GDPR Compliance

Version 1.0 - Effective Date: January 26, 2025

1. Introduction

JAI Portal is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This document outlines our commitment to GDPR compliance and your rights as a data subject.

2. Data Controller Information

JAI Portal acts as the data controller for personal data collected through our AI content generation platform. We are responsible for determining the purposes and means of processing your personal data.

Contact Information:
Email: support@jaitech.ai
Website: https://www.jaiportal.com

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance (Article 6(1)(b)): To provide AI generation services and manage your account
  • Legitimate Interest (Article 6(1)(f)): For service improvement, security, and fraud prevention
  • Consent (Article 6(1)(a)): For marketing communications and optional features
  • Legal Obligation (Article 6(1)(c)): For compliance with applicable laws and regulations

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation whether we process your personal data and, if so, access to that data and information about the processing.

Right to Rectification (Article 16)

You have the right to obtain rectification of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure (Article 17)

You have the right to obtain erasure of personal data ("right to be forgotten") under certain circumstances, including when the data is no longer necessary for the original purposes.

Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data, particularly for direct marketing purposes or processing based on legitimate interests.

Rights Related to Automated Decision-making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at support@jaitech.ai with the subject line "GDPR Rights Request" and include:

  • Your full name and email address associated with your account
  • Specific right(s) you wish to exercise
  • Details of your request and any relevant information
  • Proof of identity (for security purposes)

We will respond to your request within one month of receipt. In complex cases, this period may be extended by up to two additional months.

6. Data Processing Activities

We process the following categories of personal data:

Account Data

  • Name, email address, and authentication information
  • Account preferences and settings
  • Credit balance and transaction history

Usage Data

  • AI model usage patterns and generation history
  • Input prompts and generated content (stored for 30 days)
  • Platform interaction data and analytics

Technical Data

  • IP addresses and device information
  • Browser type and operating system
  • Access logs and security monitoring data

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Retained while your account remains active and for 30 days after account deletion
  • Generated Content: Automatically deleted after 30 days from creation
  • Transaction Records: Retained for 7 years for legal and accounting purposes
  • Marketing Data: Retained until you withdraw consent or opt-out

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Certification schemes and codes of conduct
  • Other legally recognized transfer mechanisms

9. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access controls and authentication
  • Monitoring: Continuous security monitoring and incident response
  • Compliance: Regular security audits and compliance assessments
  • Training: Staff training on data protection and security practices

10. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours when required
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all data breaches and remediation actions taken
  • Conduct thorough investigations to prevent future breaches

11. Third-Party Processors

We work with third-party service providers who process personal data on our behalf:

  • AI model providers (Replicate, FAL.AI, Freepik, OpenAI)
  • Cloud hosting and infrastructure services
  • Payment processors and financial services
  • Analytics and monitoring services

All third-party processors are bound by contractual obligations to protect your data and comply with GDPR requirements.

12. Privacy by Design

We implement privacy by design principles throughout our service:

  • Data minimization: We collect only necessary data
  • Purpose limitation: Data is used only for specified purposes
  • Storage limitation: Data is retained only as long as necessary
  • Transparency: Clear information about data processing
  • User control: Tools to manage and control personal data

13. Children's Data

Our services are not intended for individuals under the age of 16. We do not knowingly collect or process personal data from children under 16 without appropriate parental consent.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You may contact your local data protection authority or the authority where our main establishment is located.

15. Updates to This Document

We may update this GDPR compliance document to reflect changes in our practices or applicable regulations. Updates will be communicated through our platform and privacy policy updates.

16. Contact Information

For questions about GDPR compliance or to exercise your rights:

Email: support@jaitech.ai
Subject Line: "GDPR Rights Request" or "GDPR Inquiry"
Website: https://www.jaiportal.com

Last Updated: January 26, 2025
© 2025 JAI Portal. All rights reserved.

Back to Platform