Effective Date – 15.11.2025
1. Compliance and Scope
This Privacy Policy explains how personal data is collected, used, stored, and protected when you access or use ai-ninja.io (the “Website”). The Website is owned and operated by NeverMelt Digital Ltd, a company incorporated in England and Wales under registration number 16805789, with its registered office at Office 118a, Stourport Road, Community House, Kidderminster, England, DY11 7QE (the “Company”, “we”, “us”, or “our”).
The Company acts as the data controller for all personal data processed in connection with the Website. Personal data is handled in accordance with applicable data protection laws, including the UK GDPR, the EU General Data Protection Regulation (EU) 2016/679 where applicable, and the Data Protection Act 2018.
This Privacy Policy applies to all Users, including visitors, registered account holders, and customers using the Services. It covers both personal data provided directly by Users and data collected automatically through technical means. By using the Website, you confirm that you have read and understood this Policy and acknowledge the processing of your personal data in accordance with it.
2. Legal Bases for Processing Personal Data
The Company processes personal data only where a valid legal basis exists under applicable data protection legislation. Depending on the nature of the interaction, different legal bases apply to different processing activities.
Processing is based on contractual necessity where it is required to create and manage Accounts, process payments, deliver digital Services, and provide customer support. Processing may also be necessary to comply with legal obligations, including tax, accounting, fraud prevention, and regulatory requirements.
Where processing is carried out for purposes such as system security, fraud detection, service improvement, and operational monitoring, the legal basis is the Company’s legitimate interests, provided that such interests do not override User rights and freedoms.
For optional activities, including marketing communications and non-essential cookies, personal data is processed only on the basis of explicit User consent. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.
3. User Rights under UK GDPR and EU GDPR
Users located in the United Kingdom and the European Economic Area are entitled to specific rights under applicable data protection laws. These rights are designed to ensure transparency, fairness, and control over personal data.
You have the right to request access to your personal data and obtain information about how it is processed. You may request correction of inaccurate or incomplete data and request erasure of personal data where legally permissible. You also have the right to restrict or object to certain processing activities, particularly where processing is based on legitimate interests.
In addition, you may request data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format. Requests can be submitted to support@ai-ninja.io and will be handled within applicable legal timeframes.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another competent supervisory authority.
4. Changes to This Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in legal requirements, regulatory guidance, technological developments, or operational practices. The Company reserves the right to modify this Policy at any time to ensure continued compliance and transparency.
Where material changes are introduced, the Company will take reasonable steps to inform Users. This may include publishing a prominent notice on the Website or, where appropriate, notifying Users via the email address associated with their Account. Each updated version will include an effective date.
Continued use of the Website after the updated Policy becomes effective constitutes acceptance of the revised terms. If you do not agree with the changes, you should discontinue use of the Website and may request deletion of your personal data, subject to legal retention requirements.
Users are encouraged to review this Policy regularly to remain informed about how their personal data is handled.
5. Personal Data We Collect
Depending on how you interact with the Website, the Company may collect and process various categories of personal data. This includes identity and contact data such as name, email address, and billing information provided during Account registration or transactions.
Transaction-related data may include purchase history, service usage, payment confirmations, and customer support communications. The Company does not store full payment card details, as these are processed securely by third-party payment providers.
Technical and usage data is collected automatically when you access the Website. This may include IP address, device type, browser information, operating system, time zone, session activity, and interaction data such as pages visited and actions performed.
Data collected through cookies and similar technologies is processed in accordance with this Privacy Policy and the separate Cookie Policy. All data is handled securely and only for defined purposes.
6. How Personal Data Is Collected
Personal data is collected through multiple channels depending on how you interact with the Website. You may provide personal data directly when creating an Account, purchasing Services, contacting customer support, submitting requests, or interacting with platform features. This includes information voluntarily entered into forms, communication channels, or account settings.
In addition, certain data is collected automatically through technical means when you access the Website. This includes server logs, analytics tools, security monitoring systems, and cookie-based technologies. Such data collection supports essential operational functions, including system performance monitoring, fraud detection, and service optimization.
The Company may also receive limited personal data from trusted third-party providers, such as payment processors or verification services, strictly for the purpose of completing transactions, confirming identity where necessary, or complying with legal obligations. All such data flows are governed by contractual safeguards and applicable data protection laws.
7. Purposes of Data Processing
Personal data is processed only for specific, legitimate, and clearly defined purposes related to the operation of the Website and provision of Services. These purposes are aligned with the legal bases described in this Policy.
Data is used to create and manage User Accounts, process transactions, deliver digital Services, and provide customer support. It is also used to communicate essential information, including order confirmations, service updates, security notifications, and responses to User inquiries.
In addition, personal data is processed for security and operational purposes, including fraud prevention, system monitoring, detection of suspicious activity, and ensuring the integrity of the platform. Technical and usage data may also be analyzed to improve system performance, enhance user experience, and optimize functionality.
Personal data is not used for purposes incompatible with those described in this Policy. Where new purposes arise, Users will be informed where required by law.
8. Data Sharing and Disclosure
The Company shares personal data only where necessary to provide Services, fulfill contractual obligations, or comply with legal requirements. Personal data is never sold, rented, or shared with third parties for their independent marketing purposes.
Data may be shared with carefully selected service providers acting as data processors, including payment processing providers, cloud infrastructure services, cybersecurity and fraud detection systems, analytics platforms, email delivery providers, and customer support tools. These third parties are contractually bound to process personal data only in accordance with the Company’s instructions and applicable data protection laws.
Personal data may also be disclosed to competent authorities, courts, regulators, or law enforcement agencies where required by applicable law or legal process, or where necessary to protect the rights, property, or safety of the Company, its Users, or third parties.
All data sharing arrangements are subject to appropriate confidentiality and security obligations.
9. International Data Transfers
Personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area where service providers or infrastructure are located. In such cases, the Company ensures that appropriate safeguards are implemented to protect personal data in accordance with applicable data protection laws.
Where personal data is transferred to countries not subject to an adequacy decision by the UK Government or the European Commission, the Company relies on legally recognized transfer mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards approved under UK GDPR and EU GDPR.
In addition, the Company assesses the level of data protection in recipient countries and implements supplementary technical and organizational measures where necessary, including encryption, access controls, and data minimization practices.
Users acknowledge that international data transfers may involve certain risks; however, the Company takes all reasonable steps to ensure that personal data remains protected to a standard equivalent to that required within the UK and EEA.
10. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including service delivery, contractual obligations, legal compliance, dispute resolution, and fraud prevention.
Account-related data is typically retained for the duration of the User’s relationship with the Company and for a limited period thereafter to address potential disputes or legal requirements. Financial and transaction records may be retained for up to six (6) years or longer where required by tax, accounting, or regulatory obligations under applicable law.
Technical and usage data is retained for shorter periods unless required for security or analytical purposes. Once retention is no longer necessary, personal data is securely deleted, anonymized, or irreversibly de-identified.
Retention policies are reviewed regularly to ensure compliance with data minimization principles and applicable legal standards.
11. Data Accuracy and User Responsibilities
Users are responsible for ensuring that all personal data provided to the Company is accurate, complete, and up to date. Accurate information is essential for the proper functioning of the Services, including account management, transaction processing, communication, and delivery of digital content.
Users must promptly update their Account information if any changes occur, including contact details, email address, or billing information. Failure to maintain accurate data may result in delays in service delivery, failed transactions, or inability to access certain features of the Website.
Where necessary, the Company may request verification of specific data elements to comply with legal obligations, fraud prevention requirements, or security protocols. The Company is not responsible for any losses, delays, or disruptions caused by inaccurate or incomplete information provided by the User.
Maintaining accurate data supports compliance, operational efficiency, and the protection of User rights.
12. Security Measures
The Company implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or disclosure. These safeguards are aligned with industry standards and are regularly reviewed to maintain effectiveness.
Security measures include encrypted data transmission, secure server environments, role-based access controls, system monitoring, intrusion detection systems, firewall protection, and regular software updates. Access to personal data is strictly limited to authorized personnel who require it for legitimate business purposes.
Despite the implementation of robust safeguards, no system can be guaranteed to be completely secure. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of Users, the Company will notify affected individuals and relevant supervisory authorities in accordance with applicable legal requirements.
Users are encouraged to take appropriate steps to protect their own data, including using strong passwords and reporting any suspicious activity immediately.
13. Cookies and Tracking Technologies
The Website uses cookies and similar tracking technologies to support functionality, enhance performance, and improve the overall user experience. Cookies are small text files stored on your device that allow the Website to recognize your browser, maintain secure sessions, and remember certain preferences.
Essential cookies are required for the core operation of the Website, including authentication, security, and fraud prevention. Analytics cookies are used to understand how Users interact with the Website, enabling the Company to improve performance and usability. Functional cookies may store preferences such as language or regional settings.
Non-essential cookies, including analytics and marketing cookies where applicable, are used only where valid User consent has been obtained through a consent management mechanism. Users may manage or withdraw consent at any time through browser settings or the Website’s cookie controls. Additional details are provided in the separate Cookie Policy.
14. Business Transfers and Organizational Changes
In the event of a merger, acquisition, restructuring, asset sale, or other business transaction involving the Company, personal data may be transferred as part of the transaction to ensure continuity of Services. Such transfers will be conducted in accordance with applicable data protection laws and subject to appropriate safeguards.
Any acquiring entity or successor organization will be required to process personal data in a manner consistent with this Privacy Policy or to provide an equivalent level of data protection. Users will retain all applicable rights under data protection laws following any such transfer.
Where required by law, Users will be notified of significant changes affecting the control or processing of personal data. The Company will take reasonable steps to ensure that any transition does not compromise the security or integrity of personal data.
15. Marketing Communications
Personal data may be used to send marketing communications only where permitted by applicable law and, where required, based on prior User consent. Such communications may include information about new features, updates, promotions, or services relevant to Users.
Users have full control over whether they receive marketing communications. Consent can be withdrawn at any time by using the unsubscribe link included in communications or by contacting support@ai-ninja.io. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
The Company does not share personal data with third parties for their independent marketing purposes without explicit User authorization. Marketing practices are designed to comply with UK GDPR, EU GDPR, and applicable electronic communications regulations.