Compliance Guide#

Because the unJaena AI platform handles digital forensic data, privacy compliance is a first-class engineering concern. This guide summarizes our regulatory approach and the rights users can exercise without exposing internal implementation details.

1. GDPR Article 17 — Right to Erasure#

Under Article 17 of the EU General Data Protection Regulation, users can request deletion of their personal data.

• Retention-based deletion: every case enters deletion processing after its configured retention period ends.
• Deletion notifications: account email notifications are sent before and after retention expiry.
• Manual deletion: users can request deletion from the case result page. The request covers original uploads, analysis results, and search or AI-derived data.
• Proof of deletion: deletion operations are audit logged, and a certificate can be provided on request.

2. GDPR Article 20 — Right to Data Portability#

Users can request an export of their case data, consent records, chain-of-custody metadata, and analysis output. Approved enterprise customers may receive machine-readable export workflows under the applicable contract.

3. CCPA — California Consumer Privacy Act#

California residents are granted the following rights.

• Do Not Sell or Share: available in account settings and on the dedicated rights page.
• Global Privacy Control (GPC): we honor the GPC browser signal as an opt-out request.
• Marketing separation: product telemetry is anonymized and aggregated; we do not share it with third-party advertising networks.

4. PIPA — South Korea Personal Information Protection Act#

• Granular consent: required and optional consents are presented separately at sign-up. Material changes are communicated through account email.
• Processor disclosure: essential service providers and personal-data processors are disclosed in the privacy policy and related terms.
• Legal hold: when a preservation order, litigation, or regulatory obligation applies, case retention may be extended. Once the obligation ends, the case returns to standard retention.

5. COPPA / GDPR-K — Age Verification#

To comply with the U.S. Children's Online Privacy Protection Act and Article 8 of the GDPR, age verification is part of sign-up.

• Accounts identifying as under 13 cannot proceed; if one is created in error, a parent or guardian can request account and data deletion.
• EU residents must confirm they are 16 or older before sign-up completes.

Frequently Asked Questions#

Q. Does data persist in backups after deletion? Backup and recovery systems operate under separate security procedures and retention schedules. Data processed for immediate deletion is excluded from normal restore workflows, and a deletion certificate can be provided on request.

Q. Can I analyze a minor's device? Analyzing a minor's device without verifiable parental consent may violate PIPA and the GDPR. For family-dispute or parental-monitoring scenarios, follow the consent workflow described in the Collector Guide.

Next Steps#

• Data Retention and Deletion Policy — retention windows and deletion procedures.