GDPR & Data Protection

Last Updated: October 7, 2025

Your rights under the General Data Protection Regulation and how we protect your data.

1. Our Commitment to GDPR

Jupaya AI, operated by ZEDBINARY LTD (Company Registration: RC7235301, Abuja, Nigeria), is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of all individuals, including those in the European Economic Area (EEA).

This page provides specific information about your rights under GDPR and how we process your personal data in compliance with these regulations.

2. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to perform our contract with you (providing FAQ generation services, account management).

Legitimate Interests

Processing necessary for our legitimate business interests (service improvement, security, fraud prevention) that do not override your rights.

Consent

Processing based on your explicit consent (marketing communications, optional analytics, third-party integrations). You can withdraw consent at any time.

Legal Obligations

Processing necessary to comply with legal obligations (tax records, payment processing, regulatory compliance).

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

3.1 Right to Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and access to that data. You can request:

  • A copy of your personal data
  • Information about how we process your data
  • Details about data sharing and retention

3.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to complete incomplete data.

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purpose collected
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding grounds
  • The data has been unlawfully processed

3.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing when:

  • You contest the accuracy of your data
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You object to processing pending verification

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON, CSV) and transmit it to another controller.

3.6 Right to Object (Article 21)

You have the right to object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling)
  • Processing for scientific/historical research purposes

3.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. Note: Our AI FAQ generation does not make automated decisions that significantly affect you.

3.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Submit a Data Subject Request

  1. Email us at [email protected]
  2. Include your full name and account email address
  3. Specify which right(s) you wish to exercise
  4. Provide any additional relevant information
  5. We may request identity verification for security purposes

Response Time: We will respond to your request within 1 month (30 days). In complex cases, this may be extended by 2 additional months with notification.

Free of Charge: Exercising your rights is generally free. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

Identity Verification: To protect your privacy, we may ask you to verify your identity before processing your request. This may include confirming your email address or answering security questions.

5. Our Data Processing Activities

We process the following categories of personal data:

Data CategoryPurposeLegal BasisRetention
Account DataService provisionContractUntil deletion
Uploaded ContentFAQ generationContract30 days
Usage DataService improvementLegitimate Interest12 months
Payment DataBilling, complianceContract, Legal7 years
Marketing DataEmail campaignsConsentUntil withdrawal

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including:

  • United States: Google Cloud Platform, OpenAI (covered by Standard Contractual Clauses)
  • Nigeria: ZEDBINARY LTD headquarters

We ensure appropriate safeguards are in place for international transfers:

  • EU Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with processors
  • Adequacy decisions where applicable
  • Binding corporate rules for group transfers

7. Data Protection Officer (DPO)

You can contact our Data Protection Officer for any GDPR-related questions or concerns:

Data Protection Officer

Email: [email protected]

ZEDBINARY LTD

Abuja, Nigeria

8. Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery plans
  • Secure data centers with physical security

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  1. Notify the relevant supervisory authority within 72 hours of becoming aware
  2. Notify affected individuals without undue delay
  3. Provide clear information about the breach, its impact, and our response
  4. Take immediate steps to mitigate the breach and prevent recurrence

If you believe your personal data has been compromised, contact us immediately at [email protected].

10. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred.

EU Supervisory Authorities: Find your local data protection authority

However, we encourage you to contact us first at [email protected] so we can address your concerns directly.

11. Contact Information

For any GDPR-related questions or to exercise your rights, contact us:

ZEDBINARY LTD

GDPR Inquiries: [email protected]

Data Protection Officer: [email protected]

General Support: [email protected]

Address: Abuja, Nigeria

Company Registration: RC7235301

Privacy Policy →Terms of Service →Cookie Policy →