MetaBajan Privacy Policy

Effective date: 22 May 2026 · Operator: Kitji Studios Inc

This policy explains how MetaBajan collects, uses, protects, and discloses personal data. It is designed to align with the Barbados Data Protection Act and GDPR-style privacy principles, including fairness, transparency, purpose limitation, data minimisation, accuracy, retention control, security, and accountability.

1. Who we are

MetaBajan is operated by Kitji Studios Inc. The platform provides secure API access, telemetry, subscription management, and related digital infrastructure services.

2. Data we may collect

Subscriber contact details, including name, email address, company name, and support contact information.
Authentication and access data, including JWT claims, roles, policies, token issue time, expiry time, and subscriber status.
Operational telemetry, including request timestamps, endpoint usage, response status, latency, health checks, and diagnostic logs.
Billing and subscription records, including plan, subscription status, expiry date, pricing tier, invoice references, and payment confirmation details.
Security data, including failed access attempts, IP address, user agent, audit events, and abuse-prevention signals.

3. Why we process data

We process data to provide and secure the platform, issue subscriber tokens, validate paid access, monitor reliability, prevent misuse, support customers, maintain audit records, and comply with legal or contractual obligations.

4. Lawful basis

Depending on the context, we rely on contract performance, legitimate interests, consent where required, legal obligations, and security necessity. We do not use personal data for unrelated purposes without a valid basis.

5. Data minimisation

We collect only the information reasonably needed to operate MetaBajan, validate subscriber access, maintain security, and provide support. Sensitive secrets, tokens, and credentials should not be submitted in support messages unless specifically requested through a secure channel.

6. Telemetry and logging

MetaBajan uses telemetry and logging to monitor uptime, performance, errors, API usage, and security events. Logs may include technical metadata but should not intentionally store full tokens, passwords, or unnecessary personal data.

7. Sharing and processors

We may use trusted service providers for hosting, monitoring, communications, storage, security, and payment administration. Providers must process data only for authorised purposes and apply appropriate confidentiality and security controls.

8. International transfers

Where data is processed outside Barbados, we use reasonable safeguards such as contractual protections, vendor due diligence, access controls, and security measures aligned with internationally recognised privacy standards.

9. Retention

We keep personal data only as long as necessary for platform operation, billing, audit, legal, security, and support purposes. Authentication logs and telemetry may be retained for a limited period based on operational and security requirements.

10. Security

We apply reasonable technical and organisational controls, including access restrictions, role-based access, short-lived tokens, audit logging, secure configuration practices, and monitoring. No system is guaranteed to be completely secure.

11. Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent where consent is used. Requests may require identity verification.

12. Subscriber responsibilities

Subscribers must protect issued tokens, use access only for approved purposes, avoid unauthorised disclosure, notify us of suspected compromise, and ensure their own users and systems comply with applicable privacy and security obligations.

13. Children

MetaBajan is not intended for children. Subscribers must not knowingly submit children’s personal data unless there is a lawful basis and appropriate safeguards.

14. Changes

We may update this policy as the platform, law, or operational practices change. Material changes will be reflected by updating the effective date.

15. Contact

Privacy questions and rights requests may be sent to Kitji Studios Inc through the official support or administrative contact channel provided to subscribers.