Legal

Privacy Policy

Last updated: 9 May 2026. We treat your data the way we'd want ours treated.

1. Who we are

Journalify ("we", "us") is a multi-tenant SaaS platform for editorial workflow management, operated by Journalify FZ-LLC, headquartered in Dubai, United Arab Emirates. This privacy policy applies to the marketing website (www.journalify.io) and to the platform application.

2. What we collect

From visitors to this website: standard request logs (IP address, user agent, referring URL), cookies for analytics, and any form data you submit (name, email, company, message).

From customers using the platform: account info (name, email, role), authentication tokens, content you create or upload, and operational metadata (timestamps, audit trails, billing records).

What we don't collect: we don't sell your data, share with advertisers, or run targeted advertising. We don't track you across other sites.

3. Why we collect it

  • To operate the platform and deliver the service you signed up for
  • To bill you (via Stripe; see their privacy policy for payment processing)
  • To respond to support requests
  • To improve the product (aggregate usage analytics)
  • To comply with legal obligations (tax records, audit logs)

4. How we store it

All customer data is stored in Microsoft Azure data centres in your chosen region (UAE North, West Europe, or East US). Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). PostgreSQL Row-Level Security ensures tenant isolation.

5. Your rights (GDPR)

If you're in the EU, EEA, or UK, you have the right to access, correct, export, or delete your personal data. Email [email protected] and we'll respond within 30 days. We also act as a data processor under GDPR — see our Data Processing Addendum.

6. Cookies

We use minimal cookies: a session cookie for authentication, and (optionally) a privacy-friendly analytics cookie (Plausible — no personal data, no cross-site tracking). You can disable cookies in your browser; the platform requires the session cookie to function.

7. Sub-processors

We use the following sub-processors to operate the service: Microsoft Azure (hosting), Stripe (payments), Cloudflare (DNS, WAF, edge), New Relic (observability), Azure Communication Services (transactional email). The full list with purposes is available on request.

8. Retention

Active customer data is retained for the lifetime of your subscription. After cancellation, data is retained for 90 days for reactivation, then permanently deleted. Audit logs and billing records are retained for 7 years to comply with tax and accounting law.

9. Contact

Privacy questions: [email protected]
Data Protection Officer: [email protected]

10. Changes to this policy

We'll notify customers by email and update the "last updated" date above when we change this policy materially. Continued use of the platform after the change indicates acceptance.