Privacy Policy

Effective date: 05 November 2025

1. Introduction

This Privacy Policy explains what personal data we collect, why we use it, how long we retain it, and how you can exercise your rights under UK GDPR when using the Service.

  • Controller: GROVELEY LIMITED (Company No. 16021027), Academy House, 11 Dunraven Place, Bridgend, Mid Glamorgan, United Kingdom, CF31 1JF (“Jetreex”, “we”, “us”, “our”).
  • Contact: info@jetreex.co.uk
  • Scope: Applies to users of jetreex.co.uk. The Service is intended for individuals aged 18+.

2. Personal Data We Collect

We collect only data necessary to operate, secure, and improve the Service.

2.1 Data You Provide Directly

  • Account details: name, company, role, email, phone, preferred language.
  • Project inputs: website URLs, markets, keywords, briefs, brand guidelines, attachments.
  • Optional access grants to Third-Party Tools (e.g., GSC, GA, CMS).
  • Billing data: billing name/address, VAT details where applicable.
  • Wallet data: token top-ups, currency, and usage history.
  • Support communications and feedback.

2.2 Data Collected Automatically

  • Technical data: IP address, device/browser type, OS, timezone, language, session identifiers.
  • Security telemetry: login attempts, MFA events, abuse/fraud signals.
  • Usage data: feature usage, task IDs, token deductions, error logs and performance metrics.

2.3 Data from Third Parties

  • Payment processors (transaction references and status).
  • Connected platforms you authorise (e.g., GSC/GA metrics).
  • Fraud-prevention and verification providers.
  • Professional advisers (legal, tax, compliance).

3. Legal Bases for Processing

We process personal data under UK GDPR on the following bases:

3.1 Performance of a Contract

  • Account creation and management.
  • Provision of SEO Deliverables and Services.
  • Wallet operation, payments, invoicing and support.

3.2 Consent

  • Marketing communications where you opt in.
  • Use of feedback or content for product improvement where you opt in.

3.3 Legitimate Interests

  • Security, fraud detection and abuse prevention.
  • Service analytics and performance improvement.
  • Essential non-marketing service communications.

4. AI & Automated Processing

  • Automated processing is used to analyse inputs and generate Deliverables.
  • Limited profiling may occur for performance or risk detection.
  • We do not make legally significant decisions solely by automated means.

5. Sharing & International Transfers

We share data only where necessary with payment processors, hosting providers, analytics tools, and professional advisers. Where data is transferred outside the UK/EEA, appropriate safeguards (UK adequacy decisions or SCCs) are applied. We do not sell personal data.

6. Retention

  • Wallet and transaction records: 24 months to 6 years where required.
  • Account data: while active and typically up to 24 months after closure.
  • Security and access logs: 6–24 months.

7. Your Rights

To exercise your rights, contact info@jetreex.co.uk. We aim to respond within one month.

  • Access, rectification, erasure, and restriction.
  • Data portability.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time.

8. Security

We use encryption, access controls, monitoring, backups, and vendor safeguards to protect personal data. No system is completely secure, but we continuously improve our protections.

9. Changes & Complaints

We may update this Policy. Material changes will be notified. You may lodge a complaint with the UK Information Commissioner’s Office (ICO) if you are dissatisfied with our response.