Privacy Policy

The data controller for personal data processed through Jawwws Bytes is Jawwws Ltd, a company registered in England and Wales with registered address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

For data protection enquiries, you can contact us at dpo@jawwws.com.

This policy applies to:

• Visitors to the Jawwws Bytes website
• Users who register for an account
• Workspace owners, administrators and team members
• People who interact with short links, QR codes, or offline engagement assets created through the platform
• People who contact us for support or other business communications

• Directly from you - when you register, create content, configure links, update your profile or contact support.
• Automatically - through your use of the website, application, and API, including technical data collected via cookies and similar technologies.
• From link interactions - when someone clicks a short link, scans a QR code, or interacts with an offline engagement asset, we collect technical and analytics data about that interaction.
• From third parties - where applicable, from integration partners, identity providers, or analytics services.

• Providing the service - operating short links, redirects, QR codes, analytics, workspaces and offline engagement features.
• Account security and authentication - protecting your account, verifying identity, and managing sessions.
• Analytics and reporting - generating usage insights and performance reports for workspace owners and authorised users.
• Customer support - responding to enquiries and resolving issues.
• Product improvement - understanding how the platform is used to improve features and reliability.
• Fraud and abuse prevention - detecting and preventing misuse, spam, phishing and other harmful activity.
• Legal and compliance - meeting our legal obligations and responding to lawful requests.
• Service communications - sending transactional messages such as verification emails, security alerts and service updates.
• Marketing - only where you have given consent or where we have a legitimate interest, and always with an easy opt-out.

We process personal data under the UK General Data Protection Regulation (UK GDPR) using the following lawful bases:

• Contract - processing necessary to provide the service you have signed up for, including account management, link creation, and analytics delivery.
• Legitimate interests - processing necessary for our legitimate business interests, such as improving the platform, preventing fraud, ensuring security, and understanding usage patterns. We balance these interests against your rights.
• Legal obligation - processing necessary to comply with applicable law, regulation or lawful requests.
• Consent - where we rely on your consent (for example, for optional marketing communications or non-essential cookies), you can withdraw it at any time. Cookie consent choices are currently managed per browser or device.

We do not sell your personal data. We may share data with the following categories of recipients where necessary:

• Hosting and infrastructure providers - to store and deliver the service.
• Analytics providers - to help us understand platform usage and performance.
• Email and communications providers - to send transactional and, where applicable, marketing emails.
• Professional advisers - legal, compliance and accounting advisers where required.
• Law enforcement and regulators - where we are required to do so by law or in response to a valid legal request.

Some of our service providers may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authority, or transfers to jurisdictions with an adequate level of data protection as recognised by the UK government.

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. As a general guide:

• Account data is retained while your account remains active and for a reasonable period after closure.
• Analytics and interaction data is retained in accordance with your workspace plan's retention period.
• Support correspondence is retained for a reasonable period for quality and compliance purposes.
• Where data is anonymised, it may be retained indefinitely for statistical analysis.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or alteration. These measures include encrypted storage, secure authentication, access controls, and regular review of our security practices.

No system is completely secure. We encourage you to use a strong, unique password and to keep your account credentials confidential.

Under UK data protection law, you have the right to:

• Access - request a copy of the personal data we hold about you.
• Correction - ask us to correct inaccurate or incomplete data.
• Deletion - ask us to delete your personal data in certain circumstances.
• Restriction - ask us to restrict how we process your data in certain circumstances.
• Objection - object to processing based on legitimate interests.
• Portability - request your data in a structured, machine-readable format.
• Withdraw consent - where processing is based on consent, withdraw it at any time.
• Complain - lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at dpo@jawwws.com.

Jawwws Bytes is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

We may update this policy from time to time. Where changes are material, we will notify account holders by email or through the platform. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

If you have any questions about this policy or our data practices, please contact: