Privacy Policy

JT AI Digital Studio ("we," "us," "Company") is committed to protecting your personal data and respecting your privacy. This Privacy Policy applies to all services, products, and digital platforms we operate.

This policy is aligned with: • Saudi Personal Data Protection Law (PDPL) — Royal Decree M/19 • EU General Data Protection Regulation (GDPR) 2016/679 • International privacy standards and best practices

By using our services, you acknowledge you have read and understood this policy.

We collect the following categories of personal data:

Data you provide directly: • Contact information: Name, email address, phone number, company name • Inquiry details: Project description, budget range, service type requested • Contractual data: Information necessary to deliver agreed services

Data collected automatically: • Usage data: Pages visited, session duration, navigation paths • Technical data: Anonymized IP address, browser type, operating system • Cookies: Per our separate Cookies Policy

Data we never collect: • Special category data (health, religion, political opinions) • Data from individuals under 18 years of age

We process your personal data under the following legal bases:

Consent: For marketing communications, newsletters, and non-essential cookies — withdrawable at any time.

Contract: To deliver services you've engaged us for and manage our business relationship.

Legitimate Interests: To improve our services, ensure platform security, and manage business relationships.

Legal Obligation: To comply with Saudi PDPL requirements and other applicable legal obligations.

Under PDPL and GDPR, you have the right to object to processing based on legitimate interests.

Who we share data with: • Technical service providers (hosting, email) — under Data Processing Agreements • Legal authorities — only when legally required • Business partners — only with your explicit consent

International Transfers: When transferring data outside Saudi Arabia or the EU/EEA, we ensure appropriate safeguards including: • Standard Contractual Clauses (SCCs) • Data Processing Agreements with sub-processors • Transfer Impact Assessments (TIAs)

We never sell your personal data to any third party.

We implement comprehensive technical and organizational security measures:

Technical Measures: • Data encryption in transit (TLS 1.3) and at rest (AES-256) • Web Application Firewall (WAF) protection • Continuous security monitoring (24/7) • Regular penetration testing • Role-based access controls (principle of least privilege)

Organizational Measures: • Regular team training on data protection • Clear data access policies • Data breach response procedures • Periodic security reviews and audits

In Case of Breach: We will notify you and relevant authorities within 72 hours as required by law.

You have the following rights regarding your personal data:

Right of Access: Request a copy of your personal data we process.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"): Request deletion of your data in legally permitted circumstances.

Right to Restrict Processing: Request limitation of processing in specific circumstances.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing for direct marketing purposes.

How to Exercise Your Rights: Submit your request to: contact@jtaidigital.com We will respond within 30 days. Identity verification required.

Retention periods: • Inquiry data: 3 years from last interaction • Active client data: Contract duration + 7 years (legal requirements) • Analytics data: 26 months (anonymized) • Security logs: 12 months

Upon expiry, your data is securely deleted or anonymized.

Early Deletion Requests: You may request deletion of your data at any time, unless we are legally required to retain it.

Data Protection Contact: Email: contact@jtaidigital.com Location: Riyadh, Saudi Arabia

Filing a Complaint: If you have concerns about how we handle your data, you have the right to lodge a complaint with: • Saudi Data & AI Authority (SDAIA) — for Saudi-based individuals • Your national data protection authority — for EU/EEA-based individuals

We encourage you to contact us first to resolve any concerns directly.