top of page

Privacy Policy

​

Last updated: 15/09/2025 

 

 

XJPrompt ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you use our AI prompt-to-JSON/XML platform, including image and video generation features and subscription services. This policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and guidance from the Information Commissioner's Office (ICO). 

 

 

1. Who We Are 

Data controller: Arisyn LTD 
Registered address:37 Flora Mews, Victoria Works, Redditch, England, B97 6DT  
Contact email: Support@Arisyn.co.uk 
Contact phone: 07487521088 

 

 

2. Overview of What We Collect 

We collect only the personal data necessary to provide our services and comply with legal obligations. This includes: 

  • Account Data: email address and account preferences. 

  • Billing Data: payments and billing information processed by our payment processor (Stripe). We do not store full card or bank details on our servers. 

  • Prompt Data: text prompts, uploaded files (images, video), and AI-generated outputs (JSON, XML, images, videos) that you submit or create through the platform. 

  • Technical Data: IP address, device and browser information, timestamps, and usage logs collected automatically for security, diagnostics and analytics. 

  • Communications Data: support requests, email correspondence, and marketing preferences where you opt in. 

 

 

3. How We Collect Data 

We collect data in several ways: directly from you (when you sign up, submit prompts, contact support); automatically (via cookies, server logs and analytics tools); and from third parties (e.g., Stripe for payment processing, identity or fraud prevention providers where necessary). 

 

 

4. Purpose and Legal Basis for Processing 

We will only process your personal data where we have a valid legal basis under UK GDPR. The bases we rely on include: 

  • Contract: to provide the services you subscribe to, manage your account and process payments. 

  • Consent: for marketing communications and non-essential cookies where you give consent. 

  • Legitimate interests: to maintain security, prevent fraud, improve and personalise the service, and for network and information security (we will always balance our interests against your rights). 

  • Legal obligation: where we must process data to comply with a legal duty (for example, to retain records for tax purposes). 

 

 

5. Payment Processing (Stripe) 

We use Stripe to process subscription payments. When you enter card or bank details, they are sent directly to Stripe and processed in accordance with Stripe's security and privacy practices. We do not store your full card or bank account details on our systems. For more information see Stripe’s privacy policy: https://stripe.com/gb/privacy 

 

 

6. Prompt Data, Generated Content, and Intellectual Property 

Prompts, uploaded files, and generated outputs (collectively, "User Content") are processed to provide our services. You retain ownership of your prompts and outputs, subject to the licence you grant us to operate the service. By using the service you grant us a non-exclusive, worldwide, royalty-free licence to host, store, transmit and otherwise process User Content for the purpose of providing the platform and improving our services (for example, to debug or improve model performance). 

Important: User Content may contain personal data or third-party personal data. You must not submit personal data or third-party data unless you have the necessary rights and consents to do so. We are not responsible for content you upload or generate—users are responsible for ensuring their use complies with applicable laws (including copyright and privacy laws). 

 

 

7. Data Sharing and Disclosures 

We only share personal data in the following limited circumstances: 

  • Service providers: with suppliers who perform services on our behalf (e.g., Stripe, hosting providers, analytics, email delivery). Those providers are contractually bound to protect personal data. 

  • Legal requests: to comply with legal obligations, court orders, or to respond to lawful requests by public authorities. 

  • Business transfers: if we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction but will remain subject to this Policy or a successor policy.

 

 

8. International Transfers 

If we transfer personal data outside the UK, we will ensure adequate safeguards are in place such as UK-approved standard contractual clauses or other appropriate mechanisms. Where transfers rely on an adequacy decision, we will make that clear in any privacy notice or data transfer documentation.

 

 

9. Data Retention 

We retain personal data only for as long as necessary for the purposes set out in this Policy, or as required by law. Typical retention periods: 

  • Account and billing records: retained while your account is active and for up to 6 years after termination for tax and legal compliance. 

  • Prompt Data and generated content: retained while your account is active. If you delete your account or request deletion we will remove or anonymise content in accordance with our deletion procedures but some residual copies may remain in backups for a limited time. 

  • Technical and analytics logs: retained for up to 12–24 months for security and service improvement purposes. 

 

10. Your Rights 

Under the UK GDPR you have rights in relation to your personal data, including: 

  • Right of access: request a copy of personal data we hold about you. 

  • Right to rectification: request correction of inaccurate or incomplete data. 

  • Right to erasure: request deletion of your personal data in certain circumstances. 

  • Right to restrict processing: ask us to limit how we process your data. 

  • Right to data portability: request a machine-readable copy of data you provided to us. 

  • Right to object: object to processing based on legitimate interests or for direct marketing. 

 

To exercise any of these rights contact us at the contact details above. Where applicable we may ask for information to verify your identity before fulfilling a request. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk 

 

 

11. Security 

We implement reasonable technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Measures include encryption where appropriate, access controls, secure hosting and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security. 

 

 

12. Children 

Our service is not intended for children under 18. We do not knowingly collect personal data from persons under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data. 

 

 

13. Changes to This Policy 

We may update this Privacy Policy occasionally. We will publish changes on this page with an updated "Last updated" date. Significant changes will be notified to account holders by email where required by law. 

 

 

14. Contact 

If you have questions or wish to exercise your data protection rights, contact: 
Arisyn LTD 
Email: Support@Arisyn.co.uk 
Address: 37 Flora Mews, Victoria Works, Redditch, England, B97 6DT 
 
For complaints you may also contact the ICO: https://ico.org.uk 

bottom of page