Legal
Privacy
Policy
Last updated: March 2026. This policy explains how Jarga Commerce collects, uses, and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.
1. Who we are
Jarga Commerce ("we", "us", "our") is the data controller for the personal data described in this policy. We are based in the United Kingdom. You can contact us at hello@jarga.ai.
We are not currently required to register with the Information Commissioner's Office (ICO) but we process all personal data in compliance with UK GDPR and the Data Protection Act 2018.
2. What personal data we collect
We collect only what is necessary for the purposes described below. Depending on how you interact with us, this may include:
- Identity data: your name
- Contact data: your email address
- Transaction data: details of the plan you purchased and the date of purchase
- Technical data: IP address, browser type, and pages visited on our website (via server logs)
- Communications data: the content of messages you send us via the contact form or email
We do not collect or store payment card details. All payment processing is handled directly by Stripe. Please review Stripe's privacy policy for how they handle your payment data.
3. How we use your data
We use your personal data for the following purposes:
- To process and fulfil your purchase (deliver repository access, deploy your platform)
- To send you transactional emails relating to your order or account
- To respond to enquiries you send us
- To provide ongoing support and maintenance for Managed plan customers
- To maintain records required by law
- To improve our website and services using aggregated, anonymised analytics
We will never use your data for unsolicited marketing without your explicit consent.
4. Lawful basis for processing
We rely on the following lawful bases under UK GDPR Article 6:
- Contract (Art. 6(1)(b)): processing your purchase and delivering the software
- Legitimate interests (Art. 6(1)(f)): responding to enquiries, preventing fraud, improving our service — where these interests are not overridden by your rights
- Legal obligation (Art. 6(1)(c)): retaining financial records as required by HMRC
- Consent (Art. 6(1)(a)): where we ask for your explicit agreement, for example for optional marketing communications
5. Third parties we share data with
We share your data only where necessary and only with the following categories of recipient:
- Stripe: payment processing. Stripe is a data processor acting on our behalf and is certified under the UK–US Data Bridge.
- Render: cloud hosting infrastructure for Managed plan customers. Render processes server data on our behalf.
- Email service providers: for sending transactional emails (order confirmation, access credentials).
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
6. How long we keep your data
- Purchase and transaction records: 7 years, as required by HMRC for tax purposes
- Support and communications: 2 years from the last interaction
- Technical / server logs: 90 days
When retention periods expire, data is securely deleted or anonymised.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access: request a copy of the data we hold about you
- Right to rectification: ask us to correct inaccurate or incomplete data
- Right to erasure: ask us to delete your data where there is no lawful reason to continue holding it
- Right to restrict processing: ask us to pause processing of your data in certain circumstances
- Right to data portability: receive your data in a structured, machine-readable format
- Right to object: object to processing based on legitimate interests
- Rights related to automated decision-making: we do not use your data for solely automated decisions that produce legal or similarly significant effects
To exercise any of these rights, contact us. We will respond within one month in line with UK GDPR requirements. We may need to verify your identity before fulfilling a request.
8. Cookies
Our marketing website uses only essential cookies necessary for the site to function (for example, session management for the shopping cart). We do not use third-party tracking or advertising cookies.
Your browser settings allow you to control and delete cookies. Disabling essential cookies may affect the functionality of the cart and checkout.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption, access controls, and regular security reviews. In the event of a data breach that is likely to result in a risk to your rights, we will notify the ICO within 72 hours and inform affected individuals without undue delay.
10. International data transfers
Some of our service providers (including Stripe and Render) process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place — such as UK adequacy regulations, the International Data Transfer Agreement (IDTA), or reliance on the UK–US Data Bridge — to ensure your data receives equivalent protection.
11. Changes to this policy
We may update this policy from time to time. Where changes are material, we will notify active customers by email. The date at the top of this page always reflects the latest version.
12. Contact & complaints
To exercise your rights, ask a question, or raise a concern about how we handle your data, please contact us or email hello@jarga.ai.
If you are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113