Privacy Policy
How Zeenly collects, uses, and protects your personal data โ governed by the Jamaica Data Protection Act 2020.
๐ Version: 1.0
๐
Last Updated: May 2026
โ๏ธ Governed by: JDPA 2020
๐ข Entity: Javian Innis t/a Zeenly
This Privacy Policy explains how Javian Innis t/a Zeenly ("Zeenly," "we," "us," or "our") collects, uses, stores, and protects personal data in connection with the Zeenly WhatsApp automation platform. This Policy applies to: (a) Business Clients who engage Zeenly's services; and (b) End-Users who interact with Zeenly-powered AI agents via WhatsApp on behalf of those Business Clients.
Note on Legal Entity: Zeenly is currently operated by Javian Innis as a sole trader registered in Jamaica. Upon incorporation, this Policy shall automatically transfer to and remain binding on the incorporated entity.
1. Our Legal Roles Under the JDPA 2020
Understanding who is responsible for your data depends on your relationship with Zeenly. Under the JDPA 2020, the key roles are:
| When Zeenly is DATA CONTROLLER | When Zeenly is DATA PROCESSOR |
|---|
| Business Clients who sign up for Zeenly's services. Zeenly acts as Data Controller for the Client's account, billing, and configuration data. Zeenly is responsible for how this data is collected and used. |
End-Users (the Client's customers) who message via WhatsApp. The Business Client is the Data Controller for their customers' data. Zeenly acts only as Data Processor โ processing End-User data strictly on the Client's behalf and instructions. |
This distinction is important: where Zeenly acts as a Data Processor, it is the Business Client โ not Zeenly โ who is primarily responsible for ensuring End-Users are informed about how their data is used and for obtaining any necessary consents.
2. What Personal Data We Collect
2A. Data Collected from Business Clients
- Identity & Contact Data: Your name, business name, business email address, and phone number.
- Business Configuration Data: Product/service information, pricing, operating hours, and business rules provided to configure your AI Agent โ this is used solely to train and operate your Agent.
- Billing & Financial Data: Invoice records and payment confirmation details. Raw payment card data is not collected or stored by Zeenly.
- Account Activity Data: Records of when and how you engage with Zeenly during onboarding and ongoing support.
2B. Data Collected from End-Users (via WhatsApp)
- Communication Data: Your WhatsApp phone number, WhatsApp display name, and the contents of your messages to the AI Agent.
- Fulfilment Data: Information you voluntarily share to complete a transaction or inquiry, such as delivery address, appointment details, or order preferences.
- Media Data: Voice notes or images you send to the Agent are processed temporarily to extract the necessary information (e.g., audio transcription or payment receipt verification). This media is not stored permanently on Zeenly's servers.
What we do NOT collect: Zeenly does not collect sensitive personal data such as government-issued ID numbers, raw payment card numbers, or biometric data. If an End-User sends this type of information unsolicited, it is not recorded.
3. How We Use Personal Data
Zeenly processes personal data only for the following lawful purposes:
- Service Delivery: To configure, operate, and maintain the AI Agent on behalf of the Business Client, including processing inbound End-User messages and generating automated responses.
- Billing & Account Management: To issue invoices, process payments, and manage Business Client accounts.
- Security & Fraud Prevention: To detect and prevent unauthorised access, webhook spoofing, spam attacks, or other abuse of the platform.
- Service Improvement: We may use highly anonymised, aggregated, and non-identifiable usage data to monitor platform performance and improve response quality. We do not use identifiable personal data to train public AI models.
- Legal Compliance: To comply with applicable Jamaican laws and regulations, including the JDPA 2020, and to respond to lawful requests from regulatory authorities.
4. Legal Basis for Processing
- Contract Performance: Processing necessary to provide the Service to Business Clients under this Agreement.
- Legitimate Interests: Processing for platform security, fraud prevention, and service improvement, where these interests are not overridden by the individual's rights.
- Legal Obligation: Processing required to comply with Jamaican law or lawful regulatory requests.
- Consent (End-Users): Where the Business Client, acting as Data Controller, has obtained End-User consent to receive WhatsApp communications and data processing โ Zeenly relies on this consent as a downstream processor.
5. How We Share Data
We do NOT sell your data. Zeenly does not sell, rent, or trade personal data to data brokers, advertisers, or marketing companies under any circumstances.
We share data only with the following strictly necessary third-party infrastructure providers ("Sub-processors") to operate the Service:
| Sub-Processor | Category | Purpose |
|---|
| Meta Platforms, Inc. | Messaging Gateway | Delivery and receipt of WhatsApp messages between End-Users and the AI Agent. |
| Twilio Inc. | Communications API | Phone number provisioning and message routing. |
| Groq / OpenAI | AI Processing | Generating AI responses to End-User messages. These providers are contractually prohibited from using Zeenly API data to train their foundational models. |
| Vercel | Cloud Hosting | Hosting the Zeenly platform infrastructure. |
| Supabase | Database | Encrypted storage of Business Client configuration and conversation logs. |
6. Data Retention & Security
6.1 Retention Periods
- Business Client Data: Retained for the duration of the active service agreement and for up to 12 months following termination, unless a shorter period is requested or legally required.
- End-User Conversation Data: Retained only as long as necessary to fulfil the operational purpose for which it was collected, or as instructed by the Business Client in their capacity as Data Controller. Business Clients may request deletion of their End-Users' data at any time.
- Billing Records: Retained for a minimum of 7 years in accordance with Jamaican tax and accounting requirements.
6.2 Security Measures
- All data transmitted between WhatsApp, Zeenly's servers, and databases is secured using TLS encryption in transit.
- Data stored in Zeenly's database is protected using AES-256 encryption at rest.
- Database access is governed by Row Level Security (RLS) policies to ensure strict data isolation between Business Clients.
- Access to production systems is restricted to authorised personnel only.
Zeenly will notify affected Business Clients without undue delay (and within 72 hours where possible) upon discovering a confirmed personal data breach involving their data, in accordance with JDPA 2020 requirements.
7. International Data Transfers
To deliver the Service, personal data may be transferred to and processed on cloud servers located outside Jamaica, primarily in the United States, where our Sub-processors are hosted. Zeenly relies on the following safeguards for such transfers:
- Sub-processors are selected on the basis that they operate under globally recognised security compliance frameworks (e.g., SOC 2, ISO 27001).
- Where required, Zeenly ensures that appropriate contractual protections are in place with Sub-processors governing the treatment of personal data.
- Business Clients and End-Users are informed of these transfers by this Policy and, by using the Service, acknowledge that such transfers are necessary to provide the Service.
8. Your Data Protection Rights
Under the Jamaica Data Protection Act 2020, individuals have the following rights regarding their personal data. These rights apply to the extent that Zeenly is the Data Controller for your data:
| Right | What it means |
|---|
| Right to Access | You may request a copy of the personal data Zeenly holds about you. |
| Right to Rectification | You may request correction of inaccurate or incomplete personal data. |
| Right to Erasure | You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent. |
| Right to Restrict Processing | You may request that Zeenly limits how your data is processed in certain circumstances. |
| Right to Object | You may object to processing based on legitimate interests where your individual rights and freedoms override those interests. |
| Right to Withdraw Consent | Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing. |
How to exercise your rights
End-Users: If you wish to exercise your rights regarding data held by a specific Business Client (e.g., requesting deletion of your chat history), please contact that Business directly. Zeenly, as Data Processor, will assist the Business Client in fulfilling your request.
To exercise your rights in relation to data for which Zeenly is the Data Controller, contact us using the details in Section 10 below.
9. Cookies & Tracking
If Zeenly operates a web-based dashboard for Business Clients, it may use essential session cookies strictly required for secure login and authentication. These cookies do not track your browsing activity across other websites and are not used for advertising purposes.
Zeenly does not use third-party tracking, profiling, or advertising cookies.
10. Contact & Data Privacy Enquiries
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your personal data is being handled, please contact us:
11. Updates to This Policy
Zeenly reserves the right to update this Privacy Policy from time to time to reflect changes in the law, our data practices, or the Service. When we make material changes, we will notify Business Clients by email at least 14 days before the changes take effect. The "Last Updated" date at the top of this document will always reflect the current version.
Continued use of the Service after the effective date of an updated Policy constitutes acceptance of the revised terms. If you do not accept the updated Policy, you may terminate your agreement with Zeenly in accordance with the Terms of Service.