GDPR Privacy Notice
GDPR Privacy Notice
IAAI Technology
Effective Date: April 10, 2026
Last Updated: April 10, 2026
This GDPR Privacy Notice applies specifically to individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland. It supplements our general Privacy Policy and explains how we comply with the General Data Protection Regulation (GDPR) and applicable data protection laws.
If you are not located in the EEA, UK, or Switzerland, please refer to our Privacy Policy.
1. Data Controller
IAAI Technology is the data controller responsible for your personal data.
Contact: Admin@Iaaitech.com
Website: iaaitech.com
As we are based in Egypt, we are committed to applying GDPR-equivalent standards of data protection for all EEA users.
2. Legal Basis for Processing
Under GDPR Article 6, we process your personal data on the following legal bases:
| Legal Basis | When We Use It |
|---|---|
| Contractual Necessity (Art. 6(1)(b)) | To deliver the services you have purchased and manage your account |
| Consent (Art. 6(1)(a)) | When you grant us access to your social media accounts or subscribe to communications |
| Legitimate Interests (Art. 6(1)(f)) | To improve our services, ensure security, and prevent fraud |
| Legal Obligation (Art. 6(1)(c)) | To comply with applicable laws and regulations |
3. Personal Data We Process
We collect and process only the minimum data necessary to deliver our services (data minimization principle). This includes:
- Identity data: name, business name
- Contact data: email address, phone number
- Business data: social media account details and access tokens (with your explicit consent)
- Technical data: IP address, browser type, device information
- Transaction data: payment records and order history
- Usage data: website interaction and service usage patterns
4. Your GDPR Rights
As an EEA resident, you have the following rights under GDPR:
| Right | What It Means |
|---|---|
| Right of Access (Art. 15) | Request a copy of all personal data we hold about you |
| Right to Rectification (Art. 16) | Request correction of inaccurate or incomplete data |
| Right to Erasure (Art. 17) | Request deletion of your personal data ("Right to be Forgotten") |
| Right to Restriction (Art. 18) | Request that we limit how we process your data |
| Right to Data Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Right to Object (Art. 21) | Object to processing based on legitimate interests or for direct marketing |
| Right to Withdraw Consent (Art. 7(3)) | Withdraw consent at any time without affecting prior processing |
| Right to Lodge a Complaint | File a complaint with your local data protection authority (DPA) |
To exercise any of these rights, contact us at Admin@Iaaitech.com. We will respond within 30 days of receiving your request. In complex cases, we may extend this by a further 60 days with notice.
5. International Data Transfers
IAAI Technology is based in Egypt. When we process data of EEA residents, your data may be transferred to and processed in Egypt or by third-party service providers in other countries outside the EEA.
We ensure appropriate safeguards are in place for such transfers, including:
- Use of service providers who maintain GDPR-equivalent data protection standards
- Contractual protections with third-party processors
- Limiting data transfers to what is strictly necessary for service delivery
Egypt has been recognized as providing an adequate level of data protection for certain categories of data. Where adequacy decisions do not apply, we rely on Standard Contractual Clauses (SCCs) or other appropriate transfer mechanisms.
6. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this notice, or as required by law. Specifically:
- Client data: Retained for the duration of the service agreement plus 2 years
- Transaction records: Retained for 7 years for accounting and legal compliance
- Marketing data: Retained until you withdraw consent or opt out
Upon expiry of the retention period, data is securely deleted or anonymized.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- SSL/TLS encryption for all data in transit
- Access controls limiting data access to authorized personnel only
- Regular security assessments and updates
- Secure storage systems with restricted access
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.
8. Automated Decision-Making
Our AI-powered services involve automated content generation and posting on your behalf. This automation is carried out under your instructions and does not constitute automated decision-making that produces legal or similarly significant effects on you as defined under GDPR Article 22.
9. Cookies and Tracking
We use cookies and similar technologies on our website. Where required by law, we obtain your consent before placing non-essential cookies. For full details, please refer to our Privacy Policy.
10. Third-Party Processors
We use the following categories of third-party data processors who may handle your personal data on our behalf:
- Meta (Facebook/Instagram): Social media platform APIs for service delivery
- Shopify: E-commerce and order management platform
- Payment Providers (e.g., PayPal): Secure payment processing
All processors are bound by data processing agreements and are required to maintain appropriate security standards.
11. Children's Data
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately at Admin@Iaaitech.com.
12. Updates to This Notice
We may update this GDPR Privacy Notice periodically to reflect changes in our practices or legal requirements. We will notify affected users by email and update the "Last Updated" date above. Continued use of our services constitutes acceptance of the updated notice.
13. How to Exercise Your Rights or Make a Complaint
To submit a data subject request or raise a concern:
Email: Admin@Iaaitech.com
Subject line: GDPR Request — [Your Name]
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.