer Data, Users, and associated settings.
  • “Customer Data”: Any data, files, documents, form responses, messages, or other content you (including Invited Users) submit to or generate within the Services.
  • “Anonymised Data”: Data derived from Customer Data or usage that has been de-identified and/or aggregated so it cannot reasonably identify you or any individual.
  • “Confidential Information”: Non-public information disclosed by one party to the other that is marked confidential or would reasonably be understood as confidential given the nature of the information and the circumstances of disclosure.

3. Who You Are

When you use our Services, you are a User. Users include Subscribers and Invited Users, as defined above. As a Subscriber you are are assigned the role of Owner and take responsibility for fully controlling how your Workspace is used and who can access it, including:

  • Paying all fees for the Workspace subscription.
  • Managing changes to the Workspace subscription.
  • Managing access, roles and permissions of your Invited Users.
  • Resolving any disputes with your Invited Users regarding access to or use of the Workspace.
  • Taking full responsibility for all activity of your Invited Users within the Workspace.

You must be at least 18 years old (or the age of majority in your jurisdiction) to use the Services. The Services are not intended for or directed to children under 18, and we do not knowingly permit them to register or use the Services.

4. Your Workspace

As the Subscriber (and Owner of your Workspace), you agree and commit to:

  • Provide true, accurate, and complete information when creating and maintaining your Workspace.
  • Keep all information up to date, including a current and valid email address.
  • Keep your login credentials secure and confidential.
  • Use a very strong not easily guessable password.
  • Notify us immediately of any unauthorised access or suspicious activity.
  • Accept full responsibility for all use of the Services and all activity within your Workspace.

5. Acceptable Use & Fair Use

You agree not to:

  • Break any laws or infringe others’ rights.
  • Upload offensive, harmful, illegal, or misleading content.
  • Introduce viruses, malware, or malicious code.
  • Access or attempt to reverse-engineer the Services without permission.
  • Resell, lease, or provide the Services to others unless expressly permitted.
  • Send spam, phishing, or fraudulent content through the Services.
  • Act abusively or disrespectfully towards our staff or other Users.
  • Use free-text fields to store payment card data, government identifiers, health information, or other “special categories” of personal data (as defined under POPIA/GDPR) unless a field is explicitly designated for that data type and we have agreed in writing.
  • Use the Services to provide legal, tax, medical, or other professional advice to third parties without validating outputs independently.
  • Use the Services to collect or process data in connection with illegal, fraudulent, or high-risk activities (including but not limited to gambling, adult content, weapons, or crypto-asset promotions) unless expressly permitted in writing.

Sensitive Data

You must not upload or process health/medical data, biometric identifiers, special categories of personal data (GDPR Art. 9), payment card data, or children’s data without our prior written consent and only in fields expressly designated for such data. Protected Health Information (HIPAA) is prohibited unless we have confirmed HIPAA compliance and executed required BAAs in writing.

Fair use limits

To protect all customers, we may apply reasonable usage limits. If your usage is excessive or unreasonable, we may ask you to reduce it within 14 days. Continued breaches may result in suspension or termination.

Reasonable Use Controls

We may meter, rate-limit, or suspend parts of the Services if your use (a) degrades platform performance; (b) exceeds plan limits; (c) poses security or legal risk; or (d) appears automated scraping or abuse. We will endeavour to notify you in advance when reasonable, but we may suspend immediately if necessary to protect the Services, other customers, or comply with law.

6. How You Can Use Mighty Workflow

You may use the Services to:

  • Create, manage, and complete workflows.
  • Invite Users, including Team Members and Contacts, to participate in a Workspace.
  • Collect, store, and process Customer Data in connection with workflows.
  • Complete workflow steps assigned to you as a User.

If you collect personal information from individuals under the age of 18, you must first obtain valid consent from a parent or legal guardian, as required under POPIA and GDPR. The Services are not designed for or directed to children under 18, and we do not knowingly collect data from them without proper consent.

7. Your Content & Responsibility

  • Ownership: You retain ownership of all Customer Data.

  • Licence: You grant us a limited, worldwide, non-exclusive licence to use, copy, transmit, store, back up, and analyse Customer Data solely to:

    • Provide, maintain, and support the Services
    • Improve and develop the Services

    • Create Anonymised Data for analytics and benchmarking

      This licence does not permit us to sell Customer Data, advertise to your Users, or share Customer Data with third parties other than approved sub-processors under the DPA .

  • Controller Responsibilities: As between you and us, you act as the Data Controller for Customer Data, and we act as your Data Processor. You are solely responsible for:

    • Establishing a lawful basis for collection and processing
    • Providing required notices and obtaining valid consent from Data Subjects
    • Ensuring the accuracy, quality, legality, and reliability of Customer Data
    • Configuring the Services (roles, permissions, retention, geography) to meet your compliance needs
    • Responding to Data Subject rights requests and other legal obligations (we will assist as described in the DPA)
  • Responsibility: You are responsible for Customer Data and for the actions of your Invited Users. If Customer Data or your use of the Services breaches these Terms or applicable law, you agree to indemnify us under Section 15.

When you collect data from clients, you are the Data Controller and we act as the Data Processor. The Data Processing Agreement (DPA) forms part of these Terms.

8. Confidentiality

While using the Services, you may share Confidential Information with us, and you may become aware of Confidential Information about us. Both parties agree to:

  • Take all reasonable steps to protect the other party’s Confidential Information from unauthorised access, use, or disclosure.
  • Only use or disclose Confidential Information as necessary to perform obligations under these Terms, or as required by law, regulation, or valid legal process.
  • Limit access to Confidential Information to employees, contractors, or service providers who need it to perform obligations under these Terms and who are bound by confidentiality obligations no less protective than those in these Terms.

Confidential Information does not include information that is public, already known to the receiving party, independently developed without reference to the disclosing party’s information, or lawfully obtained from a third party without restriction.

9. Intellectual Property & Our Rights

We (Mighty Toolkit (Pty) Ltd, trading as Mighty Workflow) own Mighty Workflow, including all intellectual property rights in the Services, platform, design, code, trademarks, and all content we provide through the Services, excluding Customer Data uploaded or submitted by Users.

You may not copy, reproduce, distribute, resell, or create derivative works from any part of the Services or our content unless expressly permitted in writing. You may not reverse-engineer, decompile, or attempt to extract the source code of the Services.

We may update, improve, or modify the Services at any time. Where possible, we’ll let you know about major updates.

10. Security

We use reasonable technical, physical, and administrative safeguards to protect Customer Data. However, no system is 100% secure.

  • Require you to enable certain security features (e.g., multi-factor authentication).
  • Require you to protect your own login details and use strong passwords.
  • Prohibit storing sensitive information in free-form fields, including payment card data, government identifiers, health information, or other “special categories” of personal data (as defined under POPIA/GDPR), unless a field is explicitly designated for that data type and we have agreed in writing.

Shared Responsibility

Security is a shared responsibility. You must:

  • Enable and enforce appropriate MFA.
  • Manage role-based access.
  • Set appropriate retention and export policies.
  • Promptly remove access for departing Users.

Mighty Workflow is not liable for data loss arising from your misconfiguration of the Services or compromised credentials.

11. Payment & Billing (if applicable)

If you are on a paid subscription:

  • Pricing & Terms: You agree to the pricing, billing frequency, and payment terms presented at checkout or in your order form. Subscriptions auto-renew at the end of each billing cycle unless cancelled in accordance with these Terms.
  • Non-Refundable: All fees are non-refundable and non-cancellable, except where required by law or expressly stated otherwise in writing.
  • Payment Failure: If payment fails or is late, we may suspend or restrict access to the Services until payment$ is made. Continued non-payment may result in termination under Section 14.
  • Taxes: Subscription fees are shown exclusive of applicable transactional taxes (such as VAT, GST, or sales tax) unless stated otherwise. Where required by law, Paddle (our Merchant of Record) will calculate, collect, and remit applicable taxes on your behalf. You remain responsible for any other taxes, duties, or charges (including withholding tax) that may apply under your local laws.
  • Disputes: If you dispute any charge, you must notify us (or Paddle) within 30 days of the charge. You must pay undisputed amounts when due.

Chargebacks

If you initiate a chargeback without first providing us a reasonable opportunity to resolve the issue, we may suspend your account, recover associated fees and costs, and treat the chargeback as a material breach of these Terms.

Price Changes

We may change subscription fees from time to time. We will provide advance notice of any increase, and the new rates will apply from the start of your next billing cycle unless you cancel before renewal.

Payment Processing

All payments for subscriptions and services are processed securely by Paddle.com, our authorized Merchant of Record. Paddle is the legal seller of the Services provided through Mighty Workflow and handles payment processing, billing, and the collection and remittance of applicable transactional taxes.

Your payment details are collected and processed exclusively by Paddle. We do not collect or store your credit or debit card information. Use of Paddle’s payment services is subject to Paddle’s own Terms and Privacy Policy.

You will see “Paddle” or Paddle.com on your billing statement. For billing-related queries, you may contact Paddle directly or reach out to us and we will assist in resolving the matter.

12. Availability, Maintenance & Data Loss

  • Availability: We aim to provide the Services 24/7. From time to time, we may need to perform maintenance, upgrades, or deal with unforeseen issues, which may result in downtime. We try to minimise such downtime and, where practicable, will provide advance notice of planned maintenance. We are not liable for any loss, damage, or expense arising from temporary unavailability of the Services (see Section 16 – Limitation of Liability).
  • Access issues: You understand that the Services may occasionally be unavailable due to factors outside our reasonable control (such as internet outages, third-party service failures, or network congestion).
  • Data loss: Data loss is an inherent risk of technology. You are responsible for maintaining your own backups and exports of Customer Data. Our liability for loss or corruption of data is limited to taking reasonable steps to attempt recovery from available backups.
  • Compensation: We do not guarantee uninterrupted availability. At our discretion, we may provide service credits or refunds in cases of prolonged, system-wide downtime, but we are not obliged to do so.
  • Support: We provide online resources and support to help resolve issues. If you cannot resolve a problem through our help resources, you may contact us directly.
  • Modifications: We regularly release updates, improvements, and enhancements to the Services, and may occasionally discontinue features. Where practical, we will provide advance notice (e.g., by email, in-app notices, or blog posts).

13. Hosting & Cross-Border Data Transfers

Our primary servers are located in the European Union (EU), and Customer Data is hosted in this region. If you or your clients are located outside the EU, Customer Data and personal information may be transferred internationally for storage and processing. By using the Services, you acknowledge and agree that such transfers may occur from South Africa (or your location) to the EU. Transfers to the EU are permitted under section 72 of POPIA, as the EU is subject to the General Data Protection Regulation (GDPR), which provides an adequate level of protection substantially similar to POPIA.

14. Termination & Data

  • By You: You may cancel your subscription at any time. Cancellation is effective at the end of the current billing period unless otherwise agreed in writing. Subscription fees already paid are non-refundable.
  • By Us: We may suspend or terminate your account if:
    • You commit a breach of these Terms and fail to remedy it within 14 days of notice;
    • You commit a serious breach that cannot be remedied;
    • You fail to make payment when due:
      • If payment is not received within 7 days of the due date, we may suspend your access; and
      • If payment is not received within 14 days of the due date, we may terminate your subscription.
    • Your use of the Services poses a security risk, legal risk, or materially degrades performance for others.
  • Content Removal: We may remove or disable any Customer Data or content that, in our reasonable judgment, violates these Terms, applicable law, or third-party rights.
  • Data Retention & Export:
    • After termination, we will retain Customer Data for up to 60 days to give you an opportunity to export or reactivate your account.
    • During this 60-day period, your access may be limited to export-only functionality.
    • After this period, Customer Data may be permanently deleted, subject to any legal retention obligations.
    • We retain this window as a courtesy, but you remain solely responsible for exporting or backing up your data before deletion.

15. Indemnity

Your Indemnity

Except to the extent caused by Mighty Workflow’s breach of these Terms, you shall defend, indemnify, and hold harmless Mighty Workflow, its affiliates, and their officers, directors, employees, and agents from and against any third-party claims, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:

  • Your or your Invited Users’ use of the Services in violation of law or these Terms;
  • Customer Data (including alleged IP infringement, defamation, privacy or data-protection violations, or other unlawful content);
  • Your failure to provide required notices/consents or to establish a lawful basis for processing Customer Data.

Exclusions

We have no obligation for any claims arising from: (i) Customer Data; (ii) your specifications, modifications, or configurations; (iii) combinations with non-Mighty products, services, or data; or (iv) use of unsupported or outdated versions of the Services.

Survival

This Section 14 survives termination of these Terms.

16. Limitation of Liability

Mighty Workflow’s liability to you in connection with the Services or these Terms, whether in contract, tort (including negligence), or otherwise, is limited as follows:

  • As Is: The Services are provided “as is” and “as available.” We do not guarantee they will be error-free, uninterrupted, or meet every need.
  • No Indirect or Certain Direct Damages: We are not liable for indirect, incidental, special, consequential, punitive, or exemplary damages, or for loss of profits, revenue, goodwill, reputation, anticipated savings, customers, capital, or compliance with legal, tax, or accounting obligations , even if advised of the possibility.
  • Cap on Liability: Our total aggregate liability to you in any circumstances is limited to the total subscription fees you paid in the 12 months immediately preceding the event giving rise to the liability.
  • Exclusions: These limits do not apply to liability that cannot be excluded under law, including fraud, wilful misconduct, gross negligence, or death/personal injury caused by negligence.
  • Data Loss: You are responsible for exporting and backing up Customer Data. Our liability for any loss or corruption of Customer Data is limited to taking reasonable steps to attempt recovery from our available backups. We are not liable for loss of data caused by your misconfiguration, integrations, or third-party systems.

17. Privacy

We respect your privacy. Our Privacy Policy explains what data we collect, how we use it, and your rights. By using the Services, you agree to our Privacy Policy .

18. Force Majeure

We are not liable for delays or failures caused by events beyond our reasonable control, including natural disasters, strikes, internet outages, or government actions.

19. Notices

Notices to us must be sent to [email protected] (or another email we specify). Notices to you will be sent to the primary email linked to your account.

20. Governing Law & Venue

  • Informal Resolution: If a dispute arises, both parties will first attempt to resolve it informally and in good faith.
  • South African Law: These Terms are governed by the laws of South Africa. Both parties submit to the jurisdiction of the High Court of South Africa, Western Cape Division, Cape Town .
  • Arbitration / Small Claims: If a dispute cannot be resolved informally:
    • For customers in South Africa, disputes may be resolved in small claims court where appropriate.
    • For customers outside South Africa, disputes may alternatively be finally resolved by binding arbitration under the Rules of the Arbitration Foundation of Southern Africa (AFSA). The seat of arbitration will be Cape Town, South Africa, the language will be English, and the award will be final and enforceable in any competent court.
  • Class Actions: To the extent permitted by law, disputes must be brought on an individual basis and not as part of a class, consolidated, or representative action.
  • User-to-User Disputes: You are solely responsible for resolving disputes between you and any other Subscriber or Invited User.

21. Changes to These Terms

We may update these Terms from time to time. Material changes will not apply retrospectively. Where practical, we will give at least 30 days’ prior notice (by email or in-app).

If you do not agree to changes, you may terminate before they take effect. Continued use of the Services means you accept the updated Terms.

22. Entire Agreement

These Terms, together with our Privacy Policy and any other referenced policies, form the entire agreement between you and us regarding the Services.

23. Contact Us

If you have any questions about these Terms, please contact us:

📧 [email protected]

🏢 2 Willow Ridge, Royal Ascot, Cape Town, Western Cape, 7441, South Africa