Jooker Solutions SRL, operating as NoNs AI (nonsai.io), is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and Romanian Law no. 190/2018.
This Privacy Policy explains who we are, what data we collect, how we use it, and what rights you have over your information. Please read it carefully.
The Data Controller responsible for personal data processed in connection with the NoNs AI services and website is:
Jooker Solutions SRL
Unique Registration Code (CUI): 48991285
Registration Number: J23/6989/2023
Trading as: NoNs AI
Website: nonsai.io
Data Protection Contact: ozzy@jooker.app
Where Jooker Solutions SRL processes personal data on behalf of a Client (a business customer), it acts as a Data Processor in accordance with GDPR Article 28. In such cases, the Client is the Data Controller and is responsible for ensuring a lawful basis exists for the processing.
When providing AI agent services, we may process end-customer data on behalf of our Clients, which may include:
Processing of this data is governed by the Data Processing Agreement with each Client. We do not use end-customer data for our own purposes.
We only process personal data where we have a valid legal basis under GDPR Article 6. The following table summarises our processing activities and their legal bases:
| Processing Purpose | Data Categories | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Providing contracted AI agent services | Contact details, billing info, service data | Art. 6(1)(b) — Contract |
| Invoicing and financial record-keeping | Billing info, business contact details | Art. 6(1)(c) — Legal obligation |
| Service communications (support, updates) | Email address, contact details | Art. 6(1)(b) — Contract |
| Marketing communications (if opted in) | Email address, contact details | |
| Website analytics and performance | Technical/usage data, cookies | Art. 6(1)(f) — Legitimate interest |
| AI agent operation (processing on behalf of Clients) | End-customer data as directed by Client | Art. 6(1)(b) — Contract (via DPA) |
| Security, fraud prevention, and abuse detection | System logs, usage data | Art. 6(1)(f) — Legitimate interest |
| Legal compliance and dispute resolution | All relevant data | Art. 6(1)(c) — Legal obligation |
Legitimate Interests: Where we rely on legitimate interests as our legal basis, we have conducted a balancing test to confirm that our interests do not override your fundamental rights and freedoms. You have the right to object to this processing at any time (see Section 7).
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations.
When data is no longer needed, we securely delete or anonymise it. Where anonymisation is not feasible (e.g., backup systems), data is isolated and protected until routine deletion cycles take effect.
In delivering our services, we share data with the following third-party sub-processors. All sub-processors are contractually bound by data processing agreements that require GDPR-equivalent protections.
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| OpenAI | AI model processing for agent intelligence | Message content, interaction data | USA (SCCs) |
| Cloudflare | CDN, DDoS protection, DNS, security | IP addresses, traffic metadata | USA/EU (SCCs) |
| Meta (WhatsApp Business API) | WhatsApp agent messaging delivery | Phone numbers, message content | USA/EU (SCCs) |
| Twilio | Voice call AI agent infrastructure | Phone numbers, call audio, metadata | USA (SCCs) |
| Brevo (formerly Sendinblue) | Transactional and marketing email delivery | Email addresses, email content | EU (France) |
We do not sell, rent, or trade personal data to third parties for their own marketing purposes. Data shared with sub-processors is limited to what is strictly necessary for service delivery.
Some of our third-party processors (see Section 5) are located outside the European Economic Area (EEA), particularly in the United States.
Where personal data is transferred outside the EEA, we ensure an adequate level of protection is in place through one of the following mechanisms:
You may request a copy of the relevant Standard Contractual Clauses governing our international data transfers by contacting us at ozzy@jooker.app.
Under GDPR and Romanian Law no. 190/2018, you have the following rights with respect to your personal data:
You have the right to request a copy of the personal data we hold about you, along with information about how it is processed (GDPR Art. 15).
You can ask us to correct inaccurate or incomplete personal data we hold about you (GDPR Art. 16).
In certain circumstances, you can request deletion of your personal data ("right to be forgotten") (GDPR Art. 17).
You can ask us to restrict the processing of your personal data in certain situations (GDPR Art. 18).
You have the right to receive your personal data in a machine-readable format and to transmit it to another controller (GDPR Art. 20).
You can object to processing based on legitimate interests or for direct marketing purposes (GDPR Art. 21).
Where processing is based on your consent, you can withdraw it at any time without affecting prior lawful processing (GDPR Art. 7).
You have the right not to be subject to solely automated decisions that significantly affect you, and to request human review (GDPR Art. 22).
To exercise any of the above rights, please contact us at ozzy@jooker.app. We will respond to all valid requests within 30 calendar days. In complex cases, this period may be extended by up to 60 days, and we will notify you accordingly.
We may need to verify your identity before processing your request. We will not charge a fee for legitimate requests, but may charge a reasonable fee for manifestly unfounded or excessive requests.
If you believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the competent supervisory authority.
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Bd. G-ral. Gheorghe Magheru, nr. 28-30, Sector 1, București, 010336
Email: anspdcp@dataprotection.ro
Phone: +40 318 059 211
Website: www.dataprotection.ro
We encourage you to contact us first at ozzy@jooker.app before submitting a formal complaint, as we aim to resolve all data protection concerns promptly and amicably.
You also retain the right to lodge a complaint with the supervisory authority in the EU member state of your habitual residence or place of work.
Our website (nonsai.io) uses cookies and similar tracking technologies to improve your browsing experience and understand how visitors interact with our content.
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently and to provide information to site operators.
| Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Essential | Required for core website functionality (session management, security) | Session | No |
| Analytics | Understand how visitors use our website; improve performance | Up to 2 years | Yes |
| Marketing | Track effectiveness of marketing campaigns; retargeting | Up to 1 year | Yes |
| Preference | Remember your language and display preferences | Up to 1 year | No (functional) |
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling cookies may affect the functionality of our website.
For more information on managing cookies, visit aboutcookies.org.
Our website is protected by Cloudflare, which may set cookies for security and performance purposes. These are governed by Cloudflare's Privacy Policy.
Our services are directed exclusively at businesses and their representatives. We do not knowingly collect personal data from individuals under the age of 16.
If you believe we have inadvertently collected personal data relating to a child, please contact us immediately at ozzy@jooker.app and we will promptly delete such data.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:
Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the updated policy, you may terminate your service agreement in accordance with the Terms and Conditions.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our Data Protection point of contact:
Jooker Solutions SRL (NoNs AI) — Data Protection Contact
CUI: 48991285 | Reg: J23/6989/2023
Email: ozzy@jooker.app
Website: nonsai.io
We aim to respond to all data protection inquiries within 5 business days.