Privacy Policy

Welcome to JSA Craziness ("Platform", "we", "us"). We are committed to protecting your privacy and personal data in accordance with the Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/19) dated 9/2/1443H, which became fully enforceable on September 14, 2024.

This policy explains how we collect, use, store, and protect your personal data when you use our services.

We collect the following types of personal data with your explicit consent:

• Account Data: Name, email address, user ID upon registration.
• Usage Data: Content entered into AI tools (text prompts, reference images, commands).
• Technical Data: IP address, browser type, operating system, cookies.
• Generated Content: Images, videos, and text generated by platform tools.

We process your personal data based on the following legal bases under PDPL:

• Explicit Consent: We obtain your explicit consent before collecting or processing any personal data through AI models.
• Contract Performance: Processing data necessary to provide our services to you.
• Legitimate Interest: Improving our services and ensuring platform security.
• Legal Obligation: Compliance with applicable laws and regulations in Saudi Arabia.

In accordance with PDPL data localization requirements:

• We strive to host platform servers and databases locally within data centers in Saudi Arabia.
• Sensitive personal data transfer outside the Kingdom is prohibited except in exceptional cases under Standard Contractual Clauses approved by SDAIA.
• If data transfer outside the Kingdom is needed for AI processing, you will be notified and your prior consent obtained.

Under the Personal Data Protection Law, you have the following rights:

• Right of Access: View your personal data stored with us.
• Right of Rectification: Correct any inaccurate or incomplete data.
• Right of Erasure: Request deletion of your personal data.
• Right to Withdraw Consent: Withdraw your consent to data processing at any time.
• Right to Data Portability: Obtain a copy of your data in a machine-readable format.
• Right to Object: Object to processing of your data for certain purposes.

To exercise any of these rights, please contact our Data Protection Officer at: [email protected]

In compliance with PDPL requirements, we have appointed a Data Protection Officer registered with the National Data Governance Platform. Contact:

• Email: [email protected]
• We will respond to your inquiries within a maximum of 30 days.

We implement strict security measures to protect your data, including:

• Data encryption in transit (TLS/SSL) and at rest (AES-256).
• Strict access controls and identity management.
• Regular penetration testing of the platform.
• Cyber incident response plan with notification to relevant authorities within 72 hours in case of a breach.