GDPR Compliance

Trayarunya Ventures, the operator of MarketiQ AI, is committed to compliance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This page explains how we meet our obligations, the rights you have over your personal data, and how to exercise them.

This page complements our Privacy Policy, Data Handling Practices, and Security documentation.

Under the GDPR we act in two distinct capacities:

• As a Data Controller — for the personal data of our own customers and website visitors: account details (name, email, company), billing information, support correspondence, and usage analytics. We decide why and how this data is processed.
• As a Data Processor — for the data you bring into the platform: leads and contacts you import or capture, audience data from connected accounts (LinkedIn, X/Twitter, Meta, Google, HubSpot, Shopify), content you create, and campaign data. Here you (or your organization) are the controller, and we process this data only on your documented instructions.

Customers who require a Data Processing Agreement (DPA) including Standard Contractual Clauses can request one at admin@trayarunyaventures.com.

We process personal data only where we have a lawful basis under Article 6 GDPR:

• Contract: To create and operate your account, provide the platform features you subscribe to, and provide support.
• Consent: For optional marketing communications and for connecting third-party accounts — every platform connection is an explicit, revocable OAuth consent that you grant.
• Legitimate interests: To secure our services, prevent fraud and abuse, and improve the product — always balanced against your rights and freedoms.
• Legal obligation: To comply with tax, accounting, and other legal requirements.

If you are in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Correct inaccurate or incomplete data — most account data can be edited directly in Dashboard → Settings.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to restriction (Art. 18): Restrict processing while a dispute or verification is in progress.
• Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format. Leads, content, and reports can be exported from the dashboard; full account exports are available on request.
• Right to object (Art. 21): Object to processing based on legitimate interests or to direct marketing at any time.
• Rights related to automated decision-making (Art. 22): MarketiQ AI's AI features generate recommendations and drafts; they do not make legal or similarly significant automated decisions about you without human involvement.
• Right to withdraw consent (Art. 7): Withdraw any consent at any time — e.g., disconnect a connected platform from Settings → Integrations, or unsubscribe from marketing emails via the link in each message.

To exercise any right, email admin@trayarunyaventures.com from your registered address with the subject "GDPR request". We respond within one month, free of charge. We may ask for information to verify your identity before fulfilling a request.

Our services may process data in jurisdictions outside the EEA/UK. Where personal data is transferred internationally, we rely on appropriate safeguards under Chapter V GDPR, including:

• European Commission adequacy decisions, where applicable;
• Standard Contractual Clauses (SCCs) with our sub-processors;
• Supplementary technical measures such as encryption in transit and at rest.

We use a limited set of vetted service providers (cloud hosting, payment processing, email delivery, analytics, and AI model providers) to operate MarketiQ AI. Every sub-processor:

• is bound by a data processing agreement with confidentiality and security obligations at least as protective as our own commitments;
• processes data only for the purpose of providing their service to us;
• is reviewed for GDPR compliance before onboarding.

A current list of sub-processors, including the categories described in our Data Handling Practices, is available on request at admin@trayarunyaventures.com. We will notify customers with an active DPA before adding or replacing sub-processors.

We keep personal data only as long as necessary for the purposes described in our Privacy Policy:

• Account data: retained for the life of your account and deleted or anonymized within 30 days of account deletion, except where law requires longer retention (e.g., invoices).
• Connected-account tokens: revoked and deleted immediately when you disconnect a platform.
• Customer content and leads: deleted when you delete them in-app, with residual copies removed from backups on the backup rotation cycle.

See Data Handling Practices for the full retention schedule.

In line with Article 25 and Article 32 GDPR, we implement data protection by design and by default: least-privilege access, tenant isolation, minimal OAuth scopes, encryption in transit and at rest, and audit logging. Our full security measures are documented on the Security page.

In the event of a personal data breach, we will notify the competent supervisory authority within 72 hours where required (Art. 33) and inform affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Art. 34).

When you import leads, capture prospect data, or run outreach through MarketiQ AI, you act as the data controller for that data. You are responsible for:

• having a lawful basis to process the personal data of your leads and contacts;
• honouring opt-outs and objections from your recipients;
• complying with the GDPR, the ePrivacy rules, and the terms of the platforms you connect.

MarketiQ AI provides tools to help — export, deletion, and disconnect controls — but compliance for your own marketing data remains your responsibility.