Solution How it works Testimonials Contact Access Platform
Legal

Privacy Policy

Smart Journey — Data Protection & Privacy Statement

1. Introduction and General Commitment

Smart Journey, operated by Potencialize Digital, is committed to protecting the privacy and personal data of all individuals who interact with our platform, services, and digital products. We recognize privacy as a fundamental right and handle all personal information with transparency, integrity, and responsibility.

This Privacy Policy describes how Smart Journey collects, processes, stores, shares, and protects your personal data. It applies to all users of our website, platform, and any associated services. By accessing or using our services, you acknowledge that you have read and understood this Policy.

We are committed to compliance with applicable international data protection standards, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regional privacy frameworks.

2. Legal Basis for Data Processing

All processing of personal data carried out by Smart Journey is grounded in one or more recognized legal bases under applicable data protection law, including:

  • Consent — where you have freely given, specific, informed, and unambiguous consent for processing;
  • Contractual necessity — where processing is required to perform a contract to which you are a party or to take pre-contractual steps at your request;
  • Legal obligation — where processing is necessary for compliance with a legal obligation to which we are subject;
  • Legitimate interests — where processing is necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your rights and interests;
  • Vital interests — in exceptional circumstances where processing is necessary to protect the vital interests of an individual.

Data processing shall never occur without a valid legal basis, and we maintain internal records of processing activities to ensure ongoing accountability.

3. Data We Collect

Smart Journey collects personal data through the following means:

3.1 Data you provide directly

  • Registration and account information, including full name, email address, and phone number;
  • Information submitted through forms, support channels, or platform features;
  • Communications you send to us, including feedback, inquiries, or reports.

3.2 Data collected automatically

  • Device and browser information, including hardware model, operating system, and unique identifiers;
  • Usage and behavioral data, such as pages visited, session duration, click paths, and interaction patterns;
  • Network data, including IP addresses and approximate geolocation derived from network signals.

3.3 Data minimization principle

We collect only the minimum amount of personal data necessary to fulfill the stated purposes. We do not collect special category data (including health, biometric, or financial data) without explicit consent and a documented justification under applicable law.

4. Purposes of Data Processing

Personal data collected by Smart Journey is used exclusively for the following purposes:

  • Provisioning, maintaining, and improving the services contracted by our clients;
  • Personalizing user experiences within our platform based on behavioral signals;
  • Sending service-related communications, product updates, and relevant alerts;
  • Complying with legal and regulatory obligations;
  • Preventing fraud, unauthorized access, and ensuring system security;
  • Enforcing our Terms of Use and protecting our legal rights.

Data will not be used for purposes incompatible with those stated above. Any material change in purpose will be communicated to affected users, and, where required by law, fresh consent will be obtained.

5. Data Sharing and Third-Party Disclosure

Smart Journey does not sell, rent, lease, or otherwise commercially transfer personal data to third parties.

Disclosure of personal data may occur only in the following strictly limited circumstances:

  • Platform clients: When a user interacts with a website or service operated by a Smart Journey client, relevant interaction data may be shared with that client to enable delivery of the contracted service;
  • Legal compliance: When required by a competent authority, court order, or applicable law, we may disclose personal data to the extent strictly necessary to comply with such requirements;
  • Service providers: Carefully vetted third-party vendors acting as data processors on our behalf — including cloud infrastructure, hosting, and analytics providers — under binding contractual obligations of confidentiality and data protection compliance.

All third-party processors are subject to rigorous vetting and are contractually prohibited from using personal data for any purpose beyond what is strictly necessary to deliver the agreed service.

6. International Data Transfers

Smart Journey operates globally, and your personal data may be transferred to and processed in countries other than the one in which you reside. Where such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by relevant regulatory authorities;
  • Adequacy decisions issued by competent data protection authorities;
  • Other legally recognized transfer mechanisms, as applicable.

We take all reasonable steps to ensure that any cross-border data transfers afford a level of protection consistent with this Policy and applicable law.

7. Data Security

We implement a comprehensive set of technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. Our security practices include:

  • End-to-end encryption of data in transit using industry-standard TLS protocols;
  • Strict access controls based on role-based authentication and the principle of least privilege;
  • Continuous monitoring of systems for unauthorized activity and anomalies;
  • Logical separation of environments and data stores based on sensitivity classification;
  • Regular security assessments and vulnerability management processes.

Limitation of liability: While Smart Journey employs commercially reasonable efforts to protect personal data, no security system is impenetrable. In the event of a security incident that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law.

8. Your Rights as a Data Subject

Depending on your jurisdiction, you may be entitled to exercise one or more of the following rights with respect to your personal data:

  • Right of access — to obtain confirmation of whether we process your data and receive a copy of that data;
  • Right to rectification — to request correction of inaccurate or incomplete data;
  • Right to erasure — to request deletion of your personal data under certain conditions ("right to be forgotten");
  • Right to restriction — to request that we limit processing of your data in certain circumstances;
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format;
  • Right to object — to object to processing based on legitimate interests or for direct marketing purposes;
  • Right to withdraw consent — to withdraw previously given consent at any time, without affecting the lawfulness of prior processing;
  • Right to lodge a complaint — to file a complaint with the supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us through the channel indicated in Section 10 of this Policy. We will respond within the timeframe required by applicable law, and no less than 30 days from receipt of a verifiable request.

9. Cookies and Tracking Technologies

Smart Journey and its clients' services may use cookies, web beacons, pixels, and similar technologies to collect information about user interactions. These technologies serve the following functions:

  • Maintaining active sessions and ensuring correct platform functionality;
  • Analyzing usage patterns and service performance metrics;
  • Enabling personalization based on identified preferences and behavior.

You may configure your browser to refuse cookies or receive an alert before accepting them. Please note that disabling certain cookies may impair the functionality of some features of our services. For detailed information on the cookies we use, please refer to our Cookie Notice.

10. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law, regulatory obligations, or legitimate business needs. When data is no longer required, it is securely deleted or anonymized in accordance with our data lifecycle management procedures.

Retention periods vary depending on the nature of the data and the legal basis for processing. Users may request information about the retention period applicable to their data by contacting us directly.

11. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in our services, data processing practices, or applicable legal requirements. Material changes will be communicated to users via notice on our platform or through the email address registered to your account, with reasonable advance notice prior to the changes taking effect.

We encourage you to review this Policy periodically. Continued use of our services following notification of changes constitutes acknowledgment of the updated terms.

12. Contact and Data Protection Officer

For questions, requests related to your rights as a data subject, or concerns about our privacy practices, please contact us through the email address available on our contact page. Smart Journey is committed to responding to all legitimate requests within the timeframes mandated by applicable law.

If you believe your data protection rights have been violated and we have failed to address your concern, you have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.

This Privacy Policy is governed by applicable international data protection law. Any disputes arising from its interpretation or application shall be resolved in accordance with the dispute resolution mechanisms set forth in our Terms of Use and the legal framework of the applicable jurisdiction.