Privacy policy

Effective: 13 May 2026 · Controller: Jonarix (as described in your contract or, for self-serve, the entity stated at checkout).

This policy explains how we process personal data when you visit our websites, create an account, or use the Jonarix registry and related services. It should be read together with our Terms of service, Cookie policy, and (for organizations) our Data processing addendum.

1. Who we are & scope

Jonarix operates the Services identified on our websites, with primary headquarters in Nairobi, Kenya. Depending on your region, different Jonarix affiliates may act as controller. For privacy requests, contact info@jonarix.com with the subject line “Privacy request”.

Workspaces & enterprise: If your employer invited you to a Jonarix workspace, your organization may be the controller of certain account and usage data; we process that data as a processor under their instructions and our DPA.

2. Categories of data we collect

2.1 You provide directly

  • Account & profile: name, email, organization, role, avatar (optional), preferences.
  • Billing: billing contact, payment method metadata (card type/last four where applicable; full numbers are handled by our payment processor).
  • Support & safety: messages you send us, attachments, call notes where you join a support call.
  • Customer Content: prompts, configs, comments, and metadata you upload to the Services.

2.2 Collected automatically

  • Device & log: IP address, approximate location, browser type, timestamps, pages or API routes accessed, diagnostic logs.
  • Cookies & similar tech: as described in our Cookie policy.

3. How we use personal data

We use data to:

  • Provide, operate, secure, and improve the Services (including debugging, abuse prevention, and capacity planning).
  • Authenticate users, enforce plans and limits, and bill for paid features.
  • Communicate about the Services, security alerts, and (where allowed) product updates; you can opt out of non-essential marketing email via the unsubscribe link.
  • Comply with law, respond to lawful requests, and protect rights and safety.
  • Develop aggregate or de-identified analytics that do not identify you.

4. Legal bases (EEA, UK, CH)

Where GDPR-style laws apply, we rely on one or more of: contract (to deliver the Services you request), legitimate interests (to secure and improve the product, commensurate with your rights), consent (for optional cookies or marketing where required), and legal obligation.

5. How we share data

We share personal data with:

  • Service providers who assist us (hosting, email delivery, analytics where permitted, payment processing, customer support tooling) under written agreements and only as needed.
  • Your organization when you use a team workspace they administer.
  • Professional advisers (lawyers, auditors) under confidentiality.
  • Authorities when required by law or to protect vital interests.
  • Business transfers in connection with a merger or acquisition, subject to appropriate safeguards.

We do not sell personal data as “sale” is defined under U.S. state privacy laws, and we do not share it for cross-context behavioral advertising.

6. International transfers

We may process data in the United States and other countries where we or our providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses and supplementary measures.

7. Retention

We retain personal data for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and meet legal requirements. Backup copies may persist for a limited technical window. Customer Content retention follows your plan settings and in-product controls where available.

8. Your privacy rights

Depending on your location, you may have rights to access, rectify, delete, restrict, or port your personal data, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority.

To exercise rights, email info@jonarix.com. We may need to verify your identity. Authorized agents: follow the same channel with proof of authorization as required by law.

California residents: you may request the categories of personal information we collect and purposes, and request deletion or correction subject to exceptions. We do not discriminate for exercising privacy rights.

9. Children

The Services are not directed to children under the age of digital consent. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it promptly.

10. Security

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and logging. No method of transmission or storage is 100% secure; see Security disclosures for reporting vulnerabilities.

11. Cookies

See our Cookie policy for types of cookies, purposes, and your choices.

12. Changes to this policy

We will post updates here and revise the effective date. Where changes are material and consent is required, we will obtain consent or offer an appropriate alternative.

13. Contact

Privacy questions: info@jonarix.com. Security-sensitive reports: support@jonarix.com.

Related: Terms of service · DPA overview · FAQs

Important: This policy is a structured template for a marketing site and product. Have qualified privacy counsel review it before production use, especially if you handle special categories of data or operate in highly regulated sectors.