top of page
Colorful Abstract Infinity Symbol Logo (8).png

Privacy Policy

A Legal Disclaimer

Last updated: 29 August 2025

This Privacy Policy explains how ninyadigital (“we”, “us”, “our”) collects, uses, shares and protects personal data when you visit our website, contact us, or use our business-to-business services (the “Services”). If you do not agree with this Policy, please do not use the website or submit personal data.

 

Contact: yar.khader12@gmail.com · +46 731 555 530

1) Who we are & roles under GDPR

For website visitors and marketing activities, ninya. is the data controller.

For customers who ask us to operate AI agents, manage ads, or run websites using their data, we usually act as a data processor on the customer’s documented instructions (see §9 Data Processing & DPA).

2) What data we collect

2.1 Data you provide

 

  • Contact details (name, email, phone, company, role).

  • Form inputs (demo requests, support tickets, free audits).

  • Content you send (files, brand assets, product information).

  • Call/chat/meeting details when you interact with our team or our AI demo (e.g., time, channel, message content).

  • Billing & contract info for customers (company name, invoicing details, VAT where applicable).

 

 

2.2 Data collected automatically

 

  • Usage data (pages viewed, referrer, device, browser, approximate location, session IDs).

  • Cookies & similar tech for analytics, performance, and, if you opt in, advertising attribution.

  • System logs (IP address, timestamps, error logs) to secure the site.

 

 

2.3 AI agent interactions

 

When you test or deploy an AI agent, we may process conversation transcripts, routing and confidence scores, escalation events, and booking outcomes. Where call recording is enabled, audio may be processed with your explicit notice/consent and local law.

 

We do not ask for or want special-category data (e.g., health, religion), children’s data, payment card numbers, or national IDs via our website. Do not submit such data unless we have a written agreement that covers it.

3) Why we process data (purposes & legal bases)

We process personal data for the following purposes and legal bases under GDPR:

 

  • Provide the website & respond to requests (Art. 6(1)(b)/(f))

    – to answer enquiries, schedule demos, and deliver downloads.

  • Operate and improve Services (Art. 6(1)(b)/(f))

    – to provision AI agents, websites, SEO/LLMO and ads; measure performance; fix issues.

  • Analytics & performance (Art. 6(1)(a)/(f))

    – to understand traffic, booking funnels and conversions. Non-essential cookies run only with consent.

  • Marketing communications (Art. 6(1)(a)/(f))

    – send product updates or invitations; you may opt out at any time.

  • Security, fraud prevention & legal compliance (Art. 6(1)(c)/(f)).

 

Where we rely on consent, you can withdraw it at any time (see §8).

4) Cookies

We use:

 

  • Strictly necessary cookies (security, load balancing, consent state).

  • Analytics cookies (traffic, conversion, page performance).

  • Advertising/attribution cookies (only if you consent).

 

You can manage preferences via our cookie banner and your browser settings. Blocking some cookies may affect site features.

5) How we share data

We share personal data only with:

 

  • Service providers / processors that help us host, analyse, communicate or support (e.g., hosting, analytics, email, VOIP, calendar, ticketing).

  • Advertising & attribution partners when you consent to marketing cookies.

  • Professional advisors (legal, accounting) and authorities where required by law.

  • Customer accounts (as their processor) when we operate AI agents or campaigns on their behalf.

 

We do not sell personal data.

6) International transfers

Our trusted providers may be located outside the EU/EEA/UK. Where data is transferred internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), transfer impact assessments, and technical measures (e.g., encryption).

7) Data retention

We keep personal data only as long as necessary for the purposes described or as required by law. Typical retention:

 

  • Website enquiry data: 24 months;

  • Marketing contacts: until you unsubscribe or after reasonable inactivity;

  • Contracts & invoices: per statutory accounting periods;

  • AI conversation logs: per customer agreement/SOW; default 90–365 days unless otherwise agreed.

8) Your rights (EU/EEA/UK)

Subject to law, you may request: access, rectification, erasure, restriction, data portability, and objection to processing based on legitimate interests or direct marketing.

You may withdraw consent at any time (this does not affect past lawful processing).

 

To exercise rights: yar.khader12@gmail.com · +46 731 555 530.

You also have the right to lodge a complaint with your local authority. In Sweden: Integritetsskyddsmyndigheten (IMY).

9) Data processing for customers (DPA)

When we process personal data on your behalf (e.g., operating AI agents, managing inboxes/calendars/sites, running ads), we act as your processor:

 

  • We process only on your documented instructions;

  • We apply appropriate security and confidentiality;

  • We assist with data subject requests and incident notifications;

  • We use vetted sub-processors with written agreements;

  • We delete/return data at end of contract unless retention is required by law.

 

A Data Processing Agreement (DPA) reflecting Art. 28 GDPR is available upon request.

10) AI-specific information

  • AI outputs can be probabilistic and may be incorrect. You remain responsible for reviewing responses, approval and escalation rules.

  • We implement guardrails (knowledge bases, policies, escalation on low confidence) agreed with you.

  • For call recording or enriched profiling, you must ensure a lawful basis and provide required notices/consent to end users.

11) Security

  • We use reasonable technical and organisational measures to protect personal data (encrypted transport, access controls, logging, least-privilege). No system can be 100% secure; please notify us promptly of any suspected misuse or incident.

12) Children

  • Our website and Services are not directed to children and we do not knowingly collect data from anyone under the age of 16. If you believe a child has provided data, contact us to remove it.

13) Third-party links

  • Our site may link to third-party websites or services. Their privacy practices are governed by their own policies, which we do not control.

14) Changes to this Policy

  • We may update this Policy from time to time. Changes are effective when posted on this page. If we make material changes, we will notify you by reasonable means (e.g., website notice or email, where appropriate).

15) How to contact us

bottom of page