Privacy Policy

JournoRequest ("we", "us", "our") is operated by JI Digital Ltd. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and application.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

1. Data Controller

JI Digital Ltd is the data controller responsible for your personal data.

• Email: privacy@journorequest.com
• Website: journorequest.com

2. Data We Collect

We collect the following categories of personal data:

Data Type	Purpose	Legal Basis
Email address	Account creation, login, notifications	Contract performance
Password (hashed)	Account security	Contract performance
Name (optional)	Personalisation	Consent
Payment information	Subscription billing via Stripe	Contract performance
Keyword preferences	Content filtering and email alerts	Contract performance
Saved posts	Bookmarking feature	Contract performance
Usage data (pages viewed, features used)	Service improvement	Legitimate interest
IP address, device, browser	Security, analytics	Legitimate interest

3. How We Use Your Data

We use your personal data to:

• Provide and maintain the JournoRequest service
• Process your subscription payments through Stripe
• Send you email alerts for matching journalist requests (when enabled)
• Improve our service based on usage patterns
• Communicate important service updates
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal effects.

4. Legal Basis for Processing

Under UK GDPR and UAE PDPL, we process your data based on:

• Contract performance: Processing necessary to provide the service you signed up for
• Consent: Where you have given clear consent (e.g., enabling email alerts, accepting cookies)
• Legitimate interest: Where processing is necessary for our legitimate business interests (e.g., security, service improvement), balanced against your rights
• Legal obligation: Where we are required to process data by law

5. Third-Party Data Processors

We share your data only with trusted processors who assist in operating our service:

Provider	Purpose	Data Shared	Location
Stripe	Payment processing	Email, payment details	US (EU-US DPF certified)
Railway / Cloud hosting	Application hosting	All application data	US/EU
Resend	Transactional email	Email address	US

All processors are bound by data processing agreements and are required to protect your data in accordance with applicable law.

6. International Data Transfers

Some of our processors are based outside the UK and UAE. We ensure appropriate safeguards are in place for international transfers, including:

• EU-US Data Privacy Framework certification
• Standard contractual clauses approved by the UK ICO
• Adequacy decisions where available

7. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account deletion request
• Payment records: Retained for 7 years for tax and legal compliance
• Usage analytics: Anonymised and aggregated after 12 months
• Email alert history: Retained for 6 months

8. Cookies

We use the following types of cookies:

• Essential cookies: Required for the service to function (session management, authentication). These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site. Only set with your consent.

We do not use third-party advertising or tracking cookies. You can manage cookie preferences via the consent banner or your browser settings.

9. Your Rights

Under UK GDPR and UAE PDPL, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Restrict processing in certain circumstances
• Data portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at privacy@journorequest.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Passwords are hashed using scrypt with unique salts
• All data transmitted over HTTPS/TLS encryption
• Rate limiting on authentication endpoints
• Regular security reviews of our codebase
• Payment data handled exclusively by PCI-DSS compliant Stripe

11. Children's Data

JournoRequest is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. UAE-Specific Provisions

For users in the United Arab Emirates, in accordance with Federal Decree-Law No. 45 of 2021:

• We process personal data only for the purposes specified in this policy
• We do not process sensitive personal data without explicit consent
• Cross-border data transfers comply with UAE Data Office requirements
• You may lodge a complaint with the UAE Data Office if you believe your data rights have been violated

13. UK-Specific Provisions

For users in the United Kingdom:

• We comply with the UK GDPR and Data Protection Act 2018
• You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@journorequest.com
• Website: journorequest.com