Privacy Policy
1. Introduction & Scope
JT AI Digital Studio ("we," "us," "Company") is committed to protecting your personal data and respecting your privacy. This Privacy Policy applies to all services, products, and digital platforms we operate.
This policy is aligned with: • Saudi Personal Data Protection Law (PDPL) — Royal Decree M/19 • EU General Data Protection Regulation (GDPR) 2016/679 • International privacy standards and best practices
By using our services, you acknowledge you have read and understood this policy.
2. Data We Collect
We collect the following categories of personal data:
Data you provide directly: • Contact information: Name, email address, phone number, company name • Inquiry details: Project description, budget range, service type requested • Contractual data: Information necessary to deliver agreed services
Data collected automatically: • Usage data: Pages visited, session duration, navigation paths • Technical data: Anonymized IP address, browser type, operating system • Cookies: Per our separate Cookies Policy
Data we never collect: • Special category data (health, religion, political opinions) • Data from individuals under 18 years of age
3. Legal Basis for Processing
We process your personal data under the following legal bases:
Consent: For marketing communications, newsletters, and non-essential cookies — withdrawable at any time.
Contract: To deliver services you've engaged us for and manage our business relationship.
Legitimate Interests: To improve our services, ensure platform security, and manage business relationships.
Legal Obligation: To comply with Saudi PDPL requirements and other applicable legal obligations.
Under PDPL and GDPR, you have the right to object to processing based on legitimate interests.
4. Data Sharing & International Transfers
Who we share data with: • Technical service providers (hosting, email) — under Data Processing Agreements • Legal authorities — only when legally required • Business partners — only with your explicit consent
International Transfers: When transferring data outside Saudi Arabia or the EU/EEA, we ensure appropriate safeguards including: • Standard Contractual Clauses (SCCs) • Data Processing Agreements with sub-processors • Transfer Impact Assessments (TIAs)
We never sell your personal data to any third party.
5. Security & Data Protection
We implement comprehensive technical and organizational security measures:
Technical Measures: • Data encryption in transit (TLS 1.3) and at rest (AES-256) • Web Application Firewall (WAF) protection • Continuous security monitoring (24/7) • Regular penetration testing • Role-based access controls (principle of least privilege)
Organizational Measures: • Regular team training on data protection • Clear data access policies • Data breach response procedures • Periodic security reviews and audits
In Case of Breach: We will notify you and relevant authorities within 72 hours as required by law.
6. Your Rights (PDPL & GDPR)
You have the following rights regarding your personal data:
Right of Access: Request a copy of your personal data we process.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your data in legally permitted circumstances.
Right to Restrict Processing: Request limitation of processing in specific circumstances.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing for direct marketing purposes.
How to Exercise Your Rights: Submit your request to: contact@jtaidigital.com We will respond within 30 days. Identity verification required.
7. Data Retention & Deletion
Retention periods: • Inquiry data: 3 years from last interaction • Active client data: Contract duration + 7 years (legal requirements) • Analytics data: 26 months (anonymized) • Security logs: 12 months
Upon expiry, your data is securely deleted or anonymized.
Early Deletion Requests: You may request deletion of your data at any time, unless we are legally required to retain it.
8. Contact & Complaints
Data Protection Contact: Email: contact@jtaidigital.com Location: Riyadh, Saudi Arabia
Filing a Complaint: If you have concerns about how we handle your data, you have the right to lodge a complaint with: • Saudi Data & AI Authority (SDAIA) — for Saudi-based individuals • Your national data protection authority — for EU/EEA-based individuals
We encourage you to contact us first to resolve any concerns directly.
This policy is effective as of 2025-01-01. For inquiries: contact@jtaidigital.com