JRGenix
Legal

Privacy Policy

Last updated: 29 April 2026 · Operator: JR Nexus Solutions · Brand: JRGenix (jrgenix.com)

Contents

  1. Overview & Legal Basis
  2. Data Controller
  3. Information We Collect
  4. How We Use Information
  5. Legal Basis for Processing
  6. Sharing & Sub-Processors
  7. Cross-Border Data Transfers
  8. Data Retention
  9. Security Measures
  10. Your Rights Under UAE PDPL
  11. Cookies & Tracking
  12. Children's Data
  13. Data Breach Notification
  14. Changes to This Policy
  15. Data Protection Contact

1. Overview & Legal Basis

This Privacy Policy describes how JR Nexus Solutions("we", "our", "us"), operating the JRGenix platform at jrgenix.com ("Service"), collects, uses, stores, and protects your personal data.

We process personal data in compliance with:

  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL");
  • UAE Federal Decree-Law No. 14 of 2023 on Combating Commercial Fraud (e-commerce provisions);
  • Applicable international standards including the EU General Data Protection Regulation (GDPR) where users are located in the EU/EEA, and the California Consumer Privacy Act (CCPA) where users are California residents.

2. Data Controller

The data controller for personal data processed through the Service is:

JR Nexus Solutions[Your UAE office address — replace before launch]
United Arab Emirates

Trade License: [LICENSE-NUMBER]
Data Protection Contact: legal@jrgenix.com

3. Information We Collect

3.1 Information you provide directly

  • Account information: name, email address, password (stored as bcrypt hash), business name (optional), country.
  • Payment information: billing address, VAT number (where applicable). Full payment card details are processed and stored exclusively by Stripe — we do NOT store full card numbers, CVV, or expiry on our systems.
  • User Content: product URLs, affiliate links, page configurations, email content, customer lists you upload, and other inputs to the Service.
  • Support correspondence: any email, chat, or support ticket you send us.

3.2 Information collected automatically

  • Usage data: pages visited, features used, generation counts, timestamps, error logs.
  • Device & technical data: IP address (anonymized for analytics), browser type, operating system, referring URL, screen resolution.
  • Cookies & equivalent storage: see Section 11 (Cookies & Tracking).

3.3 Information from third parties

  • Payment status: from Stripe (transaction success/failure, last-4-digits of card, billing country).
  • Authentication: if you sign in via a third-party provider (e.g., Google), we receive your name and email as authorized by that provider.

4. How We Use Information

We use personal data for the following purposes:

  • Service delivery: to operate the Service, generate websites/funnels/emails as you request, and provide customer support.
  • Account management: to authenticate access, manage subscriptions, send service-related notifications.
  • Billing: to process payments via Stripe, manage subscription renewals, issue invoices and refunds.
  • Product improvement: to analyze aggregated usage patterns, identify bugs, prioritize features. We do not use your User Content for AI model training.
  • Security & abuse prevention: to detect and prevent fraud, unauthorized access, abuse of the Service.
  • Legal compliance: to comply with applicable laws, respond to lawful requests by regulators or law enforcement.
  • Marketing (with consent): to send product updates and offers, only if you have opted in. You can unsubscribe at any time.

6. Sharing & Sub-Processors

We do not sell, rent, or trade your personal data. We share data only with the following categories of recipients:

6.1 Sub-processors (data processors acting on our behalf)

  • Stripe, Inc. — payment processing. PCI-DSS Level 1 certified. Data: payment card details, billing address, transaction metadata. Location: USA / EU.
  • OpenAI, L.L.C. — AI content generation. Data: User Content submitted for generation (product descriptions, page inputs). Location: USA. Per OpenAI's enterprise policy, prompts submitted via API are NOT used to train OpenAI models.
  • Cloudflare, Inc. — CDN, DDoS protection, DNS. Data: anonymized IP addresses, request metadata. Location: global edge network.
  • Hosting provider — Hostinger International (Lithuania-based, India infrastructure used) and/or Oracle Cloud Infrastructure (UAE / India regions). Data: all account and User Content. Location: UAE / India / EU per region selection.
  • Email service provider — for transactional emails (account confirmations, billing notices). Provider TBD; will be disclosed before launch.

6.2 Legal disclosures

We may disclose personal data when required by law, court order, or by a competent UAE regulatory authority, including but not limited to the UAE Data Office and the UAE Telecommunications and Digital Government Regulatory Authority (TDRA).

6.3 Business transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to a continuation of this Privacy Policy or substantially similar protections.

7. Cross-Border Data Transfers

Some sub-processors (notably Stripe and OpenAI) are located outside the UAE. Where personal data is transferred outside the UAE, we ensure adequate safeguards are in place in accordance with UAE PDPL Article 22 and applicable international transfer mechanisms, including:

  • Recipient countries with adequate data protection regimes (per UAE Data Office determinations);
  • Standard contractual clauses (SCCs) where adequacy is not established;
  • Explicit user consent for specific transfers, where required.

8. Data Retention

We retain personal data only as long as necessary for the purposes described above:

  • Active accounts: retained while your account is active.
  • Closed accounts: deleted within 90 days of account closure, except where retention is required by law (e.g., financial records: 7 years per UAE tax law).
  • Generated Output: retained while account is active; you may delete individual generations from your dashboard at any time.
  • Server logs: retained for 30 days for security and debugging purposes, then automatically purged.
  • Backups: retained for 30 days then overwritten on rotating schedule.
  • Marketing consents: retained until you unsubscribe.

9. Security Measures

We implement reasonable technical and organizational measures to protect personal data, including:

  • HTTPS / TLS encryption in transit for all data;
  • Encryption at rest for sensitive data fields;
  • Bcrypt hashing for passwords (never stored in plain text);
  • Role-based access controls and audit logging;
  • Regular security updates and vulnerability monitoring;
  • PCI-DSS compliance for payment processing (via Stripe);
  • DDoS protection and bot mitigation (via Cloudflare);
  • Limited employee access to personal data on a need-to-know basis.

No system is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. We encourage you to use a strong, unique password and enable two-factor authentication when available.

10. Your Rights Under UAE PDPL

As a data subject under UAE PDPL (Articles 13-19), you have the following rights:

  • Right of access: request a copy of personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction of processing: request that we limit processing in certain circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to object: object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: at any time, where processing is based on consent.
  • Right to lodge a complaint: with the UAE Data Office or your local supervisory authority.

To exercise any of these rights, contact us at legal@jrgenix.com. We will respond within thirty (30) days as required by UAE PDPL Article 19.

11. Cookies & Tracking

We use cookies and equivalent storage technologies to operate the Service. Categories used:

  • Strictly necessary: session cookies for authentication, CSRF protection, and core functionality. Cannot be disabled.
  • Functional: remember your preferences (e.g., billing-cycle toggle, dark-mode setting).
  • Analytics: anonymized usage analytics to understand feature adoption.

We do NOT use third-party advertising or cross-site tracking cookies. See our Cookie Policy for full detail and management options.

12. Children's Data

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact legal@jrgenix.comand we will delete such information promptly.

13. Data Breach Notification

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of affected data subjects, we will notify the UAE Data Office and affected individuals without undue delay, in accordance with UAE PDPL Article 9 and applicable international standards.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page. For material changes affecting how we use your personal data, we will provide additional notice (such as an email or in-app notification) at least 14 days before the change takes effect.

15. Data Protection Contact

For privacy-related questions, complaints, or to exercise your rights:

  • Email: legal@jrgenix.com
  • Postal: JR Nexus Solutions, Data Protection Officer, [Your UAE office address — replace before launch], United Arab Emirates
  • UAE Data Office: if you are unsatisfied with our response, you may file a complaint at u.ae