Privacy Policy
1. Who we are
TJ NOVA LTD is a private limited company registered in England and Wales (Company No. 17308318), with its registered office at 124-128 City Road, London, EC1V 2NX, United Kingdom. We act as the data controller for personal data processed in connection with the Services, unless stated otherwise for a specific product.
2. Information we collect
- Account information — name, email address, password hash, authentication identifiers (including OAuth identifiers from providers you choose to use, such as Google or GitHub).
- Contact information — information you provide when you contact support, submit a form, or raise a ticket.
- Usage data — pages viewed, features used, timestamps, device and browser information, approximate location derived from IP address.
- API and service logs — requests made to our APIs and services, error logs, rate-limit and abuse-prevention signals.
- Billing information — transaction records, invoices, and payment metadata; full card numbers are processed directly by our payment processors and are not stored on our servers.
- Security logs — login attempts, session identifiers, IP addresses used for fraud prevention and account security.
- Cookies and similar technologies — see our Cookie Policy.
- Content you submit — prompts, files, uploads or other content you provide to generate, process or store output through the Services.
3. How we use information
We use personal data to: provide, operate and maintain the Services; process payments and manage subscriptions; authenticate accounts and prevent fraud, abuse and unauthorised access; provide customer support; send service-related communications (and, where you have consented, marketing communications); monitor, secure and improve the Services; comply with legal, tax and regulatory obligations; and enforce our Terms of Service and Acceptable Use Policy.
4. Legal bases for processing
Under UK GDPR, we rely on the following legal bases depending on context: performance of a contract with you (providing the Services you sign up for); legitimate interests (security, fraud prevention, product improvement, direct marketing to existing customers), balanced against your rights; legal obligation (tax, accounting, regulatory compliance); and consent, where required (for example, certain cookies or marketing to new contacts). You may withdraw consent at any time where consent is the basis for processing, without affecting the lawfulness of processing before withdrawal.
5. AI processing and automated decision-making
Some Services use automated systems, including third-party AI models, to process content you submit and generate output. Where automated processing produces effects that could be considered a decision with legal or similarly significant effect on you, we do not rely solely on fully automated decision-making without human oversight for decisions that materially affect your rights, except where necessary to perform a contract with you, authorised by law, or based on your explicit consent, and in each case with appropriate safeguards including the ability to request human review. Fraud-prevention and abuse-detection systems may temporarily restrict access automatically; you may contact support@tjnovaltd.com to request a human review of such a decision.
6. Sharing and processors
We share personal data only as needed to operate the Services, with categories of processors that may include: cloud hosting and infrastructure providers; payment processors; email and communication delivery providers; analytics providers; customer support tooling; and, where a Service is built on third-party AI models, the relevant AI model provider, to the extent necessary to generate the output you request. Each processor is bound by contractual obligations to protect personal data consistent with this Policy and applicable law. We do not sell personal data. We may disclose personal data where required by law, to protect our rights, or in connection with a merger, acquisition or sale of assets, subject to equivalent protections.
7. International transfers
Some of our processors are located outside the United Kingdom, including in the United States and other countries. Where we transfer personal data internationally, we rely on appropriate safeguards recognised under UK data protection law, including the UK International Data Transfer Agreement, the EU Standard Contractual Clauses as incorporated for UK transfers, or transfers to countries or organisations subject to an applicable adequacy decision.
8. Retention
We retain personal data only for as long as necessary for the purposes described in this Policy. As a general guide: account and billing records are retained for the duration of your account plus a period required for tax and accounting obligations (typically up to 6 years after account closure); security and API logs are typically retained for up to 12 months for fraud prevention and troubleshooting, unless a longer period is required for an active investigation or legal obligation; marketing contact data is retained until you opt out or after a period of inactivity. Specific retention periods may vary by product and are available on request.
9. Security
We apply technical and organisational measures appropriate to the risk, including encryption of data in transit, access controls and authentication, logging and monitoring for suspicious activity, and staff access limited on a need-to-know basis. No method of transmission or storage is completely secure; if we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify affected individuals and the ICO in accordance with UK GDPR where required.
10. Children
The Services are not directed at, and are not intended for use by, children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact support@tjnovaltd.com and we will take steps to delete it.
11. Your rights
Subject to applicable law, you have the right to: request access to the personal data we hold about you; request correction of inaccurate data; request deletion of your data; request restriction of processing; object to processing based on legitimate interests or for direct marketing; request portability of data you provided to us; and withdraw consent where processing is based on consent. To exercise any of these rights, contact support@tjnovaltd.com. We will respond within the timeframes required by UK GDPR (generally one month, extendable in complex cases). We may need to verify your identity before actioning a request.
12. Complaints to a supervisory authority
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with your local data protection authority if you are located outside the United Kingdom. We would appreciate the opportunity to address your concerns directly first via support@tjnovaltd.com.
13. Cookies
See our Cookie Policy for details on the cookies and similar technologies we use and how to manage your preferences.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date above, and, where required by law, we will provide reasonable advance notice. This Policy is drawn up in English; where we provide a translation for convenience, the English version prevails in the event of any conflict.
15. Contact
Privacy enquiries: support@tjnovaltd.com. Security matters, including suspected data breaches: security@tjnovaltd.com.