Privacy PolicyMakZens · 306 clauses
MakZens

Privacy Policy

Last updated: July 2026 · Operator: JXMSN LLC, Dubai, UAE

This document is provided by JXMSN LLC as the operator of MakZens. It is a template and does not constitute legal advice; bracketed items are placeholders to be completed by the operator.

Contents

  1. Introduction, Data Controller and Scope
  2. Definitions Used in This Policy
  3. Categories of Personal Data We Collect
  4. How and When We Collect Personal Data
  5. Legal Bases for Processing (GDPR and UAE PDPL)
  6. Purposes for Which We Use Personal Data
  7. Messages, Content and Translation Data
  8. AI and Third-Party Translation Processing
  9. Contacts Matching and Address-Book Data
  10. Push Notifications, Device and Technical Data
  11. Payments, Subscriptions and Cryptocurrency Data
  12. Referral, Partner and NFT-Verification Data
  13. Cookies, Local Storage and Similar Technologies
  14. Disclosure and Sharing of Personal Data
  15. International Data Transfers
  16. Data Retention Periods
  17. Information Security Measures
  18. Your Rights, Children, Automated Decisions, Changes and Contact

1.Introduction, Data Controller and Scope

1.

This Privacy Policy governs the collection, use, disclosure, storage and other processing of personal data in connection with the MakZens real-time translation messenger application and its associated web client, progressive web application and application programming interfaces (collectively, the "Service"). It applies to all users of the Service regardless of the manner in which they access it, whether through the Android application distributed as a direct APK download from the MakZens website, the installable web application (PWA) used on iPhone and iPad, or the browser-based web client. By registering for, accessing or using the Service, the user acknowledges that they have read and understood this Privacy Policy.

2.

The data controller responsible for the processing of personal data described in this Policy is JXMSN LLC, a company registered in the United Arab Emirates with its registered address at PO Box 393394, Dubai, United Arab Emirates ("JXMSN", "we", "us" or "our"), holding commercial registration number [insert registration number]. JXMSN determines the purposes and means of the processing of personal data carried out through the Service and is the entity accountable for compliance with applicable data protection law. Any reference in this Policy to the "operator" of the Service shall be construed as a reference to JXMSN LLC in its capacity as controller.

3.

For all questions, requests or complaints concerning this Privacy Policy or the processing of personal data, users may contact us at privacy@makzens.app or by written correspondence addressed to JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates. We endeavour to respond to legitimate enquiries within the timeframes prescribed by applicable law. Where a data protection officer or representative has been appointed, that person's contact details are set out at [insert data protection officer contact details].

4.

This Privacy Policy applies to personal data processed in the course of providing the core functionality of the Service, which includes one-to-one chats, group chats, public and private channels, voice messages, voice and video calls, photo and file sharing, location sharing, message reactions, replies, message editing, disappearing messages, message deep links and multi-device access via QR-based web login. It further covers ancillary processing relating to account registration, contacts matching, push notifications, premium plan purchases and the referral programme. The Policy does not apply to the practices of third parties whose services are integrated with or accessible through the Service and who act as independent controllers.

5.

A defining characteristic of the Service is that messages exchanged between users are automatically translated in real time in order to enable cross-language communication. To perform this translation, the text content of messages is transmitted to third-party artificial intelligence and large language model providers acting as translation processors, and both the original text and the resulting translated text are processed and handled in order to deliver the message to the recipient in their chosen language. Users should therefore be aware that the substantive content of their messages is disclosed to these third-party translation providers strictly for the purpose of providing the translation feature.

6.

Because message content is inherently transmitted to third-party translation processors as an intrinsic and unavoidable element of the Service, users are advised to exercise discretion regarding the information they choose to include in messages. The engagement of such processors is subject to contractual arrangements intended to restrict their use of message content to the provision of translation services on our behalf. Further detail concerning the identity, role and safeguards applicable to these translation processors is set out in the sections of this Policy addressing categories of recipients and international transfers.

7.

The Service enables users to discover which of their contacts also use MakZens through a contacts matching mechanism that operates on the basis of hashed email addresses rather than plaintext contact details. Where a user permits contacts matching, email addresses are transformed into cryptographic hash values before being compared against corresponding hashed values held by the Service, so that matching can occur without the transmission or retention of contact information in plaintext form. This Policy explains the purpose, legal basis and limitations of that processing in the relevant sections below.

8.

The Service offers optional premium plans, comprising both one-time purchases and recurring subscriptions, which may be paid for using USDC stablecoin on the Solana or BSC networks. Such payments are processed by NowPayments, a third-party payment processor that acts as an independent controller in respect of the payment data it collects and handles. JXMSN does not custody, hold, transmit or take possession of cryptocurrency, and does not provide any wallet, exchange, brokerage, investment or financial-advisory service; the Service merely records the entitlement resulting from a confirmed payment.

9.

As an alternative means of unlocking premium features, the Service supports verification of a third-party "JokerX" NFT by way of a server-to-server check combined with a one-time confirmation code, without any wallet connection being established within the application. In connection with this feature, and with the referral programme under which partners share a personal link and commissions are settled by the third-party JokerX system, limited personal data may be exchanged with JokerX for the purposes of eligibility verification and commission settlement. The processing associated with these features is described in greater detail in the sections addressing premium entitlements and referrals.

10.

This Privacy Policy is intended to satisfy the transparency and information obligations imposed by, among other laws, Regulation (EU) 2016/679 (the General Data Protection Regulation, or "GDPR") in respect of users located in the European Union and the European Economic Area, and Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE PDPL") in respect of processing subject to the law of the United Arab Emirates. Where obligations under these frameworks differ, we apply the standard that affords the higher level of protection to the affected data subject to the extent required by law. References in this Policy to specific rights or legal bases are to be read as applicable only insofar as the relevant legal framework governs the user in question.

11.

Given the global nature of the Service and the involvement of third-party translation, payment and referral providers, the provision of the Service necessarily entails the transfer of personal data across international borders, including to jurisdictions outside the European Economic Area and outside the United Arab Emirates. Where such transfers occur, we implement appropriate safeguards recognised under the applicable data protection frameworks, such as standard contractual clauses, adequacy determinations or comparable mechanisms, to the extent required by law. The specific safeguards applicable to particular categories of recipients are addressed in the international transfers section of this Policy.

12.

In respect of the delivery of push notifications, the Service is designed so that the notification payload transmitted through external push infrastructure carries only the identity of the sender together with a generic placeholder in lieu of the message content. The actual textual content of a message is not embedded in the push payload but is instead retrieved by the application on the user's device after the notification is received. This design is intended to limit the exposure of message content to the operating-system and platform push services through which notifications are routed.

13.

This Policy forms part of, and should be read together with, the MakZens Terms of Service and any supplementary notices, consent prompts or feature-specific disclosures presented within the Service. In the event of any conflict between this Privacy Policy and such supplementary materials concerning the processing of personal data, this Policy shall prevail unless the supplementary material expressly states otherwise and is permitted by law to do so. Defined terms used but not defined in this Policy shall have the meaning given to them in the Terms of Service.

14.

Because MakZens is distributed as a direct APK download and as an installable progressive web application rather than exclusively through the Apple App Store or Google Play for the direct-download path, certain platform-level privacy controls, review processes and update mechanisms associated with those app stores may not apply to the corresponding installations. Users obtaining the Service by these means are responsible for ensuring that they download the application from the official MakZens website and for applying updates as they are made available. This Policy applies uniformly to all distribution channels notwithstanding these differences in delivery.

15.

The Service is intended for use by adults and is not directed at children below the age of digital consent applicable in their jurisdiction, which is [insert applicable minimum age] years. We do not knowingly collect personal data from individuals below the applicable age threshold, and where we become aware that such data has been collected without appropriate authorisation, we will take reasonable steps to delete it. Parents or guardians who believe that a minor has provided personal data to the Service may contact us at privacy@makzens.app.

16.

We may amend this Privacy Policy from time to time to reflect changes in our practices, in the features of the Service, in the third-party processors we engage, or in applicable legal requirements. Where a change is material, we will provide notice through the Service or by other appropriate means before the change takes effect, and, where required by law, we will obtain renewed consent. The version in force is identified by the effective date stated at [insert effective date], and continued use of the Service after a revised Policy takes effect constitutes acknowledgement of the updated terms to the extent permitted by law.

17.

This Privacy Policy and any matter arising out of or in connection with the processing of personal data by JXMSN LLC are governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, and the courts of Dubai shall have jurisdiction over any related dispute, without prejudice to any mandatory rights or remedies available to data subjects under the GDPR or other data protection laws applicable to them. Nothing in this clause limits the right of a data subject in the European Economic Area to lodge a complaint with their competent supervisory authority, or the right of a data subject in the United Arab Emirates to submit a grievance to the UAE Data Office. The application of the governing law stated herein is without prejudice to such non-waivable statutory protections.

2.Definitions Used in This Policy

18.

Operator, Company, We, Us or Our means JXMSN LLC, a company registered in the United Arab Emirates with its registered office at PO Box 393394, Dubai, United Arab Emirates [insert registration number], which operates the MakZens messaging service and determines the purposes and means of the processing of Personal Data described in this Policy. For the purposes of the EU and EEA General Data Protection Regulation (GDPR) the Operator acts as the "controller", and for the purposes of the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) the Operator acts as the "Controller" of your Personal Data. Where the Operator engages third parties to process data on its behalf, those parties act as processors and are governed by the arrangements described in this Policy.

19.

Service, MakZens or App means the MakZens real-time translation messenger and all associated software, features and interfaces made available by the Operator, including one-to-one chats, group chats, public and private channels, voice messages, voice and video calls, photo and file sharing, location sharing, message reactions, replies, editing, disappearing messages, contacts matching, push notifications, message deep links and multi-device access. The Service is provided across the distribution channels described below and is subject to this Policy in each such channel. References to the Service include any updated, replacement or successor version made available by the Operator.

20.

You, User or Data Subject means any natural person who accesses, registers for or uses the Service, and whose Personal Data is processed by the Operator in connection with the Service. Where you use the Service to communicate with other persons, those other persons are also Data Subjects whose Personal Data may be processed through your use of the Service. Nothing in this definition creates any relationship of agency between you and the Operator beyond your use of the Service.

21.

Personal Data means any information relating to an identified or identifiable natural person, as that term is understood under the GDPR and the UAE PDPL. In the context of the Service this includes, without limitation, your account identifiers, message content submitted for translation, voice and video call metadata, shared photos, files and locations, device and push notification tokens, and the hashed representations of contact email addresses used for contacts matching. It does not include data that has been irreversibly anonymised such that you can no longer be identified from it.

22.

Message Content means the original text, voice, media, files, locations, reactions and other communications that you send or receive through the Service, together with the machine translations of that text generated by the Service. Because MakZens is a cross-language messenger, the textual portion of your Message Content is transmitted to third-party AI and large language model providers for the sole purpose of producing a translation, after which both the original and translated text are delivered to the intended recipient. Message Content is treated as confidential communications data and is processed only as necessary to operate the messaging and translation features you use.

23.

Translation Processor means any third-party artificial intelligence or large language model provider engaged by the Operator to perform the automatic real-time translation of the textual portion of Message Content. When you send a message that requires translation, the relevant text is transmitted to a Translation Processor, which returns the translated text; the Operator instructs each Translation Processor to process such text solely to render the translation and not for its own independent purposes. A current list of Translation Processors and their applicable safeguards is available on request at privacy@makzens.app.

24.

Sub-Processor or Third-Party Processor means any third party, other than a Translation Processor, that processes Personal Data on behalf of and under the instructions of the Operator, including hosting, storage, push notification delivery, analytics and payment intermediation providers. Each such processor is engaged under a written agreement imposing confidentiality and security obligations consistent with the GDPR and the UAE PDPL. The Operator remains responsible to you for the acts and omissions of its Sub-Processors in respect of the Personal Data they process on its behalf.

25.

Payment Processor means NowPayments, the independent third-party payment service provider that processes payments for optional MakZens Premium plans, including one-time purchases and subscriptions settled in the USDC stablecoin on the Solana or BSC networks. Payment and blockchain transaction details are handled directly by the Payment Processor under its own terms and privacy policy, and the Operator receives only confirmation of payment status and the information necessary to activate your Premium entitlement. The Operator does not custody, hold, exchange or invest cryptocurrency on your behalf and provides no wallet, exchange, investment or financial-advisory service.

26.

Premium means the optional paid tier of the Service that unlocks additional features, whether obtained through a one-time purchase or a recurring subscription. Premium may be activated either by payment through the Payment Processor or through the alternative unlock mechanism based on verification of a third-party JokerX NFT. The processing of Personal Data in connection with Premium is limited to what is necessary to verify entitlement, activate features and comply with the Operator's legal obligations.

27.

JokerX Verification means the alternative mechanism by which a User may unlock Premium through the confirmation of ownership of a third-party "JokerX" NFT, performed by way of a server-to-server check combined with a one-time confirmation code. This mechanism does not require you to connect a cryptocurrency wallet within the App, and the Operator processes only the confirmation code and the result of the ownership check for the purpose of activating Premium. The JokerX system is operated by a third party and its processing of any data is governed by that third party's own terms and privacy notices.

28.

Referral Programme means the arrangement under which partners share a personal referral link and become eligible for commissions in respect of qualifying activity attributed to that link. Commissions under the Referral Programme are calculated and settled by the third-party JokerX system, and the Operator processes only the referral identifiers and attribution data necessary to operate the programme and to transmit settlement information to that system. Participation in the Referral Programme is optional and subject to any separate partner terms that may apply.

29.

Contacts Matching means the feature by which the Service helps you discover which of your contacts also use MakZens by comparing hashed representations of email addresses rather than the addresses themselves. Email addresses drawn from your contacts are transformed into irreversible hashes before comparison, and the Operator does not retain the underlying plaintext addresses for this feature beyond what is necessary to perform the match. This feature operates only where you enable it and provide the relevant contact information.

30.

Push Notification means a message delivered to your device through a third-party push delivery platform to alert you to activity within the Service. To protect the confidentiality of your communications, push payloads carry only the identity of the sender together with a generic placeholder in place of the message text, and the App retrieves the actual content on-device once opened. The Operator processes device push tokens solely to route notifications to your registered devices.

31.

Device and Distribution Channel means the means by which you obtain and run the Service, namely the Android application distributed as a direct APK download from the Operator's website, the installable web application (Progressive Web App or PWA) for iPhone and iPad, and the browser-based web client, together with multi-device access established through QR-code web login. The Service for the direct-download path is not distributed through the Apple App Store or Google Play, and certain platform-level protections associated with those stores therefore do not apply. The Operator processes device and session identifiers as necessary to deliver, secure and synchronise the Service across your devices.

32.

Cookies and Similar Technologies means small data files and equivalent local storage, session and identifier mechanisms placed on or read from your device to enable authentication, maintain sessions, support multi-device synchronisation and secure the Service. The Operator uses such technologies only as necessary to provide the functionality you request and, where required by the GDPR or applicable UAE law, on the basis of your consent. You can control certain of these technologies through your device or browser settings, though disabling them may impair the operation of the Service.

33.

Applicable Data Protection Law means, collectively, the EU and EEA General Data Protection Regulation (GDPR) and its national implementing laws to the extent they apply to Data Subjects in those territories, the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations, and any other data protection or privacy legislation applicable to the processing described in this Policy. Where more than one such law applies to a given processing activity, the Operator will apply the standard that affords you the greater protection to the extent practicable. This Policy is to be read consistently with those laws and, in the event of conflict, those laws prevail.

34.

Governing Law means the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, which govern this Policy and any dispute arising out of or in connection with the processing of Personal Data described in it, without prejudice to any mandatory rights you may enjoy under the GDPR or other Applicable Data Protection Law. Any disputes shall be subject to the jurisdiction of the competent courts of Dubai, United Arab Emirates. This choice of law and forum does not deprive Data Subjects in the EU or EEA of the protection afforded by mandatory provisions of the law of their habitual residence.

3.Categories of Personal Data We Collect

35.

Account and Identity Data. When you register for MakZens, we collect the identifiers necessary to create and secure your account, which may include your email address, chosen display name, username, profile photograph, and an authentication credential (password hash or one-time verification code). We also generate and store internal account identifiers, device tokens, and, where you enable multi-device access, records linking your QR-authenticated web and companion sessions to your primary account. This data is processed to establish your identity as a data subject under both the EU General Data Protection Regulation (GDPR) and UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

36.

Message Content and Translation Data. Because MakZens is a cross-language messenger, the text you send in 1:1 chats, group chats, and public or private channels is transmitted to third-party artificial-intelligence and large-language-model translation processors in order to render an automatically translated version in the recipient's language. In the course of providing this core feature we handle both the original-language text and the resulting translated text, together with the associated source and target language indicators. You should not transmit information through the messaging service that you do not wish to be disclosed to these sub-processors for the sole purpose of translation.

37.

Voice, Video, and Media Data. We process audio recordings you send as voice messages, the media streams generated during voice and video calls, and any photographs, documents, or other files you upload or share through the service. Where a voice message is transcribed or a media caption is translated, the relevant content may also be routed to the third-party translation processors described above. Media files are handled to deliver, and where applicable temporarily retain, the content you have chosen to exchange with your correspondents.

38.

Contacts and Matching Data. To help you discover which of your existing contacts already use MakZens, our contacts-matching feature processes email addresses from your address book in hashed (irreversibly transformed) form rather than in plain text, and compares those hashes against hashed identifiers of registered users. We retain the resulting match indicators to populate your contact list. We do not use the underlying address-book entries for advertising, and non-matching hashed values are handled only to the extent necessary to perform the matching operation.

39.

Interaction and Relational Data. In operating chats, channels, and groups we record metadata describing your interactions, including message reactions, replies, edit histories, deep-link references, group and channel memberships, administrative roles, and your configuration of disappearing-message timers. This data is necessary to render conversations correctly, to reflect message state across your devices, and to enforce the retention or automatic deletion parameters you or a group administrator have selected.

40.

Payment and Premium-Plan Data. When you purchase an optional premium plan, whether a one-time purchase or a subscription, payment is made in USDC stablecoin on the Solana or BSC networks and is processed by NowPayments, a third-party payment processor. MakZens does not custody cryptocurrency and does not operate a wallet, exchange, investment, or financial-advisory service; we receive from NowPayments only confirmation of payment status, transaction references, plan and amount details, and similar settlement metadata needed to activate and maintain your entitlement. We do not collect or store your private keys, and any on-chain wallet address is handled solely as part of the processor's payment flow.

41.

JokerX and NFT Verification Data. As an alternative means of unlocking premium features, you may elect to verify ownership of a third-party JokerX NFT. This verification is performed through a server-to-server check together with a one-time confirmation code, and does not require you to connect a cryptocurrency wallet within the application. In this process we handle the confirmation code you supply and the verification result returned by the JokerX system, which we use to grant and record the corresponding premium entitlement.

42.

Referral and Partner Data. If you participate in our referral programme, we process the personal referral link assigned to you, records of referrals attributed to that link, and the identifiers required to associate qualifying activity with your partner account. Commission entitlements arising from the programme are calculated and settled by the third-party JokerX system, to which relevant referral and settlement data is transmitted. We handle this data to administer your participation and to reconcile the commissions credited to you.

43.

Device, Distribution, and Technical Data. Given that MakZens is distributed as a direct Android APK download from our website, as an installable web application (PWA) on iPhone and iPad, and as a browser-based web client rather than through the Apple App Store or Google Play for the direct-download path, we collect technical data appropriate to each surface. This may include device model and operating-system version, application or build version, installation and update identifiers, browser type, language settings, and platform capabilities. Such data is used to deliver compatible functionality, to manage in-application updates, and to diagnose platform-specific issues.

44.

Push Notification Data. To deliver push notifications we process the push tokens issued by the relevant operating-system or browser notification services and associate them with your account and devices. To protect the confidentiality of your communications, the push payload we dispatch carries only the sender identifier together with a generic placeholder rather than the message content, so that the substantive text is retrieved securely on-device after the notification is received. We retain push tokens for the purpose of routing notifications and cease using a token once it is revoked or becomes invalid.

45.

Location Data. Where you use the location-sharing feature, we process the geographic coordinates you elect to share and transmit them to the recipients or group you have designated. Location information is collected only when you actively invoke this feature and for the duration and precision you determine, including any live-sharing interval you enable. We do not use location-sharing data to track you in the background or for purposes unrelated to fulfilling the feature you have requested.

46.

Connection and Log Data. In the ordinary course of operating the service we automatically generate server and connection logs that may include Internet Protocol (IP) addresses, timestamps, session and request identifiers, protocol and error information, and records of interactions with our application programming interfaces. This data is processed for the legitimate interests of maintaining service availability, ensuring security, preventing abuse and fraud, and complying with our legal obligations under applicable UAE and, where relevant, EU/EEA law. Retention of log data is limited to the period necessary for these purposes.

47.

Support and Correspondence Data. When you contact us for assistance, submit a report, or otherwise communicate with our team, we process the contents of your correspondence together with any identifiers and attachments you provide, such as your email address at [privacy@makzens.app] or in-application support submissions. We use this data to respond to your enquiry, to investigate reported issues, and to maintain a record of the request. This category may incidentally include any personal data you choose to disclose within your message.

48.

Security, Anti-Abuse, and Integrity Data. To protect users and the platform we process data relating to authentication attempts, session validity, rate-limiting, device and account risk signals, and reports concerning prohibited conduct or content within channels and groups. This may include records of blocked or restricted accounts and the metadata necessary to enforce our terms and to prevent circumvention. Such processing is carried out on the basis of our legitimate interests and, where applicable, our legal obligations, and is limited to what is proportionate to safeguard the integrity of the service.

49.

Preference and Settings Data. We store the configuration choices you make within MakZens, including your interface and translation language preferences, notification settings, privacy controls, disappearing-message defaults, and any per-conversation options you apply. This data is processed to deliver a service consistent with your instructions and to maintain those preferences across your linked devices. Changes to these settings are recorded so that your chosen configuration persists between sessions.

50.

Data Received From Third Parties and Other Users. Certain personal data concerning you may reach us from sources other than yourself, including other users who send you messages, add you to groups or channels, match you through the hashed-contacts feature, or share your details; and from our processors, namely the translation providers, NowPayments, and the JokerX and referral systems. We handle such data in accordance with this Policy and the purposes for which it was provided. Where we act as a controller in respect of this information, we apply the same protections described herein regardless of its origin.

51.

Basis, Governing Law, and Cross-Border Transfers. The categories described in this section are collected and processed under the applicable legal bases of the GDPR and the UAE PDPL, and this Policy is governed by the laws of Dubai, United Arab Emirates. Because our processors, including the third-party translation providers, NowPayments, and the JokerX and referral systems, may operate outside your jurisdiction, your personal data may be transferred internationally subject to appropriate safeguards where required by law. The operator of the service is JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates [insert registration number], which you may contact regarding any category of data at [privacy@makzens.app].

4.How and When We Collect Personal Data

52.

We collect personal data at the point you create a MakZens account and configure your profile, including the identifiers you supply such as your username, display name, email address, telephone number where provided, profile photo, and language preferences used to route your messages through our real-time translation function. Because MakZens is operated by JXMSN LLC from Dubai, United Arab Emirates, this collection is governed by the laws of Dubai and, where applicable, the EU General Data Protection Regulation and the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021). We collect only the account data reasonably necessary to establish and secure your access to the Service.

53.

We collect the content of your communications when and to the extent required to deliver and translate them. When you send a 1:1 message, group message, or channel post, the original text and, where applicable, its machine-generated translation are handled by our systems, and the source text is transmitted to third-party artificial-intelligence and large-language-model providers acting as translation processors solely to produce the translated output. This collection occurs at the moment of transmission and is intrinsic to the core cross-language messaging function you have chosen to use.

54.

We collect media and attachments at the time you elect to share them, including voice messages, photographs, files, and location data. Voice and video call signalling and, where technically necessary, related metadata are processed when you place or receive a call, and shared location coordinates are collected only when you actively initiate a location share. Disappearing-message content is handled subject to the expiry parameters you set, after which it is removed in the ordinary course.

55.

We collect contact-matching data when you choose to enable the contacts-matching feature, which operates on a hashed-identifier basis. Rather than retaining your address book in cleartext, MakZens processes hashed representations of contact email addresses to identify which of your contacts already use the Service. We collect and compare these hashes for the sole purpose of surfacing existing MakZens users to you, and we do not use this data to reconstruct your underlying contact list for unrelated purposes.

56.

We collect interaction and engagement data generated as you use messaging features, including message reactions, replies, edits, read and delivery states, and the use of message deep links. This data is collected contemporaneously with the relevant action to render conversation state accurately across your sessions and devices. Such collection is limited to what is necessary to operate the features you invoke and to maintain the integrity of your conversations.

57.

We collect device and technical data automatically when you access MakZens, whether through the Android application installed as a direct APK download from our website, the installable iPhone or iPad web application (PWA), or the browser-based web client. This may include device and operating-system identifiers, application or build version, IP address, approximate coarse location derived from network data, connection information, and diagnostic logs. Because the Android distribution occurs outside the Google Play Store and the iOS experience is delivered as a PWA rather than an App Store listing, certain telemetry is collected directly by us rather than by an intermediary store operator.

58.

We collect multi-device and session data when you link additional devices, including through QR-code web login. When you authorise a new session we collect the associated device information, session tokens, and linkage metadata necessary to synchronise your account securely and to allow you to review and revoke active sessions. This collection safeguards your account against unauthorised access across the multi-device environment.

59.

We collect limited personal data in connection with push notifications. Where you enable notifications, push payloads are constructed to carry only the sender identifier and a generic placeholder rather than message content, so that the notification service transports the minimum data necessary to prompt your device, with the actual message text retrieved on-device thereafter. The push token issued by the relevant platform notification gateway is collected to route these notifications to you.

60.

We collect payment-related data when you purchase optional Premium plans, whether as a one-time purchase or a subscription. Payments are made in USDC stablecoin on the Solana or BSC networks and are processed by NowPayments, a third-party payment processor; MakZens does not custody cryptocurrency and provides no wallet, exchange, investment, or financial-advisory service. We collect the transaction confirmation, plan status, and related references returned to us, while sensitive on-chain and payment-processing details are handled by NowPayments in accordance with its own terms and privacy practices.

61.

We collect data associated with the alternative Premium unlock based on the third-party JokerX NFT. When you elect this route, we perform a server-to-server verification of the NFT together with a one-time confirmation code, without any wallet connection within the application. In this process we collect the verification result and the confirmation reference necessary to activate your entitlement, and we do not collect wallet private keys or take custody of any digital asset.

62.

We collect data relating to our referral programme when you participate as a partner or arrive via a partner link. This includes your personal referral link, referral events, and attribution identifiers, while commission settlement is administered by the third-party JokerX system. We collect this data to attribute referrals accurately and to enable the external settlement of any commissions due under the programme.

63.

We collect personal data that you voluntarily provide when you contact us for support, submit a request, or otherwise correspond with us at [privacy@makzens.app] or through in-app support channels. This includes the contents of your communication, any identifiers you include, and information reasonably necessary to authenticate you and resolve your enquiry. We collect this data to respond to you and to maintain a record of support interactions.

64.

We collect data necessary to exercise your rights under applicable data-protection law and to verify requests you make. Where you submit a request under the GDPR or the UAE PDPL, such as a request to access, rectify, erase, or port your data, or to object to or restrict processing, we collect the information reasonably required to confirm your identity and to locate the relevant records. This limited collection exists to protect your data against fraudulent or mistaken requests before we act upon them.

65.

We collect security, anti-abuse, and fraud-prevention data on an ongoing basis while you use the Service. This may include authentication events, rate-limiting signals, abuse reports, blocked-content indicators, and integrity checks applied to messages, calls, and payment or NFT-verification flows. We collect this data to detect, prevent, and investigate fraud, spam, account compromise, and misuse of the translation, referral, and Premium features.

66.

We collect certain personal data indirectly from third parties who provide services that form part of the MakZens platform, including our translation AI and large-language-model processors, the NowPayments payment processor, and the JokerX NFT-verification and referral-settlement systems. From these parties we may receive confirmations, status flags, error signals, or attribution references arising from your use of the corresponding features. We collect such data solely to complete the transaction or feature you initiated and to maintain accurate account and entitlement records.

67.

We collect personal data through cookies, local storage, and equivalent technologies used by the web client and the installable PWA to maintain sessions, remember preferences, and support core functionality. Where required by the GDPR or the UAE PDPL, non-essential technologies are deployed only on the basis of your consent, which you may withdraw at any time through the available controls. Strictly necessary storage required to operate the Service and keep your session secure is collected irrespective of consent to marketing or analytics technologies.

68.

We collect updated or additional personal data over time as the Service evolves and as you enable new features, and the timing of each collection corresponds to the specific function you use rather than to a single point of onboarding. Where a new category of collection would be materially inconsistent with this Policy, we will update this section and, where the GDPR or the UAE PDPL so requires, provide notice or seek a fresh lawful basis before commencing that collection. All such collection remains subject to the governing law of Dubai, United Arab Emirates, and to the data-subject protections described elsewhere in this Privacy Policy.

5.Legal Bases for Processing (GDPR and UAE PDPL)

69.

MakZens processes personal data only where a valid legal basis exists under Article 6 of the EU General Data Protection Regulation (GDPR) and, for data subjects in the United Arab Emirates, under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL). Because MakZens serves a global audience, JXMSN LLC applies the higher of the two standards to any given processing activity where they diverge, without diminishing the specific rights afforded under either regime. Where this Policy refers to a legal basis, the corresponding PDPL lawful-processing ground under Article 4 of the PDPL is applied in parallel for UAE data subjects.

70.

The core function of MakZens, namely the real-time cross-language translation of your messages, is performed on the legal basis of the performance of a contract to which you are a party under Article 6(1)(b) GDPR. To deliver this feature, the original text of a message and, where applicable, its translated output are transmitted to third-party artificial-intelligence and large-language-model translation processors acting on our documented instructions; this transmission is technically indispensable to provide the messaging service you have requested and cannot be performed without it. You acknowledge that engaging the translation feature necessarily entails this disclosure to translation processors for the sole purpose of rendering your message in the recipient's language.

71.

The provisioning of account-level messaging features, including one-to-one chats, group chats, public and private channels, message reactions, replies, editing, disappearing messages, replies, and photo, file and location sharing, is likewise carried out on the basis of contractual necessity under Article 6(1)(b) GDPR. Processing of the associated content and metadata is limited to what is required to transmit, display, synchronise and store your communications across your devices. Where a feature is optional and activated only at your election, the processing remains grounded in the delivery of the specific service you have chosen to use.

72.

Voice messages, voice and video calls, and the routing of the associated media streams are processed on the basis of contractual necessity under Article 6(1)(b) GDPR in order to establish and maintain the requested real-time communication session. The connection metadata required to signal, route and terminate a call is processed for the same purpose and retained only as long as necessary to operate and troubleshoot the service. No call or voice content is used for any purpose beyond delivering the communication except where a separate legal basis is expressly identified in this Policy.

73.

Contacts matching is performed by comparing cryptographic hashes of email addresses rather than the addresses themselves, and this processing rests on our legitimate interest under Article 6(1)(f) GDPR in allowing you to discover which of your existing contacts already use MakZens. We have assessed that this interest is not overridden by your interests or fundamental rights because only irreversible hashed identifiers are compared, plaintext address books are not retained for this purpose, and the feature operates only when you choose to enable contact discovery. For UAE data subjects, this activity is grounded in the corresponding legitimate-interest basis recognised under the PDPL, subject to your right to object.

74.

Push notifications are dispatched on the basis of contractual necessity and, where required by applicable law, your consent under Article 6(1)(a) GDPR obtained at first run. To protect the confidentiality of your communications, the push payload transmitted through the mobile operating-system delivery services carries only the sender identity and a generic placeholder rather than message content, with the actual text retrieved on-device after the notification is received. This data-minimising design ensures that no message body is exposed to the push transport layer as part of notification delivery.

75.

Where you purchase an optional MakZens premium plan, whether as a one-time purchase or a subscription, the processing of your order and entitlement data is carried out on the basis of contractual necessity under Article 6(1)(b) GDPR. Payment is made in USDC stablecoin on the Solana or BSC network and is processed by NowPayments, a third-party payment processor acting as an independent controller for the payment transaction; JXMSN LLC does not custody cryptocurrency and does not operate any wallet, exchange, investment or financial-advisory service. We receive from NowPayments only the transaction confirmation and reference data necessary to grant, maintain or revoke your premium entitlement.

76.

The alternative premium unlock through verification of a third-party JokerX non-fungible token is processed on the basis of contractual necessity under Article 6(1)(b) GDPR to activate the entitlement you have requested. This mechanism operates through a server-to-server verification against the JokerX system combined with a one-time confirmation code, and it deliberately does not require you to connect a cryptocurrency wallet within the application. We process only the confirmation code and the verification result needed to establish that a valid JokerX NFT entitles you to the premium tier.

77.

Participation in the MakZens referral programme is processed on the basis of contractual necessity under Article 6(1)(b) GDPR in respect of your role as a referring partner, and on the basis of our legitimate interest under Article 6(1)(f) GDPR in operating and attributing referral relationships. Commissions arising from your personal referral link are calculated and settled by the third-party JokerX system, which processes the attribution and payout data as a separate controller. We share with JokerX only the data necessary to attribute referrals and enable settlement, and you may withdraw from the programme at any time.

78.

MakZens is distributed to Android users as a direct APK download from our website and to iPhone and iPad users as an installable progressive web application, in addition to a browser-based web client, rather than through the Apple App Store or Google Play for the direct-download path. Processing of the technical data necessary to deliver, verify the integrity of, and update the application through these channels is grounded in our legitimate interest under Article 6(1)(f) GDPR in securely distributing and maintaining the software. This includes processing update-check and version data so that we can supply security patches and functional updates outside the app-store update mechanisms.

79.

Multi-device access, including web sessions established by scanning a QR code, is processed on the basis of contractual necessity under Article 6(1)(b) GDPR to authenticate the linked device and synchronise your account across endpoints. The session and device-linking data are processed to establish, secure and terminate authorised sessions at your instruction. Message deep links are processed on the same contractual basis to resolve and route you to the specific conversation or content you have chosen to open.

80.

We process personal data on the basis of our legitimate interests under Article 6(1)(f) GDPR to ensure the security, integrity and abuse-resistance of the MakZens platform, including the prevention, detection and investigation of fraud, spam, unauthorised access and misuse of the service. This encompasses the processing of authentication events, device and session signals and limited technical logs. We have balanced this interest against your rights and concluded that such processing is necessary and proportionate to protect users and the operator, and it is applied in a manner that minimises intrusion into the content of your communications.

81.

Where MakZens is required to comply with a legal obligation to which JXMSN LLC is subject, processing is carried out on the basis of Article 6(1)(c) GDPR and the corresponding legal-obligation ground under the UAE PDPL. This includes retention, disclosure or restriction of data mandated by applicable tax, anti-money-laundering, consumer-protection or lawful-request obligations arising in the United Arab Emirates or, where applicable, in another jurisdiction whose law binds us. In exceptional circumstances we may also process data under Article 6(1)(d) GDPR where necessary to protect the vital interests of a natural person.

82.

Where processing is not otherwise justified by contractual necessity, legitimate interest or a legal obligation, we rely on your consent under Article 6(1)(a) GDPR and, for UAE data subjects, on consent as a lawful basis under the PDPL. Consent is requested through a clear affirmative action, for example when enabling push notifications at first run or opting into optional non-essential features, and it is never bundled with the acceptance of these terms. You may withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing carried out before withdrawal.

83.

The transfer of message text to third-party AI and LLM translation providers, and of payment data to NowPayments and referral data to JokerX, may involve the transfer of personal data outside the EEA and outside the UAE. Such transfers are made subject to an adequacy decision where one applies, or otherwise on the basis of appropriate safeguards, including the European Commission's Standard Contractual Clauses under Article 46 GDPR and the cross-border transfer conditions set out in Articles 22 and 23 of the UAE PDPL. A copy of the relevant safeguards may be requested from privacy@makzens.app.

84.

Insofar as the real-time translation of message content, the transmission of communication data or the operation of contacts matching may involve categories of data warranting heightened protection, MakZens processes such data solely to deliver the communication service you have initiated and does not use it to infer special-category attributes or for profiling. Where any processing would engage Article 9 GDPR, it is carried out only on the basis of your explicit consent or another exemption available under Article 9(2) GDPR, and under the equivalent sensitive-data conditions of the UAE PDPL. We do not sell personal data and do not use message content to train third-party models except strictly as necessary to render the requested translation.

85.

The governing law of the relationship between you and JXMSN LLC, whose registered address is PO Box 393394, Dubai, United Arab Emirates and whose registration details are [insert registration number], is the law of Dubai, United Arab Emirates, without prejudice to any mandatory data-protection rights you enjoy under the GDPR or the UAE PDPL in your place of residence. Nothing in this section limits the statutory rights or remedies available to you as a data subject under either regime, including the right to lodge a complaint with your competent supervisory authority. Questions concerning the legal bases described here may be addressed to our data protection contact at privacy@makzens.app.

6.Purposes for Which We Use Personal Data

86.

We use personal data to create and administer your MakZens account, authenticate you across your devices, and enable multi-device access, including the QR-code web login that links your browser or desktop session to your primary device. This processing is necessary to perform our contract with you and to secure the linkage between your paired sessions. Account identifiers, device information, and session tokens are retained for the duration of your use of the service and as required to keep your linked devices synchronised.

87.

We process the content of your messages, including original text and any accompanying metadata, in order to deliver our core cross-language messaging function, whereby every message is automatically translated in real time. To perform this translation we transmit message text to third-party artificial-intelligence and large-language-model providers acting as translation processors on our behalf; both the original and the translated text are handled so that sender and recipient can communicate in their respective languages. We do not use your message content to train our own models, and we instruct our translation processors under contract to process such content solely for the purpose of rendering the translation.

88.

We use personal data to operate the full range of communication features you choose to engage, including 1:1 chats, group chats, public and private channels, voice messages, voice and video calls, photo and file sharing, message reactions, replies, editing, and disappearing messages. This processing is necessary to provide the specific functionality you request and to route, format, and deliver your communications to your intended recipients. Where a feature entails ephemeral handling, such as disappearing messages, we process the relevant data only for as long as needed to give effect to the setting you have selected.

89.

We process a cryptographic hash of the email addresses in your device contacts in order to perform contacts matching, that is, to identify which of your existing contacts are also MakZens users so that we can connect you with them. We match on hashed values rather than raw email addresses to minimise the personal data we handle for this purpose, and we do not use the hashes to build advertising profiles. This processing is carried out on the basis of your consent to access your contacts and in furtherance of the social-connection functionality of the service.

90.

We use personal data to deliver push notifications and message deep links to your devices. To preserve the confidentiality of your communications, push notification payloads carry only the sender identity and a generic placeholder rather than the substance of any message, and your device retrieves and displays the actual content on-device after the notification is received. This design allows us to alert you to new activity without exposing message text to the notification transport layer.

91.

We process payment-related and transaction data to enable optional premium plans, including one-time purchases and subscriptions, which are payable in USDC stablecoin on the Solana or BSC networks. Payment is processed by NowPayments, a third-party payment processor, and MakZens does not take custody of any cryptocurrency, does not operate a wallet, exchange, investment, or financial-advisory service, and does not store your private keys. We retain records of your premium entitlements, order references, and transaction confirmations as necessary to provision your plan, honour refunds where applicable, and comply with our accounting and record-keeping obligations.

92.

We process data relating to the alternative premium unlock in order to verify ownership of a third-party JokerX NFT through a server-to-server check together with a one-time confirmation code. This verification does not require you to connect a cryptocurrency wallet within the application; instead we confirm the eligibility signal returned by the JokerX system and record that a valid confirmation code has been redeemed. We retain the resulting entitlement status so that we can grant and maintain your premium access without repeatedly re-verifying the underlying asset.

93.

We use personal data to administer our referral programme, under which partners share a personal referral link and commissions are calculated and settled by the third-party JokerX system. For this purpose we process referral identifiers, attribution data linking a referred registration to a referring partner, and the status of qualifying events, and we may share the necessary attribution data with JokerX so that commissions can be determined and paid. We do not ourselves disburse referral commissions and we rely on JokerX as the settlement operator for the programme.

94.

We process technical and distribution data to deliver and maintain the MakZens applications across their distribution channels, namely the Android application offered as a direct APK download from our website, the iPhone and iPad experience offered as an installable progressive web application, and the browser-based web client. Because the direct-download path is not distributed through the Apple App Store or Google Play, we may process version, build, and update-check information to inform you of available updates and to deliver in-application updates where technically supported. This processing is necessary to keep your installation current, functional, and secure.

95.

We use personal data to maintain the security, integrity, and availability of the service, including to authenticate sessions, detect and prevent fraud, abuse, spam, and unauthorised access, and to investigate and respond to security incidents. This processing is grounded in our legitimate interests in protecting our users and infrastructure and, where applicable, in complying with our legal obligations. Security logs, device and connection metadata, and abuse-related records are retained for the period necessary to fulfil these protective purposes.

96.

We process personal data to provide customer support and to communicate with you about your account, including responding to enquiries, troubleshooting technical issues, and sending service-related and transactional messages such as verification, security, and billing notices. Correspondence you send to us, together with the information reasonably necessary to resolve your request, is processed for this purpose. You may contact us regarding your data at privacy@makzens.app.

97.

We use aggregated and, where feasible, pseudonymised data to monitor, analyse, and improve the performance, reliability, and usability of the service, including diagnosing errors, understanding feature usage in the aggregate, and prioritising product improvements. We seek to minimise the use of identifiable personal data for analytics and to rely on aggregated or de-identified metrics wherever this is sufficient for the purpose. This processing is founded on our legitimate interests in developing and enhancing the MakZens service.

98.

We process personal data to comply with our legal, regulatory, tax, and accounting obligations, including obligations arising under the laws of Dubai, United Arab Emirates, which govern this policy and our relationship with you. Where we are subject to lawful requests from competent authorities, we may process and disclose data to the extent legally required, and we retain records for the periods mandated by applicable law. This processing is necessary for compliance with the legal obligations to which JXMSN LLC is subject.

99.

We process personal data in order to establish, exercise, or defend legal claims and to enforce our terms of service and acceptable-use rules. This may include retaining and reviewing relevant account, communication-metadata, and transaction records where necessary to resolve disputes, respond to complaints, or protect our rights and those of our users. Such processing is based on our legitimate interests in enforcing our agreements and defending against claims.

100.

Where you are located in the European Union or European Economic Area, we process your personal data in accordance with the General Data Protection Regulation, relying on the lawful bases of performance of a contract, consent, legitimate interests, and legal obligation as described in this policy. Because our translation, payment, and referral functions involve third-party processors that may operate outside the EEA, we implement appropriate safeguards, such as Standard Contractual Clauses or an equivalent transfer mechanism, for international transfers of personal data. You may exercise your rights of access, rectification, erasure, restriction, portability, and objection, and may withdraw consent at any time, by contacting us at privacy@makzens.app.

101.

Where you are located in the United Arab Emirates, we process your personal data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, including its requirements regarding lawful processing, data-subject consent, and cross-border transfers. We process such data on the bases permitted under the PDPL, obtain consent where the law so requires, and apply appropriate protections when transferring personal data outside the UAE to our translation, payment, and other third-party processors. Requests to exercise your rights under the PDPL may be directed to privacy@makzens.app.

102.

We may process and, where necessary, further use personal data for the purpose of communicating material changes to this service, including notifying you of updates to our features, terms, or privacy practices, and of any corporate event such as a merger, acquisition, financing, or transfer of assets involving JXMSN LLC. In the event of such a transaction, personal data may be transferred to a successor or acquirer subject to the commitments described in this policy or an equivalent policy. Any such processing will be limited to what is necessary to give effect to the change and to keep you appropriately informed.

7.Messages, Content and Translation Data

103.

When you compose and send a message through MakZens, we and our infrastructure necessarily process the content of that message in order to transmit it, translate it, and deliver it to the intended recipient or channel. This content may include text, voice messages, photographs, files, location data, message reactions, replies, and edits, together with associated metadata such as sender and recipient identifiers, timestamps, delivery status, device and message identifiers, and, where applicable, disappearing-message expiry timers. We process this data on the legal basis of performance of our contract with you under Article 6(1)(b) GDPR and the corresponding contractual-necessity ground under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).

104.

The core function of MakZens is cross-language messaging in which every message is automatically translated in real time. To perform this translation, the original text of your message is transmitted to one or more third-party artificial-intelligence and large-language-model providers acting as our translation processors, which return a translated version of that text. You should understand that the substantive content of your outgoing messages is disclosed to these external translation providers as an inherent and unavoidable part of the service, and that using MakZens necessarily entails this disclosure.

105.

Both the original text of a message and its machine-generated translation are handled by the service so that each participant can read the conversation in their preferred language. Where a message is translated, we may transiently or persistently associate the source text and the translated text for the purpose of accurate delivery, error correction, and consistency across a conversation thread. Translations are produced by automated systems and may contain inaccuracies, omissions, or contextual errors, and we do not warrant that any translation is complete or fit for legal, medical, financial, or other consequential purposes.

106.

Our third-party translation providers are engaged as processors and are contractually bound, so far as we are reasonably able to secure, to process message content solely to provide translation results to us and not for their own independent purposes. Because these providers may operate infrastructure outside the United Arab Emirates and outside the European Economic Area, message content may be transferred across international borders. Such transfers are made subject to appropriate safeguards, including standard contractual clauses under Chapter V GDPR where an EEA adequacy decision does not apply, and the cross-border transfer conditions set out in Articles 22 to 23 of the UAE PDPL.

107.

Voice messages, voice calls, and video calls are processed to enable real-time or asynchronous communication between participants. Where a voice message or call audio is subject to transcription or spoken-language translation, the relevant audio or its transcript may likewise be transmitted to third-party AI processors to generate the requested text or translation. We do not use the content of your calls or voice messages to build advertising profiles, and we do not sell message, voice, or call content to any party.

108.

Certain features cause content to persist for longer or shorter periods according to your choices and the nature of the feature. Messages in ordinary 1:1 chats, group chats, and public or private channels are retained to allow continued access across your devices, while messages sent using the disappearing-messages feature are scheduled for deletion from our active systems after the timer you select expires. You acknowledge that recipients may nonetheless retain copies of content through screenshots, forwarding, file downloads, or device-level backups outside our control.

109.

MakZens supports multi-device use, including a browser-based web client and web login by QR code. When you link an additional device, message content and account data are synchronised to that device so that your conversations remain available, and you are responsible for securing each linked device and for unlinking devices you no longer control. Message deep links that you generate or open are processed to route you to the referenced conversation or content, and the destination identifier contained in such a link is handled as message metadata.

110.

The contacts-matching feature allows you to discover which of your contacts also use MakZens. To perform this matching without uploading your contacts' raw email addresses, we process email addresses in hashed form and compare those hashes against hashes of registered users, so that we do not retain the plaintext email addresses of non-users beyond what is necessary to compute the match. This processing is carried out on the basis of your consent under Article 6(1)(a) GDPR and the corresponding consent ground under the UAE PDPL, and you should obtain any consent required from your contacts before using this feature.

111.

Push notifications are delivered through platform and operating-system push services so that you are alerted to new messages and calls. To protect the confidentiality of your communications, the push payload transmitted through these external push channels carries only the identity of the sender and a generic placeholder rather than the actual message text, and the substantive content is retrieved on-device only after your application receives the notification. This design limits the exposure of message content to intermediary push-delivery infrastructure.

112.

Because MakZens is distributed for Android as a direct APK download from our website and for iPhone and iPad as an installable progressive web application, and additionally through a browser web client, rather than through the Apple App Store or Google Play for the direct-download path, message and content data are processed within our own application and delivery environment. We collect technical and diagnostic data associated with these distribution channels, such as application version, delivery method, and device characteristics, to secure the service and deliver updates, and we process this data on the basis of our legitimate interests under Article 6(1)(f) GDPR.

113.

We process limited transactional data in connection with optional premium plans, which may be purchased as a one-time payment or by subscription. Payment is made in USDC stablecoin on the Solana or BSC networks and is processed by NowPayments, a third-party payment processor; MakZens does not custody cryptocurrency and provides no wallet, exchange, investment, or financial-advisory service. We do not receive or store your private keys, and the on-chain payment data and any wallet information are handled by NowPayments and the relevant public blockchains under their own terms and privacy notices.

114.

As an alternative means of unlocking premium features, you may verify a third-party JokerX non-fungible token through a server-to-server check combined with a one-time confirmation code, without connecting a wallet within the application. For this purpose we process the confirmation code and the result of the verification check, and we exchange the necessary verification signals with the JokerX system, but we do not thereby take custody of, or acquire any rights in, the underlying NFT. The verification result is used solely to determine your premium entitlement.

115.

If you participate in the referral programme, we process your personal referral link, referral events, and related attribution data so that qualifying referrals can be recognised. Commissions arising from the referral programme are calculated and settled by the third-party JokerX system, and we share with that system the data reasonably necessary to attribute referrals and enable settlement. We do not disclose the content of your messages to the referral or commission-settlement systems.

116.

We rely on distinct legal bases for the different processing activities described in this section, namely performance of our contract with you for message transmission and translation, your consent for optional features such as contacts matching, and our legitimate interests for security, abuse prevention, and service improvement, in each case with the equivalent grounds recognised under the UAE PDPL. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent for a feature may render that feature unavailable to you.

117.

We retain message and content data only for as long as necessary to provide the service, comply with applicable legal obligations under the laws of the United Arab Emirates and other jurisdictions to which we are subject, resolve disputes, and enforce our agreements, after which such data is deleted or irreversibly anonymised. Disappearing messages are removed in accordance with the timer you set, and account deletion triggers the removal of associated message content from our active systems within [insert retention window, e.g. 30 days], subject to residual copies in secure backups that are overwritten on our ordinary backup-rotation cycle. Aggregated or anonymised data that no longer identifies you may be retained for statistical purposes.

118.

Subject to the conditions and exemptions in the GDPR and the UAE PDPL, you have the right to access the message-related and content data we hold about you, to request rectification or erasure, to restrict or object to certain processing, to data portability, and, in relation to fully automated decisions producing legal or similarly significant effects, not to be subject to such decisions; translation is an automated processing operation but does not by itself produce such effects. To exercise these rights, or to raise a concern, you may contact us at privacy@makzens.app, and EEA data subjects additionally have the right to lodge a complaint with their competent supervisory authority. Where we act as a controller of message content, requests concerning content that also involves other participants will be handled with due regard to the rights and freedoms of those other individuals.

119.

This section, and your use of MakZens generally, is governed by the laws of Dubai, United Arab Emirates, and any dispute concerning the processing of messages, content, and translation data is subject to the jurisdiction of the competent courts of Dubai, without prejudice to any mandatory data-protection rights and remedies available to you under the GDPR in your country of residence within the EEA. MakZens is operated by JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates, registered under [insert registration number], which acts as the data controller for the processing described in this section. Where the mandatory provisions of the GDPR or the UAE PDPL confer protections that exceed those provided by the governing law, those mandatory provisions prevail to the extent of any conflict.

8.AI and Third-Party Translation Processing

120.

MakZens is a cross-language messaging service operated by JXMSN LLC (PO Box 393394, Dubai, United Arab Emirates), and its core function depends on the automated translation of message content in real time. To perform this function, the text of the messages you send and receive, together with any accompanying original-language text, is transmitted to third-party artificial intelligence and large language model providers acting as translation processors on our behalf. By transmitting a message through MakZens you understand and accept that the content of that message will be disclosed to and processed by such external providers for the sole purpose of generating its translation.

121.

The translation processing described in this section constitutes a processing operation for which JXMSN LLC acts as the controller within the meaning of Regulation (EU) 2016/679 (GDPR) and as the controller within the meaning of the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). The third-party AI and LLM translation providers act as processors, and where required they are engaged under written data processing agreements imposing confidentiality, security and purpose-limitation obligations consistent with Article 28 GDPR and the corresponding provisions of the UAE PDPL.

122.

The categories of data disclosed to translation processors are limited to the linguistic content necessary to perform translation, namely the original message text and, where applicable, the source and target language indicators. We do not intentionally transmit your account identifiers, contact list, device identifiers or payment information to the translation providers for the purpose of translation, and any technical metadata unavoidably transmitted (such as message length or language) is limited to what is necessary for the service to function.

123.

Because MakZens messages may contain any information you choose to include, message text sent for translation may incidentally contain personal data, and in some cases special categories of personal data within the meaning of Article 9 GDPR (for example data revealing health, religious beliefs or sexual orientation). You are responsible for the content you transmit, and by sending such content you provide your explicit consent, and confirm that you have obtained any necessary consent from other participants, to its translation by third-party AI providers as an integral and non-severable part of using the service.

124.

The legal basis for the disclosure of message content to translation providers is the necessity of that processing for the performance of our contract with you to deliver a real-time translation messenger service, pursuant to Article 6(1)(b) GDPR, and, insofar as consent is required for particular categories of content, Article 9(2)(a) GDPR. Under the UAE PDPL, the equivalent bases are the necessity of processing for the performance of a contract to which the data subject is a party and, where applicable, the data subject's consent.

125.

Certain translation providers may operate infrastructure located outside the European Economic Area and outside the United Arab Emirates, including in jurisdictions that have not been recognised as providing an adequate level of data protection. Where message content is transferred to such jurisdictions, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the transfer mechanisms permitted under Articles 44 to 49 GDPR, and on the cross-border transfer conditions set out in Articles 22 to 23 of the UAE PDPL. A list of the translation processors then in use, together with their locations, is available on request from [privacy@makzens.app].

126.

We instruct our translation processors, by contract, not to use the message content transmitted for translation to train, fine-tune or improve their own artificial intelligence models, and to retain that content only for the period strictly necessary to return the translated output. We cannot, however, guarantee the internal practices of every third-party provider, and you should therefore refrain from transmitting through the service any content whose disclosure to an external AI provider you are unwilling to accept.

127.

Automated translation is performed by statistical and generative language models and is provided without warranty of accuracy, completeness or fitness for any particular purpose. Translations may contain errors, omissions, mistranslations, hallucinated content or contextually inappropriate renderings, and MakZens must not be relied upon for legal, medical, financial, safety-critical or other communications where translation errors could cause harm. The original message text remains the authoritative version of any communication, and the translated text is provided for convenience only.

128.

The real-time translation of a message does not constitute a decision producing legal or similarly significant effects concerning you within the meaning of Article 22 GDPR, as it merely renders your own communication into another language and effects no evaluation, scoring or automated decision about you. Where you nonetheless wish to exercise rights in relation to automated processing, you may contact us at [privacy@makzens.app] and we will respond in accordance with the applicable data protection law.

129.

Push notifications delivered by MakZens are designed to protect the confidentiality of message content: the push payload transmitted through the Apple Push Notification service, Firebase Cloud Messaging or an equivalent gateway carries only the identity of the sender and a generic placeholder, and never the message body or its translation. The actual message text, whether original or translated, is retrieved and decrypted on your device after the notification is received, so that neither the push transport providers nor the operating-system vendors receive the substance of your communications.

130.

The contacts matching feature does not disclose your address book in clear form to us or to any third party. Email addresses from your device are transformed into irreversible cryptographic hashes before transmission, and matching is performed by comparing hash values only, so that the underlying email addresses of persons who are not MakZens users are not stored by us in an intelligible form. This hashing is independent of, and its output is not disclosed to, the translation processors described in this section.

131.

Optional premium plans, comprising one-time purchases and subscriptions, are paid in USDC stablecoin on the Solana or BSC networks and are processed exclusively by NowPayments, a third-party payment processor acting as an independent controller of the payment data it collects. JXMSN LLC does not custody cryptocurrency, does not operate a wallet, exchange, investment or financial-advisory service, and receives from NowPayments only the confirmation of payment and the limited transaction reference necessary to activate your plan. Your dealings with NowPayments are additionally governed by that processor's own privacy policy and terms.

132.

As an alternative means of unlocking premium features, MakZens supports verification of a third-party JokerX non-fungible token through a server-to-server check combined with a one-time confirmation code, and this process does not require you to connect a cryptocurrency wallet within the application. In performing this verification we exchange only the confirmation code and the resulting eligibility status with the JokerX system, and no private keys, wallet credentials or seed phrases are requested, transmitted or stored by MakZens at any time.

133.

The referral programme enables partners to share a personal referral link, and any commissions arising from that programme are calculated and settled by the third-party JokerX system rather than by MakZens. For this purpose we disclose to the JokerX system only the referral identifiers and attribution data necessary to attribute qualifying actions to a partner, and the JokerX operator acts as an independent controller in respect of the commission and settlement data it processes.

134.

MakZens is distributed to Android users as a direct APK download from our website and to iPhone and iPad users as an installable progressive web application (PWA), in addition to a browser-based web client, and it is not distributed through the Apple App Store or Google Play for the direct-download path. Because the direct-download and PWA channels are not mediated by an application-store review or update mechanism, you are responsible for obtaining the application only from our official website and for applying updates, and the third-party translation, push and payment integrations described in this policy operate identically across all supported distribution channels.

135.

You may exercise your rights of access, rectification, erasure, restriction, objection and data portability under the GDPR, and the corresponding rights of access, correction, deletion, restriction of processing, and cessation of processing under the UAE PDPL, in respect of the data processed for translation and the other operations described in this section, by contacting us at [privacy@makzens.app]. Where message content has already been transmitted to and processed by a translation provider for the purpose of returning a translation, we will act on erasure and restriction requests to the extent technically possible given that such transient processing may already have been completed at the moment of sending.

136.

This section, and the processing described in it, is governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, and any dispute arising out of or in connection with it shall be subject to the jurisdiction of the competent courts of Dubai, United Arab Emirates, without prejudice to any mandatory rights or remedies available to data subjects resident in the European Union or European Economic Area under the GDPR and the law of their habitual residence. In the event of a conflict between this section and any other provision of this Privacy Policy concerning third-party AI translation, payment, referral or notification processing, the provisions of this section shall prevail.

9.Contacts Matching and Address-Book Data

137.

MakZens offers an optional contacts matching feature that enables you to discover which of your existing phone or device address-book contacts already use the service so that you may begin cross-language conversations with them. This feature is entirely voluntary and is never activated by default; it operates only after you grant the relevant device permission and affirmatively enable contacts matching within the application. If you decline or later revoke this permission, the core messaging, translation, voice and video calling, and channel functions of MakZens remain fully available to you.

138.

To perform contacts matching, MakZens does not upload your address book in plaintext. Instead, the application derives a cryptographic hash of the email addresses stored in your device contacts and transmits only those hashed values to our servers for comparison against hashes of registered MakZens accounts. The underlying plaintext email addresses of your contacts are not sent to, stored by, or retained on our servers as part of this process, and the matching is performed solely on the level of irreversible hashed identifiers.

139.

The legal basis under Article 6(1)(a) of the General Data Protection Regulation for processing address-book-derived data through contacts matching is your explicit consent, which you provide by enabling the feature and granting the corresponding device permission. Under the United Arab Emirates Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), we likewise rely on your consent as the lawful ground for this processing. You may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

140.

When you enable contacts matching, you may transmit information relating to third parties, namely persons in your address book who have not themselves consented to MakZens. You represent that you are entitled to share those contact identifiers for the limited purpose of matching, and you acknowledge that hashing is applied specifically to reduce the exposure of those third parties. For any contact whose hashed email does not correspond to a registered MakZens account, the submitted hash is used only transiently for the comparison and is not retained to build a profile of non-users.

141.

Contacts matching is a distinct processing activity from message translation. When you send a message, its text is transmitted to third-party artificial-intelligence and large-language-model translation providers acting as processors in order to generate the real-time translation; by contrast, your address-book identifiers are never sent to those translation providers and are used solely for the discovery of existing MakZens users. We maintain this separation so that contact data and message content are not commingled across processing purposes.

142.

The results of a successful match are used to populate your in-application contact list, to indicate which contacts are reachable on MakZens, and to facilitate the initiation of 1:1 chats, group chats, and calls. We do not use hashed contact data for advertising, for sale to third parties, or for any secondary purpose unrelated to the discovery and connection functionality described in this section. Contacts matching is not used to determine premium eligibility, referral commissions, or payment processing.

143.

MakZens is distributed as a direct Android APK download from our website and as an installable progressive web application for iPhone and iPad, in addition to a browser-based web client, rather than through the Apple App Store or Google Play for the direct-download path. The availability and behaviour of the device address-book permission consequently depend on the platform and installation method you use, and certain web or PWA contexts may offer limited or no access to the native address book. Where the platform does not expose contacts, the matching feature may be unavailable or restricted accordingly.

144.

You may disable contacts matching at any time through the application settings or by revoking the address-book permission at the operating-system level. Upon disabling the feature, MakZens ceases further transmission of hashed contact identifiers, and any hashed values previously retained to maintain your match list are deleted or invalidated within a commercially reasonable period. Disabling contacts matching does not delete conversations you have already begun with contacts who are MakZens users.

145.

Hashed contact identifiers that we retain in order to keep your contact list current are stored only for as long as the contacts matching feature remains enabled for your account and are subject to periodic refresh. When you delete your MakZens account, the hashed identifiers associated with your account, together with any match records derived from your address book, are deleted or irreversibly anonymised in accordance with our general retention practices and applicable law. We do not retain address-book-derived data beyond the purposes for which it was collected.

146.

MakZens does not require access to your address book in order to add contacts. As an alternative to contacts matching, you may connect with other users through message deep links, by exchanging usernames or invitation links, by joining public or private channels, or by scanning a QR code for multi-device web login, none of which involve processing your device address book. These alternatives allow you to use the full messaging experience while keeping your contacts private.

147.

Because our servers, translation processors, and other service providers may operate outside the European Economic Area and the United Arab Emirates, hashed contact identifiers processed for matching may be transferred internationally. Where such transfers involve personal data subject to the GDPR, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, and where they involve data subject to the UAE PDPL, we apply the transfer conditions set out in that law. We take reasonable steps to ensure that any recipient of address-book-derived data is bound by confidentiality and data-protection obligations.

148.

The hashing applied to contact email addresses is a security and data-minimisation measure and is not represented as a guarantee of absolute anonymity, since a hash of a known email value can in principle be recomputed and compared. We therefore treat hashed contact identifiers as personal data and protect them with the same technical and organisational measures, including encryption in transit and access controls, that we apply to other categories of personal data. We do not publish or expose the hash values of your contacts to other users.

149.

Subject to the GDPR and the UAE PDPL, you have the right to access, rectify, restrict, and erase personal data derived from your address book, to object to its processing, and to request data portability where applicable. To exercise these rights in respect of contacts matching, you may contact us at privacy@makzens.app, and we will respond within the timeframes prescribed by the applicable law. Because we hold contact identifiers only in hashed form, certain requests may require you to identify the specific contacts concerned so that we can locate the corresponding records.

150.

If you are an individual whose hashed email has been submitted to MakZens by another user through contacts matching but who does not use the service, you may request that we refrain from processing any identifier corresponding to your email address. Upon receiving a verified request at privacy@makzens.app, we will take reasonable steps to suppress future matching against the identifier concerned. Because non-matching hashes are not retained to profile non-users, in most cases no persistent record of a non-user will exist to be erased.

151.

MakZens accepts no responsibility for the accuracy or completeness of the data contained in your device address book, and match results depend on the email addresses you have stored and on whether the corresponding persons have registered with the same email. A failure to match a given contact does not indicate that the contact is not a MakZens user, as they may have registered using a different email address. You remain responsible for verifying the identity of any person with whom you communicate.

152.

Contacts matching and its associated processing of address-book-derived data are governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, and any dispute concerning this processing is subject to the jurisdiction referenced in the general terms of this Privacy Policy, without prejudice to any mandatory rights you enjoy under the GDPR or your local law. JXMSN LLC, having its registered address at PO Box 393394, Dubai, United Arab Emirates, is the controller responsible for this processing. Where required, our data protection point of contact may be reached at privacy@makzens.app.

153.

This section addresses only contacts matching and address-book data and should be read together with the other sections of this Privacy Policy, including those describing translation by third-party AI providers, payment processing in USDC via the third-party processor NowPayments, premium unlocking through verification of a third-party JokerX NFT, and the referral programme settled through the JokerX system. Address-book-derived identifiers are not shared with NowPayments, with the JokerX system, or with the referral or NFT-verification workflows, each of which relies on separate data as described in its respective section. In the event of any conflict between this section and a more specific provision elsewhere in the policy concerning contact data, the provision more protective of your rights shall prevail.

10.Push Notifications, Device and Technical Data

154.

When you install the MakZens Android application (distributed as a direct APK download from our website rather than through the Google Play Store) or add the iPhone/iPad progressive web app to your home screen, and where you consent to receive push notifications, your device or browser generates a push registration token issued by the relevant platform push service. JXMSN LLC processes this token solely to route message and call notifications to the correct device, and we retain it only for as long as the associated device remains registered to your account. Because our Android distribution occurs outside the Play Store, delivery may rely on the platform messaging transport available on your device, and we do not receive the content of any third-party push infrastructure logs.

155.

Our push notification payloads are deliberately minimised: they carry only the identity of the sending contact, channel or group and a generic placeholder indicating that a new message, reaction, call or voice message is waiting, and they do not contain the substantive text of your messages. Because MakZens delivers cross-language conversations, the translated and original message text is never embedded in the notification envelope transmitted through the platform push service. The application retrieves and renders the actual message content on-device only after it has been securely delivered, so that sensitive conversation data is not exposed within the notification transport layer.

156.

Notwithstanding the minimisation described above, you should understand that a push notification necessarily transits the infrastructure of your operating system or browser vendor, which acts as an independent controller of the delivery token and associated diagnostic metadata under its own privacy terms. JXMSN LLC has no control over, and accepts no responsibility for, the processing that such platform operators perform on push tokens and delivery telemetry. We recommend that you review the notification and privacy settings of your device and browser, which you may use at any time to disable push notifications without otherwise affecting your ability to use MakZens.

157.

To operate the service securely we collect certain technical and device data, which may include device model and operating system version, application or PWA build version, preferred language and locale settings, screen and display characteristics relevant to rendering, time zone, and coarse connection information. This data is processed to deliver a functioning client across our supported surfaces, namely the Android APK build, the installable iOS web app, and the browser web client. We rely on this information to diagnose compatibility issues and to ensure that real-time translation and messaging features perform correctly on your particular configuration.

158.

For the multi-device functionality that allows you to link the browser web client by scanning a QR code, we process device identifiers, session tokens and linkage metadata that associate each authenticated session with your account. This information enables us to display your active sessions, to allow you to revoke a linked device, and to detect and terminate sessions that appear anomalous or unauthorised. Session and linkage data of this kind is retained for the duration of the active link and for a limited period thereafter for security and audit purposes.

159.

We generate and process security-related log data, including IP addresses, timestamps, authentication events, rate-limiting signals and abuse-detection indicators. The lawful basis for this processing under the EU and EEA General Data Protection Regulation is our legitimate interest in protecting the integrity and availability of the service and in preventing fraud and abuse, and the equivalent basis is recognised under the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Such logs are subject to defined retention limits and are not used to build advertising or behavioural profiles.

160.

The core purpose of MakZens is cross-language messaging, and to achieve this the text of your messages is transmitted to third-party artificial intelligence and large language model providers acting as translation processors, which return a translated rendering that is delivered alongside the original text. This means that message content, and any device or technical metadata strictly necessary to route a translation request, leaves our environment and is processed by these external providers under contractual data-processing terms. We instruct such processors to use the transmitted content solely to perform the translation and not for their own independent purposes, but you should not send information you would not wish to be processed by an automated third-party translation service.

161.

Voice messages, voice and video calls, photographs, files and location data that you choose to share are processed to provide the corresponding features, and the technical metadata surrounding their transmission (such as media type, size, duration and delivery timestamps) is handled to enable reliable delivery. Where a voice message is transcribed or otherwise translated, the relevant audio-derived text may be subject to the same third-party translation processing described in the preceding clause. Location data is processed only when you actively invoke the location-sharing feature and is not collected passively in the background.

162.

The contacts-matching feature operates on a privacy-preserving basis: rather than uploading your address book in plaintext, the application transmits cryptographic hashes of email addresses so that mutual contacts already using MakZens can be identified. We process these hashed identifiers to surface existing connections and we do not reconstruct or retain the plaintext contact details of non-users from this process. The technical data generated by contacts matching is limited to what is necessary to compute and compare these hashes securely.

163.

For push notifications relating to payment and premium entitlement events, only minimal technical signals are processed, and no cardholder or wallet data passes through our notification systems. Premium plans are paid in USDC stablecoin on the Solana or BSC networks and are processed by NowPayments, a third-party payment processor, meaning that the technical and transactional data associated with settlement is handled within that processor's environment. JXMSN LLC does not custody cryptocurrency, does not operate a wallet, exchange, investment or financial-advisory service, and receives only the confirmation and reference data necessary to activate your entitlement.

164.

Where you elect the alternative premium unlock based on verification of a third-party JokerX non-fungible token, the process is performed by a server-to-server verification check combined with a one-time confirmation code, and no wallet connection is established within the MakZens application. The technical data processed for this route is confined to the verification request, its result and the confirmation code, and we do not gain access to your private keys, wallet balances or on-chain transaction history beyond the specific verification outcome. This design deliberately avoids the device-level exposure that a direct in-app wallet integration would entail.

165.

If you participate in the referral programme, we process technical attribution data such as referral link identifiers, click and registration timestamps and the device or session signals necessary to associate a qualifying event with the correct partner link. Commissions are settled by the third-party JokerX system, and the corresponding settlement and payout data is processed within that system rather than within our messaging infrastructure. We limit our processing to what is required to detect fraud, prevent self-referral abuse and provide accurate attribution.

166.

We may process aggregated and, where feasible, anonymised diagnostic and performance data, including crash reports, latency measurements for translation and message delivery, and feature-availability metrics, in order to maintain and improve service quality. Wherever such measurement can be conducted without directly identifying you, we adopt that approach, and we do not sell device or technical data to third parties. Any analytics we operate are configured for service integrity and product improvement rather than for cross-context behavioural advertising.

167.

As controller of the personal data described in this section, JXMSN LLC is established at PO Box 393394, Dubai, United Arab Emirates, and can be contacted regarding device, technical and notification data at privacy@makzens.app. Because our audience is global and includes the European Union and European Economic Area as well as the United Arab Emirates, personal data may be transferred to and processed in jurisdictions outside your country of residence, including in connection with our third-party translation, payment and infrastructure providers. Where such transfers involve personal data subject to the GDPR, we implement an appropriate transfer mechanism such as the European Commission's Standard Contractual Clauses, and we apply comparable safeguards for transfers governed by the UAE Personal Data Protection Law.

168.

In respect of the device and technical data covered by this section, data subjects in the European Union and European Economic Area may exercise their rights under the GDPR, including the rights of access, rectification, erasure, restriction, data portability and objection, and may lodge a complaint with a supervisory authority. Data subjects in the United Arab Emirates may exercise the corresponding rights afforded by Federal Decree-Law No. 45 of 2021, including access, correction, erasure and objection to processing, subject to the conditions set out in that law. Requests concerning push tokens, session linkages, contacts-matching hashes or other technical data may be submitted to privacy@makzens.app, and we will respond within the periods prescribed by the applicable law.

169.

We retain push tokens, session and device identifiers, security logs and other technical data only for as long as necessary to fulfil the purposes for which they were collected, after which they are deleted or irreversibly anonymised in accordance with our retention schedule. Push registration tokens are invalidated when you disable notifications, uninstall the application, remove the installed web app or unlink a device, and stale tokens returned as invalid by the platform push service are purged. Security and abuse-prevention logs are kept for a defined period appropriate to the risk they address before being erased.

170.

This Privacy Policy, including the processing of push notification, device and technical data described in this section, is governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, and any dispute arising in connection with it is subject to the jurisdiction of the competent courts of Dubai, without prejudice to any mandatory data-protection rights or remedies available to you under the GDPR or the UAE Personal Data Protection Law. Where a conflict arises between this governing-law provision and a non-waivable statutory right that applies to you as a data subject, that mandatory right prevails to the extent required. We may update this section to reflect changes in our processors, features or legal obligations, and material changes will be notified through the application or by other appropriate means.

11.Payments, Subscriptions and Cryptocurrency Data

171.

This section explains how MakZens, operated by JXMSN LLC (PO Box 393394, Dubai, United Arab Emirates), processes personal data connected with optional Premium plans, subscriptions, referral settlements and cryptocurrency payments. It supplements the general provisions of this Privacy Policy and applies whenever you purchase a one-time Premium unlock, take out a recurring subscription, participate in the referral programme or unlock Premium by verifying a JokerX NFT. Where this section and the general provisions conflict on payment matters, this section prevails.

172.

MakZens does not operate its own card-acquiring or crypto-processing infrastructure and does not custody, hold, exchange or invest cryptocurrency on your behalf. Premium payments in USDC stablecoin on the Solana or BSC networks are processed exclusively by NowPayments, an independent third-party payment processor acting as a separate controller for the payment transaction it carries out. When you initiate a payment you are directed to a NowPayments-hosted flow, and the collection of your wallet, transaction and network data by NowPayments is governed by NowPayments' own privacy policy, over which we have no control.

173.

For each Premium purchase we receive from NowPayments only the limited confirmation data we need to activate your entitlement, namely a payment or invoice identifier, the plan and amount, the network used (Solana or BSC), the payment status and the timestamp of settlement. We associate this confirmation with your MakZens account identifier in order to unlock or renew the corresponding features. We do not receive or store your private keys, seed phrases or wallet credentials, and we do not initiate transfers from your wallet.

174.

Depending on the network and the information relayed by NowPayments, we may process the originating blockchain wallet address and on-chain transaction hash solely for the purposes of reconciling payments, evidencing that a purchase occurred, handling disputes and refunds, and meeting our record-keeping obligations. You should be aware that transactions on public blockchains such as Solana and BSC are inherently public, permanent and pseudonymous, and that MakZens cannot alter, reverse or delete any record written to a blockchain by you or by the payment processor.

175.

The lawful basis for processing payment confirmation data under the EU and EEA General Data Protection Regulation is the performance of the contract for the Premium service you have requested (Article 6(1)(b) GDPR), together with our legitimate interest in preventing fraud and abuse (Article 6(1)(f) GDPR) and, where applicable, compliance with a legal obligation (Article 6(1)(c) GDPR). For users in the United Arab Emirates, the corresponding processing is carried out on the equivalent bases available under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL).

176.

For recurring subscriptions we retain the metadata required to manage the subscription lifecycle, including the plan type, the activation date, the current billing period, the renewal or expiry date and the cancellation status. We use this data to grant continued access to Premium features, to notify you before renewal where required, and to cease access when a subscription lapses or is cancelled. We do not store any standing payment authorisation that would allow us to debit a wallet automatically, because renewals in USDC are effected through NowPayments-initiated payment requests rather than by us pulling funds.

177.

As an alternative to paying in USDC, you may unlock Premium by verifying ownership of a qualifying third-party JokerX NFT. This verification is performed by a server-to-server check between MakZens and the JokerX system, combined with a one-time confirmation code, and it deliberately does not require you to connect a wallet inside the MakZens app. In this flow we process the confirmation code, the result of the ownership check and the associated entitlement status, and we may exchange a pseudonymous reference with the JokerX system so that the same NFT is not used to unlock more entitlements than permitted.

178.

Where you unlock Premium via JokerX, the JokerX operator acts as an independent third party in respect of its own NFT and ownership-verification records, and its processing of any data you have provided to it is governed by its own terms and privacy notice. MakZens receives from that check only a pass or fail result and the minimum reference needed to bind the unlock to your account. We do not receive the contents of your NFT wallet, your holdings or your on-chain activity beyond the specific verification result.

179.

If you take part in the referral programme, we process the personal referral link assigned to you, the identifiers of referred sign-ups or qualifying purchases attributable to that link, and the resulting commission status. Commissions are calculated and settled through the third-party JokerX system, which means that data necessary to attribute and pay a commission, such as your partner identifier and qualifying-event references, may be shared with JokerX for that purpose. MakZens does not itself hold or disburse commission balances and does not provide any investment, yield or financial-return service in connection with the programme.

180.

We wish to be explicit that the message-translation functionality at the heart of MakZens is a separate data flow from payment processing and is not funded by, or dependent upon, the disclosure of your payment data. Message content is transmitted to third-party artificial-intelligence and large-language-model translation providers in order to perform real-time translation of your messages, and both original and translated text are handled for that narrow purpose; your wallet address, transaction hashes and subscription metadata are never sent to those translation providers. Conversely, we do not send your message content or contact graph to NowPayments, to JokerX or to any payment or referral processor.

181.

We process the minimum data required to detect and prevent fraudulent, duplicated or abusive purchases, chargeback abuse and unauthorised sharing of entitlements. This may include correlating a payment confirmation, a JokerX unlock or a referral event with account signals such as the account identifier, device or session indicators and the timing and frequency of transactions. Where such checks involve automated evaluation, they do not produce legal or similarly significant effects that lack human review, and you may contact us to request a manual assessment of any refused or reversed entitlement.

182.

Because MakZens is distributed as a direct Android APK download and as an installable iPhone and iPad web application (PWA) as well as a browser web client, and not through the Apple App Store or Google Play on the direct-download path, purchases are not intermediated by an app-store billing system. As a result, no app-store account, app-store receipt or app-store-held payment credential is created or processed by us for these purchases, and store-level purchase records or family-sharing mechanisms do not apply. Payment and entitlement records therefore exist only in the MakZens account system and in the records of NowPayments and, where relevant, JokerX.

183.

Payment, subscription, referral and NFT-verification data is disclosed only to the processors and recipients strictly necessary to deliver and account for these services, namely the payment processor NowPayments, the JokerX system for referral settlement and NFT verification, our hosting and infrastructure providers, and professional advisers or competent authorities where we are legally required to disclose. We do not sell payment-related personal data and we do not use it for advertising or profiling unrelated to fraud prevention and service delivery. Any transfer of such data outside your jurisdiction is subject to appropriate safeguards as described in the international-transfers section of this Privacy Policy.

184.

As MakZens serves a global audience including the European Economic Area, transfers of payment-related data to processors located outside the EEA are made under an adequacy decision or under Standard Contractual Clauses supplemented by appropriate technical and organisational measures. For users in the United Arab Emirates, cross-border transfers are conducted in accordance with the transfer conditions of the UAE PDPL and its implementing regulations. You may request further information about the specific safeguards applicable to a given transfer by contacting us at [privacy@makzens.app].

185.

We retain payment confirmations, subscription records, referral-settlement data and NFT-verification results for as long as your entitlement is active and thereafter for the period required to comply with our accounting, tax, anti-fraud and legal-defence obligations, after which the data is deleted or irreversibly anonymised. Data written to a public blockchain by you or by the payment processor lies outside our systems and cannot be erased by us, and requests for erasure are therefore fulfilled only in respect of the copies held within MakZens' own records. Retention periods for records held by NowPayments or JokerX are determined by those parties under their own policies.

186.

Subject to the conditions and exemptions of the GDPR and the UAE PDPL, you may exercise your rights of access, rectification, erasure, restriction, portability and objection in relation to the payment-related personal data we hold about you, and you may withdraw consent where processing is based on consent without affecting the lawfulness of prior processing. Requests concerning data held by NowPayments or JokerX in their capacity as separate controllers should be directed to those parties, although we will assist by signposting the appropriate contact where we are able. To exercise your rights against MakZens, or to lodge a complaint, please contact us at [privacy@makzens.app] or at JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates.

187.

This section, together with the remainder of this Privacy Policy, is governed by the laws applicable in Dubai, United Arab Emirates, and any dispute concerning the processing of payment-related data shall be subject to the jurisdiction specified in the MakZens Terms of Service. Nothing in this section limits any mandatory data-protection rights or remedies available to you under the GDPR, the UAE PDPL or other applicable law that cannot lawfully be excluded. In the event of any inconsistency between a translated version of this section and the English-language original, the English-language version shall prevail.

12.Referral, Partner and NFT-Verification Data

188.

This section explains how JXMSN LLC, the operator of MakZens (PO Box 393394, Dubai, United Arab Emirates), processes personal data arising from the referral programme, partner relationships and the JokerX NFT-verification premium-unlock path. It supplements the general provisions of this Privacy Policy and applies in addition to, and without limiting, the sections addressing account data, messaging content, translation processing and payment data. Where a conflict arises between this section and a more general clause, the provision that is more protective of the data subject shall govern in respect of referral, partner and NFT-verification data.

189.

When you participate in the MakZens referral programme, we process the personal referral link or code assigned to you, the identifier of the referring partner, the timestamp and technical metadata of referral events, and the resulting attribution records that connect a new registration or premium purchase to a referrer. The lawful bases for this processing under the EU General Data Protection Regulation are the performance of the referral arrangement to which you are a party (Article 6(1)(b)) and, in respect of fraud prevention and attribution integrity, our legitimate interests (Article 6(1)(f)); under the UAE Federal Decree-Law No. 45 of 2021 (PDPL) we rely on the corresponding grounds of contractual necessity and legitimate interest. We do not require you to disclose sensitive personal data in order to participate.

190.

Referral commissions are calculated and settled by the third-party JokerX system, which acts as an independent controller for the settlement, payout and reconciliation of partner commissions. To enable settlement we transmit to JokerX only the data necessary to attribute and verify a qualifying event, which may include the referrer identifier, the referral code, the event type and the associated transaction reference; we do not transmit the content of your messages, your contacts or your translated conversations to JokerX. You should review the JokerX privacy notice separately, as its processing of your payout and tax-related information is governed by its own terms and is outside our control.

191.

The JokerX NFT-verification path allows an eligible user to unlock MakZens premium features without connecting a cryptocurrency wallet inside the application. When you use this path, we perform a server-to-server check against the JokerX system to confirm that a qualifying JokerX NFT is associated with your entitlement, and we issue and validate a one-time confirmation code. We do not import, store or reconstruct your wallet address, private keys, seed phrases or on-chain holdings within MakZens beyond the minimal verification result and confirmation-code metadata required to grant and audit the unlock.

192.

The personal data processed for NFT verification is limited to the verification request and response, the one-time confirmation code and its validation status, the associated account identifier, and the timestamps and outcome of the check. We retain the verification outcome and code-usage record for the purpose of demonstrating that premium entitlement was lawfully granted, for fraud prevention, and for compliance and dispute-resolution purposes. We do not use NFT-verification data for advertising, profiling of your financial behaviour, or any purpose incompatible with unlocking and maintaining your premium entitlement.

193.

MakZens is not a wallet, exchange, custodian, investment platform or financial-advisory service, and JXMSN LLC does not take custody of any cryptocurrency, NFT or stablecoin at any point in the referral or NFT-verification flows. Where premium is purchased rather than unlocked via NFT, payment in USDC on the Solana or BSC networks is processed exclusively by the third-party processor NowPayments, which independently handles the on-chain payment and related transaction data as described in the payment section of this Privacy Policy. We receive from NowPayments only confirmation of payment status and a transaction reference sufficient to activate your plan, and we do not receive or store your wallet credentials.

194.

For each referral, partner-commission and NFT-verification interaction we generate audit and log records, including request identifiers, network origin, device or client type (whether you use the Android APK build, the installable iOS or iPad web application, or the browser web client), and the outcome of the operation. These records are processed on the basis of our legitimate interest in securing the service, preventing referral fraud and abuse, and satisfying our accountability obligations under the GDPR and the UAE PDPL. Access to these records is restricted to authorised personnel and processors bound by confidentiality obligations.

195.

The referral and NFT-verification features do not require, and do not initiate, the transmission of your message content to third-party translation providers. Real-time translation of messages through third-party artificial-intelligence and large-language-model processors occurs only in the messaging context and is described separately in this Privacy Policy; participation in the referral programme or use of the NFT-unlock path does not cause your original or translated conversation text to be shared with referral partners, JokerX or NowPayments. We maintain this separation deliberately so that commercial and entitlement data flows remain isolated from the content of your communications.

196.

If a referral results in the matching of contacts, we emphasise that MakZens matches contacts solely by irreversibly hashed email address, and that referral attribution does not expand this practice. A referrer does not gain access to the plaintext contact list, message history, location data or media of a referred user by virtue of the referral relationship. Any social-graph inference is limited to the attribution record linking a referrer identifier to a referred account, and is not enriched with the content of that account's communications.

197.

Because referral commissions and NFT entitlements are settled or verified through the JokerX system, and premium payments are processed by NowPayments, certain personal data may be transferred to and processed in jurisdictions outside your country of residence, including outside the EU/EEA and the UAE. For transfers of personal data originating in the EU/EEA we rely on appropriate safeguards under Chapter V of the GDPR, including Standard Contractual Clauses where applicable; for transfers subject to the UAE PDPL we rely on the cross-border transfer conditions set out in Federal Decree-Law No. 45 of 2021 and its implementing regulations. Details of the specific safeguards in place may be obtained by contacting privacy@makzens.app.

198.

We retain referral, partner-commission and NFT-verification data only for as long as is necessary for the purposes for which it was collected, including the calculation and settlement of commissions, the maintenance of your premium entitlement, and the fulfilment of legal, tax, accounting and audit obligations under applicable Dubai and UAE law. One-time confirmation codes are invalidated after use or expiry, and attribution records are retained for the limited period required to resolve chargebacks, reversals and commission disputes. Upon expiry of the applicable retention period the data is deleted or irreversibly anonymised in accordance with our retention schedule.

199.

In respect of referral and NFT-verification data that we control, data subjects in the EU/EEA may exercise the rights of access, rectification, erasure, restriction, portability and objection under Articles 15 to 22 of the GDPR, and data subjects in the UAE may exercise the corresponding rights under the PDPL, including the rights of access, correction, deletion and restriction of processing. Certain records, such as commission-settlement and payment-confirmation data required for legal and accounting compliance, may be exempt from erasure to the extent retention is mandated by law. Requests may be submitted to privacy@makzens.app and will be handled within the timeframes prescribed by the applicable law.

200.

Where JokerX settles your commissions or NowPayments processes your premium payment, those parties act as independent controllers or as separate processors under their own terms, and JXMSN LLC is not responsible for their independent processing decisions. To the extent any referral or verification activity is carried out by a party acting on our behalf and under our instructions, we engage that party under a written data-processing agreement that imposes GDPR Article 28 and PDPL-equivalent obligations, including confidentiality, security and sub-processing controls. We maintain a record of the categories of recipients involved and can provide further information on request.

201.

We apply technical and organisational security measures to referral, partner and NFT-verification data commensurate with the risk, including transport encryption of server-to-server verification calls, access controls, the use of one-time and time-limited confirmation codes, and logging of entitlement grants. Because the Android application is distributed as a direct APK download from our website and the iOS and iPad experience is delivered as an installable progressive web application rather than through the Apple App Store or Google Play, we additionally implement integrity and anti-tampering safeguards appropriate to those distribution channels for entitlement-sensitive operations. No method of transmission or storage is entirely secure, and we cannot guarantee absolute security.

202.

We do not use referral, partner or NFT-verification data to carry out automated decision-making producing legal or similarly significant effects concerning you within the meaning of Article 22 of the GDPR. Automated logic is applied only to attribute qualifying events to a referrer, to validate a one-time confirmation code, and to detect patterns indicative of fraud or abuse; any adverse determination that would suspend a referral account or revoke an entitlement is subject to human review upon request. You may contact privacy@makzens.app to request such review or to contest an attribution or verification outcome.

203.

If you withdraw from the referral programme, disable NFT-based premium unlock, or delete your MakZens account, we will cease further processing of the associated referral and verification data for active-programme purposes, subject to the retention obligations described above. Withdrawal from the referral programme does not affect the lawfulness of processing carried out before withdrawal, nor does it entitle you to the reversal of commissions already validly settled by JokerX. Residual records necessary for fraud prevention, dispute resolution and statutory compliance may be retained in restricted form until the applicable limitation periods expire.

204.

This section is governed by, and shall be construed in accordance with, the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, and, where the extraterritorial scope of the GDPR applies to your data, in accordance with that Regulation. In the event of any inconsistency between the language versions of this Privacy Policy, the English version shall prevail for the purposes of this section. Questions, complaints or requests concerning referral, partner or NFT-verification data may be addressed to JXMSN LLC at PO Box 393394, Dubai, United Arab Emirates, or by email to privacy@makzens.app, and, for EU/EEA data subjects, to our representative or data protection contact at [insert EU representative contact].

13.Cookies, Local Storage and Similar Technologies

205.

This section explains how JXMSN LLC ("MakZens", "we", "us"), the operator of the MakZens messenger established at PO Box 393394, Dubai, United Arab Emirates, uses cookies, browser local storage, IndexedDB, service-worker caches and comparable client-side technologies across its browser web client, its installable iPhone and iPad Progressive Web App (PWA) and its Android application distributed as a direct APK download from our website. Because MakZens is delivered outside the Apple App Store and Google Play for the direct-download path, some of the storage mechanisms described here (in particular service-worker and PWA caches) are essential to the installation and offline operation of the product rather than optional conveniences. Where this section refers to "cookies" it should be read to include all functionally equivalent local storage and device-identification techniques, whether or not a traditional HTTP cookie is technically involved.

206.

For the purposes of European Union and EEA law, the placing and reading of information on a user's terminal equipment is governed by the ePrivacy rules as transposed in the relevant Member State and, insofar as the information constitutes personal data, by the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). For users in the United Arab Emirates, our use of these technologies is additionally assessed under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL"). Nothing in this section limits any mandatory consent, information or objection right that applies to a given user under the law of their place of residence.

207.

We rely on strictly necessary storage without prior consent where such storage is indispensable to provide the messaging service that the user has expressly requested. This category includes the session and authentication tokens that keep a user signed in, the QR-based multi-device pairing state that links the browser web client or PWA to the user's primary account, the service-worker registration and application shell cache that make the PWA installable and usable offline, and short-lived security tokens used to protect forms and requests against cross-site request forgery. Disabling these items is not offered as an option because the messenger cannot function without them.

208.

Functional storage is used to remember the user's stated preferences and to make repeat use of MakZens coherent across sessions and devices. This includes the interface language and the user's default translation language pair, notification and disappearing-message defaults, draft messages held locally before sending, theme and layout choices, and the list of paired devices established through the multi-device QR web login. Functional storage of this kind is treated as necessary to deliver features the user has actively enabled, and where local law requires consent for any particular item we will obtain it before that item is set.

209.

MakZens caches message content, media thumbnails and delivery state in browser storage (including IndexedDB and the service-worker Cache Storage) so that conversations, group chats, channels and previously loaded photos or files remain available quickly and, where possible, offline. This local cache may contain both the original text of a message and its machine-translated counterpart, because the core function of MakZens is to display each message in the recipient's chosen language. Users should be aware that this cached content resides on the local device, and we provide in-application controls to clear conversations and locally stored media as described in the "Your Rights and Choices" section.

210.

A defining characteristic of MakZens is that message text is transmitted to third-party artificial-intelligence and large-language-model providers acting as translation processors in order to render each message in the recipient's language in real time. Client-side storage participates in this flow only to the limited extent of caching the resulting original-and-translated text on the sending and receiving devices and of retaining the user's language preferences; the translation itself is performed server-side by the third-party processors and is not carried out by cookies or local storage. We do not use these translation providers to place advertising identifiers or tracking cookies, and message text handled for translation is not repurposed by us for behavioural profiling through client-side storage.

211.

When MakZens performs contacts matching to help users find people they already know, matching is carried out using a one-way hash (a cryptographic digest) of email addresses rather than the raw addresses themselves. Any local storage used in connection with this feature holds hashed values and matching results, not plaintext address books beyond what is necessary to compute the hashes on the device. We do not deploy this feature, or the storage supporting it, to build cross-service advertising audiences.

212.

Push notifications on the web client and PWA depend on a browser-managed push subscription and, on Android, on the platform messaging service; the associated subscription identifiers are stored on the device and registered with our servers so that we can deliver alerts. Consistent with our privacy-by-design approach, push payloads carry only the sender's identity and a generic placeholder rather than message content, and the actual message text is fetched and decrypted or displayed by the application on-device after the notification is received. Storage used for push therefore holds routing and subscription data, not the substance of your conversations.

213.

Payments for optional premium plans (one-time purchases and subscriptions) are handled entirely by NowPayments, a third-party payment processor, with settlement in USDC stablecoin on the Solana or BSC networks. When a user initiates a purchase, cookies or comparable storage set by NowPayments on its own payment pages are controlled by NowPayments under its own privacy and cookie notices, and we do not receive or custody any crypto assets, wallet keys or seed phrases through our own storage. MakZens local storage retains only the resulting entitlement or subscription status needed to unlock premium features; we provide no wallet, exchange, custody, investment or financial-advisory service.

214.

The alternative premium unlock based on verification of a third-party "JokerX" NFT is performed by a server-to-server check combined with a one-time confirmation code, and it does not require or involve connecting a cryptocurrency wallet within the MakZens application. Client-side storage in this flow is limited to holding the confirmation-code entry state and the resulting premium entitlement flag; no wallet credentials are requested, transmitted or stored by us. Any cookies encountered during the JokerX verification are set by the JokerX system rather than by MakZens.

215.

Our referral programme allows partners to share a personal link, with commissions settled by the third-party JokerX system. To attribute a signup or purchase to the correct partner, MakZens may store a referral identifier locally (for example in local storage or a first-party cookie) when a user arrives via a referral link, and may transmit that identifier at registration. This attribution storage is used solely to credit the referring partner and to operate the programme; it is not used to serve third-party advertising, and the commercial settlement itself is carried out by JokerX under its own terms.

216.

MakZens does not use third-party advertising cookies, cross-site tracking pixels or data brokers to monetise user activity, and it is not part of our business model to sell personal data. To the limited extent we use analytics or crash-diagnostic storage to understand aggregate usage, stability and abuse patterns, we prefer privacy-preserving and first-party approaches and, where such storage is not strictly necessary, we set it only after obtaining any consent required by the GDPR, applicable ePrivacy rules or the UAE PDPL. Any analytics identifiers stored are kept for no longer than necessary for the stated diagnostic purpose.

217.

Because a substantial part of MakZens runs as a Progressive Web App and as an offline-capable web client, service workers cache application code and assets to enable installation, faster loading and continued operation during intermittent connectivity. Updating or reinstalling the PWA, or clearing site data in the browser, will refresh or remove these caches; on Android, uninstalling the APK removes the corresponding application storage. We design these caches to hold application resources and the user's own conversation data on the device, not third-party tracking material.

218.

Where the law of a user's jurisdiction requires prior, informed and freely given consent for non-essential storage, we present a consent mechanism on first use and record the user's choices, and we make it as easy to withdraw consent as it was to give it. For EU/EEA users this reflects GDPR standards of consent and the right to withdraw at any time without detriment; for UAE users it reflects the consent and data-subject provisions of the UAE PDPL. Withdrawing consent does not affect the lawfulness of storage carried out before withdrawal, nor does it disable strictly necessary storage required to run the messenger.

219.

Users can control and delete client-side storage at any time through their own browser or device settings, including clearing cookies, site data, IndexedDB and service-worker caches, adjusting notification permissions, and uninstalling the PWA or the Android APK. Within MakZens we additionally provide controls to sign out and unpair devices connected via QR web login, to clear individual conversations and locally cached media, and to manage disappearing-message settings. Removing essential storage will interrupt authentication and offline functionality until the user signs in again, and clearing local caches may require content to be re-fetched and, where applicable, re-translated by our third-party translation processors.

220.

Some technologies described here are set by, or transmit data to, independent third parties who act as controllers or processors in their own right, including our translation AI/LLM providers, the NowPayments payment processor, and the JokerX system used for NFT verification and referral settlement. We are not responsible for the independent cookie and storage practices of these third parties, and users should consult the respective privacy and cookie notices of those providers. Where a third party acts as our processor, it is bound by a data-processing agreement requiring it to handle data only on our documented instructions and in accordance with the GDPR and, where applicable, the UAE PDPL.

221.

We review our use of cookies, local storage and similar technologies periodically and will update this section as MakZens features, distribution methods or third-party providers change; the date of the latest revision is shown at the top of this Privacy Policy. This Privacy Policy, including this section, is governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, without prejudice to any mandatory data-protection rights that a user may enjoy under the GDPR or the law of their habitual residence. Questions about our use of these technologies, and requests to exercise data-subject rights in relation to storage-derived data, may be addressed to our privacy contact at privacy@makzens.app or by post to JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates.

14.Disclosure and Sharing of Personal Data

222.

MakZens does not sell your personal data and does not disclose it to third parties except as described in this section or as otherwise permitted or required by applicable law, including the EU General Data Protection Regulation (GDPR) and the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021). Where we share personal data, we do so only on a defined legal basis, for the purposes set out in this Privacy Policy, and subject to appropriate contractual, technical and organisational safeguards. Recipients are permitted to process your personal data only in accordance with our documented instructions and are prohibited from using it for their own independent purposes.

223.

To deliver the core cross-language messaging function, the text content of your messages, and where applicable transcriptions of voice messages, is transmitted to third-party artificial-intelligence and large-language-model providers acting as translation processors for the sole purpose of generating a translated version in real time. Both the original text and the resulting translated text are handled during this operation, and the translation providers are engaged as processors bound by data-processing terms that restrict use of the content to the translation task. Users should understand that meaningful message content is necessarily disclosed to these providers because on-device translation would not provide the accuracy and language coverage the service requires.

224.

The specific translation processors we engage may change over time as we optimise for quality, latency and coverage, and a current list of such sub-processors is maintained and made available upon request at privacy@makzens.app. We contractually require each translation provider to implement confidentiality obligations, security measures and, where applicable, restrictions against retaining or training on message content beyond what is necessary to perform the translation. Where a translation provider is located outside your jurisdiction, we rely on the transfer mechanisms described in the international-transfers provisions of this Privacy Policy.

225.

Payments for optional premium plans, including one-time purchases and subscriptions, are processed by NowPayments, a third-party payment processor, and the personal and transaction data you submit during checkout is disclosed to and handled by that processor under its own terms and privacy notice. Because premium payments are settled in USDC stablecoin on the Solana or BSC networks, the associated on-chain transaction data is recorded on public, immutable blockchains that JXMSN LLC neither controls nor can amend or erase. JXMSN LLC does not custody cryptocurrency, does not operate a wallet, exchange, investment or financial-advisory service, and receives from NowPayments only the confirmation and reference data required to activate your premium entitlement.

226.

As an alternative route to unlocking premium features, MakZens supports verification of a third-party JokerX NFT by means of a server-to-server check together with a one-time confirmation code, without any wallet connection within the application. In performing this verification we exchange with the JokerX system only the limited identifiers necessary to confirm eligibility and to associate the confirmed entitlement with your MakZens account. We do not receive or store your private keys, seed phrases or wallet credentials through this process.

227.

Our referral programme relies on personal referral links shared by partners, and the attribution and settlement of referral commissions are carried out by the third-party JokerX system rather than by JXMSN LLC directly. To enable commission calculation and payout, we disclose to JokerX the limited data required to attribute qualifying actions to the relevant referral link, such as referral identifiers and the fact and status of a qualifying premium purchase. Partners participating in the referral programme are subject to the JokerX system's own terms and privacy practices in respect of the data processed for settlement.

228.

The contacts-matching feature operates on the basis of hashed email addresses rather than plaintext contact details, and any disclosure to our infrastructure providers in connection with this feature is limited to those irreversible hashes and their comparison results. We use hashing specifically so that the matching operation can identify mutual contacts without our systems or service providers processing the underlying email addresses in cleartext for this purpose. No contact information is shared with other users beyond revealing that a person already present in your address book also uses MakZens, subject to that other user's own privacy settings.

229.

When we send push notifications to your device, the notification payload delivered through the platform push services (such as Apple Push Notification service and Firebase Cloud Messaging) carries only the sender's identifier together with a generic placeholder, and never the decrypted or substantive content of the message. The application subsequently retrieves and renders the actual message text on your device, so that message content is not exposed to the push transport providers. This design intentionally minimises the personal data disclosed to push intermediaries while still enabling timely delivery notifications.

230.

We rely on a range of infrastructure and operational service providers acting as processors on our behalf, including cloud hosting, storage, content-delivery, database, logging, analytics, error-monitoring and customer-support providers, and personal data is disclosed to them strictly to the extent necessary to operate and secure the service. Each such processor is engaged under a written data-processing agreement that satisfies the requirements of Article 28 GDPR and the corresponding provisions of the UAE PDPL. These providers are not authorised to use your personal data for any purpose other than providing the contracted service to MakZens.

231.

For features involving media and rich content, including photo and file sharing, voice messages, and voice or video calls, the relevant data is transmitted through and, where applicable, temporarily stored by our messaging and real-time-communication infrastructure providers solely to route and deliver that content to the intended recipients. Location data shared through the location-sharing feature is likewise transmitted only to the chats or recipients you designate and to the infrastructure necessary to deliver it. Message reactions, replies, edits and disappearing-message settings generate associated metadata that is processed only to render these interactive features as designed.

232.

Because MakZens is distributed for Android as a direct APK download from our website and for iPhone and iPad as an installable progressive web app (PWA), rather than through the Apple App Store or Google Play for that direct-download path, we generally do not receive app-store intermediary reporting for those installations and do not disclose your data to those app-store operators in connection with them. Where you access MakZens through the browser web client or via multi-device QR web login, session and device data is processed to establish and secure the linked session. Any distribution or content-delivery provider that hosts the APK or web assets receives only the technical request data inherent in serving those files.

233.

We may disclose personal data where we believe in good faith that such disclosure is necessary to comply with a binding legal obligation, court order, regulatory request or lawful demand from a competent authority, including authorities in the United Arab Emirates and, where applicable, other jurisdictions. Before disclosing, we assess the validity and scope of each request, disclose only the data reasonably required, and, where legally permitted, notify affected users. We also reserve the right to disclose data where necessary to establish, exercise or defend legal claims.

234.

We may disclose personal data where reasonably necessary to enforce our Terms of Service, to investigate and prevent fraud, abuse, spam, security incidents or unlawful conduct, or to protect the rights, property or safety of JXMSN LLC, our users or the public. Such disclosures are limited to what is proportionate to the specific risk or violation being addressed. This may include sharing relevant technical and account data with security, anti-abuse or fraud-prevention providers engaged for these purposes.

235.

In the event of a merger, acquisition, financing, reorganisation, insolvency, sale of assets or other corporate transaction involving JXMSN LLC, personal data may be disclosed to or transferred to the counterparty and its professional advisers as part of the transaction, subject to appropriate confidentiality protections. Any successor entity will be bound to honour the commitments made in this Privacy Policy or will provide notice and choices consistent with applicable law before materially changing how your data is handled. We will notify affected users of any such change of controller where required by the GDPR or the UAE PDPL.

236.

Where processing involves the transfer of personal data outside the European Economic Area or outside the United Arab Emirates, including transfers to translation providers, payment processing, or cloud infrastructure situated in other jurisdictions, we implement an appropriate transfer mechanism such as an adequacy decision, the European Commission's Standard Contractual Clauses, or the safeguards recognised under the UAE PDPL and its implementing regulations. We take reasonable steps to ensure that recipients afford your personal data a level of protection consistent with the applicable data-protection framework. Further information about the specific safeguards applied to a given transfer is available on request at privacy@makzens.app.

237.

Any disclosure of personal data to a third party is subject to the principle of data minimisation, meaning that we share only the categories and volume of data necessary for the defined purpose and no more. Wherever practicable we favour pseudonymised, hashed, aggregated or otherwise de-identified data over directly identifying information when sharing with service providers. This section is intended to describe the categories of recipients and the circumstances of disclosure honestly and specifically, rather than to reserve broad or unspecified rights to share your data.

238.

JXMSN LLC, whose registered office is at PO Box 393394, Dubai, United Arab Emirates and whose registration details are [insert registration number], acts as the controller responsible for the disclosures described in this section, and this Privacy Policy, together with any matters arising from these disclosure practices, is governed by the laws of Dubai, United Arab Emirates. This choice of governing law is without prejudice to mandatory data-subject rights and remedies that may be available to you under the GDPR or the UAE PDPL. Questions, objections or requests relating to the sharing of your personal data may be directed to privacy@makzens.app.

15.International Data Transfers

239.

MakZens is operated by JXMSN LLC, a company established in Dubai, United Arab Emirates, with its registered address at PO Box 393394, Dubai, United Arab Emirates. Because the service is delivered to a global audience and relies on infrastructure and processors located in multiple jurisdictions, your personal data will necessarily be transmitted to, stored in, and processed in countries other than the one in which you reside. By using the service you acknowledge that such cross-border transfers are inherent to the operation of a real-time cross-language messaging platform and that they occur in accordance with this section.

240.

The defining feature of MakZens is the automatic real-time translation of messages, and this feature cannot function without international data flows. When you send a message, the original text, and where applicable the resulting translated text, is transmitted to third-party artificial-intelligence and large-language-model providers acting as translation processors, which may be established outside your country and outside the UAE or the EU/EEA. These providers receive the message content solely to perform and return the translation, and the transfer is limited to what is technically necessary to deliver the cross-language messaging you have requested.

241.

Where you are located in the European Economic Area, the United Kingdom, or Switzerland, transfers of your personal data to countries that have not received an adequacy decision from the European Commission or the competent authority are safeguarded by the Standard Contractual Clauses adopted under Regulation (EU) 2016/679 (GDPR), or by an equivalent lawful transfer mechanism. We incorporate these clauses into our agreements with translation providers, our payment processor, and other recipients as required, and we supplement them with additional technical and organisational measures where a transfer impact assessment indicates this is necessary.

242.

For data subjects protected under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), cross-border transfers are carried out only where the destination jurisdiction provides an adequate level of protection as recognised by the competent UAE authority, or, in the absence of such recognition, on the basis of an appropriate safeguard such as a contractual undertaking, your explicit consent, or another ground permitted under Articles 22 and 23 of the PDPL. Where transfer is necessary for the performance of the messaging contract you have entered into with us, we rely on the corresponding statutory exception under the PDPL.

243.

Payment for optional premium plans, whether one-time purchases or subscriptions, is processed entirely by NowPayments as an independent third-party payment processor, and the associated transaction data is transferred to and handled by that processor on its own infrastructure. Because settlement is effected in USDC stablecoin on the Solana or BSC networks, transaction confirmations are additionally propagated across a public, globally distributed blockchain that is not controlled by us and cannot be geographically confined. JXMSN LLC does not custody cryptocurrency and does not operate any wallet, exchange, or settlement layer, and accordingly the international character of these payment and blockchain flows is determined by the processor and the underlying networks rather than by us.

244.

Where you unlock premium features through verification of a third-party JokerX NFT, the confirmation is performed by a server-to-server check against the JokerX system together with a one-time confirmation code, and the limited data exchanged during that verification may be transmitted to servers operated by the JokerX provider in jurisdictions outside your own. No wallet is connected within the MakZens application, so the transfer is confined to the identifiers necessary to validate the NFT entitlement and to return the verification result. Any onward processing by the JokerX provider is governed by that provider's own arrangements and applicable transfer safeguards.

245.

Participation in the referral programme entails the transmission of referral and commission-related data to the third-party JokerX system, which calculates and settles partner commissions and which may operate outside the EU/EEA and the UAE. When you share your personal referral link or when a referred sign-up is attributed to you, the associated attribution and settlement data is transferred to that external system for the purpose of commission processing. We limit this transfer to the data required for the referral relationship and rely on contractual safeguards with the operator of that system where the destination lacks a recognised adequacy status.

246.

Our contacts-matching feature transmits only hashed representations of email addresses, rather than plaintext contact details, when it is used to identify which of your contacts already use MakZens. Because this matching is performed on our infrastructure and potentially by sub-processors located abroad, the hashed identifiers may cross international borders in the course of the match. This design is intended to minimise the personal data exposed in any cross-border transfer while still enabling the discovery of existing contacts on the service.

247.

Push notifications for new messages are dispatched through third-party push-delivery gateways, which for Android and web clients and for the installable iPhone and iPad web application may route notification payloads through servers located in other countries. Consistent with our privacy-by-design approach, the push payload carries only the identity of the sender and a generic placeholder rather than the substantive message content, and the actual message text is loaded on-device after delivery. As a result, the international transfer effected through the push infrastructure does not expose the translated or original body of your communications.

248.

MakZens is distributed as a direct Android APK download and as an installable Progressive Web Application for iPhone and iPad, alongside a browser-based web client, rather than through the Apple App Store or Google Play for the direct-download path. Delivery of the application package, of PWA assets, and of subsequent updates is served through content-delivery and hosting infrastructure that is inherently international, so requests for these assets and the associated connection metadata may be handled by nodes in various jurisdictions. This distribution model does not alter the substance of the safeguards described in this section, which apply to all personal data processed in connection with your use of the service.

249.

We engage sub-processors, including cloud hosting, storage, and communications providers, in order to operate the platform's features such as group chats, public and private channels, voice messages, voice and video calls, photo and file sharing, and location sharing. Where these sub-processors are located outside your jurisdiction, we impose contractual obligations on them, including the applicable Standard Contractual Clauses or PDPL-compliant undertakings, that require them to protect your personal data to a standard consistent with this policy. We remain accountable for the personal data we entrust to such sub-processors regardless of where they are located.

250.

Before initiating or continuing a category of international transfer to a non-adequate country, we conduct a transfer risk assessment that considers the nature of the data involved, the sensitivity of message content routed to translation providers, the laws and practices of the destination country, and the technical and organisational measures in place. Where that assessment identifies residual risk, we apply supplementary measures such as encryption in transit, data minimisation, and pseudonymisation, or we decline to proceed with the transfer. This assessment is reviewed periodically and upon any material change to our processors or their locations.

251.

Certain international transfers may be made in reliance on statutory derogations where no adequacy decision or standard safeguard applies, in particular where the transfer is necessary for the performance of the contract to deliver translated messaging to you, or where you have given your explicit and informed consent after being advised of the possible risks. We rely on such derogations only in the specific and limited circumstances permitted by Article 49 of the GDPR and the corresponding provisions of the UAE PDPL. Where consent is the basis of a transfer, you may withdraw that consent at any time, subject to the consequence that certain features may no longer be available to you.

252.

Voice and video calls conducted through MakZens may be routed and relayed through internationally distributed real-time communication servers in order to establish and maintain the connection between participants who may themselves be in different countries. The routing of call signalling and media relay data across borders is a technical necessity of connecting a global user base and is undertaken with appropriate transport-layer protections. Metadata necessary to establish these sessions may transit servers outside your jurisdiction, while we limit the retention of such data to what is required to operate the calling feature.

253.

You retain your data-subject rights in respect of internationally transferred personal data, including, where applicable under the GDPR or the UAE PDPL, the right to be informed about the recipients and safeguards of a transfer and, in appropriate cases, to obtain a copy of the relevant transfer mechanism. To exercise these rights, or to request further information about the specific safeguards applied to a particular category of transfer, you may contact us at privacy@makzens.app. We will respond to such requests within the timeframes prescribed by the applicable data-protection law.

254.

Notwithstanding the international location of our processors and infrastructure, this Privacy Policy and any dispute concerning the transfer or processing of your personal data are governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, and are subject to the jurisdiction of the competent courts of Dubai. This choice of governing law and forum does not deprive data subjects in the EU/EEA of the mandatory protections afforded to them by the GDPR, nor of the ability to lodge a complaint with their competent supervisory authority. Where the mandatory law of your place of residence confers non-waivable rights, those rights continue to apply alongside the governing law stated here.

255.

We will update the list of recipient categories, sub-processors, and transfer mechanisms as our providers or their processing locations change, and material changes affecting international transfers will be communicated in accordance with the notification provisions of this Privacy Policy. Where a change would introduce a new category of cross-border transfer that requires your consent under the GDPR or the UAE PDPL, we will seek that consent before the transfer takes place. You are encouraged to review this section periodically to remain informed about how and where your personal data is transferred in connection with your use of MakZens.

16.Data Retention Periods

256.

JXMSN LLC ("we", "us", the "Operator"), operator of the MakZens messaging service and established at PO Box 393394, Dubai, United Arab Emirates, retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, to operate the MakZens real-time translation messenger, and to comply with applicable legal, accounting, and regulatory obligations. This section sets out the retention periods applicable to the categories of personal data we Process, together with the criteria used to determine those periods where a fixed duration cannot reasonably be specified in advance. Where the retention periods stated below conflict with a mandatory retention or erasure obligation under the laws of the Emirate of Dubai, the United Arab Emirates, or the EU General Data Protection Regulation, the mandatory obligation shall prevail.

257.

Account registration data, including your account identifier, display name, chosen credentials, device registration records, and multi-device pairing information generated during QR-code web login, is retained for the entire lifetime of your MakZens account. Upon deletion of your account, whether initiated by you or by us, this data is erased or irreversibly anonymised within [insert number, e.g. 30] days, save for any elements that must be retained on a residual basis to evidence the closure of the account, to prevent fraud, or to satisfy a legal obligation. Backups containing such data are overwritten in the ordinary backup rotation cycle, which does not exceed [insert number, e.g. 90] days.

258.

Message content, comprising both the original text you compose and the translated text produced for cross-language delivery, is retained for the period necessary to deliver, synchronise across your linked devices, and display the message within the relevant 1:1 chat, group chat, or public or private channel. Message content transmitted to third-party artificial-intelligence and large-language-model translation providers is sent to those processors solely to perform the translation and is retained by us for message delivery and multi-device synchronisation only; we do not retain translation results beyond the retention applicable to the underlying message. Where you enable the disappearing-messages feature, the affected message content is deleted from our active systems upon expiry of the timer you set, subject only to residual removal from backups within the ordinary rotation cycle.

259.

We do not control, and are not responsible for, the retention of message text by the third-party translation processors that perform automatic real-time translation, whose retention practices are governed by their own agreements and privacy terms. We contractually require such processors, so far as is reasonably practicable, to Process transmitted message text only to render the translation and not to retain it for training, profiling, or unrelated purposes beyond the period strictly necessary to return the translated output. Details of the current translation processors and the safeguards applicable to international transfers are available on request at privacy@makzens.app.

260.

Media and attachments, including voice messages, photographs, files, and shared location data, are retained for the duration necessary to deliver and display the relevant content within the applicable conversation and to permit synchronisation to your devices. Content subject to a disappearing-messages timer is removed from active storage upon expiry of that timer. All such media is otherwise erased upon deletion of the associated message or account, subject to residual removal from backups within the ordinary backup rotation cycle.

261.

Metadata relating to voice and video calls, message reactions, replies, edits, and message deep links is retained for the period necessary to provide the corresponding feature and to maintain the integrity of the conversation history. We do not retain the content of voice or video calls, which are transmitted for real-time communication and are not recorded by us. Records evidencing the editing or deletion of a message are retained only to the minimum extent required to synchronise the current state of the conversation across devices.

262.

Contacts matching is performed by reference to hashed representations of email addresses; we retain the hashed values, and not the underlying plaintext email addresses of your contacts, for the purpose of identifying which of your contacts also use MakZens. Hashed contact values are retained for the lifetime of the account association and are deleted when you remove the relevant contact permission, disable contacts matching, or delete your account. We do not use hashed contact data to build persistent profiles of non-users, and non-matching hashes are not retained beyond the matching operation.

263.

Push-notification data is retained only to the extent necessary to deliver notifications to your registered devices. Push payloads dispatched through third-party push-delivery infrastructure carry only the sender identifier and a generic placeholder rather than the substance of any message, and the notification content is retrieved on-device after delivery; we therefore do not retain message content within push infrastructure. Device push tokens are retained for the lifetime of the device registration and are purged upon deregistration of the device, revocation of notification permission, or deletion of the account.

264.

Payment and transaction records relating to optional MakZens Premium plans, whether one-time purchases or subscriptions, are retained for the period required by applicable tax, accounting, and anti-money-laundering laws of the United Arab Emirates, which is ordinarily [insert number, e.g. 5] years from the end of the relevant financial period. Payments are settled in USDC stablecoin on the Solana or BSC networks and are processed by NowPayments, a third-party payment processor; we retain only the transaction references, plan entitlement records, and confirmations necessary to evidence and provision your purchase. We do not custody cryptocurrency, do not operate a wallet, exchange, investment, or financial-advisory service, and accordingly retain no wallet keys or crypto balances.

265.

Personal data Processed by NowPayments in connection with the settlement of a payment is retained in accordance with that processor's own retention policy and the legal obligations to which it is subject as an independent controller or processor of that data. On-chain transaction records recorded on the Solana or BSC blockchains are inherently public and immutable and are neither controlled nor erasable by us. We retain on our systems only the minimum off-chain records required to link a completed payment to the corresponding MakZens entitlement.

266.

Records relating to the alternative premium unlock by verification of a third-party "JokerX" NFT are retained only to the extent necessary to evidence a valid entitlement. Because verification is performed by a server-to-server check together with a one-time confirmation code, and no wallet is connected within the application, we retain the confirmation-code status and the resulting entitlement record rather than any wallet address or private key. Such records are retained for the duration of the entitlement and for the accounting-retention period thereafter, after which they are erased or anonymised.

267.

Data relating to the referral programme, including your personal referral link, referral attributions, and records of qualifying events, is retained for the period necessary to administer participation and to substantiate commissions. Because commissions are settled by the third-party JokerX system, the calculation and payment of commissions, and the retention of associated settlement data, are governed by that system's own terms and retention practices. We retain referral records on our systems for the duration of your participation and for the applicable accounting-retention period thereafter.

268.

Data associated with the distribution of the MakZens Android application by direct APK download from our website, and with the installable iPhone and iPad web application (PWA) and browser web client, including download, installation-diagnostic, and application-version records where collected, is retained only for so long as is necessary to support delivery, security, and update integrity. Diagnostic and crash-related logs are retained for a period not exceeding [insert number, e.g. 90] days unless a longer period is required to investigate a specific security or stability incident. Because this distribution path does not operate through the Apple App Store or Google Play, no store-mediated retention obligations apply to it.

269.

Server, security, and audit logs, including connection records, IP addresses, and device information collected for the purposes of securing the service, preventing abuse, and diagnosing faults, are retained for a period not exceeding [insert number, e.g. 12] months, save where a longer period is necessary and proportionate to investigate, establish, exercise, or defend a legal claim or to respond to a security incident. Such logs are Processed on the basis of our legitimate interests under the GDPR and the corresponding lawful bases under the UAE Personal Data Protection Law, Federal Decree-Law No. 45 of 2021. Upon expiry of the applicable period, logs are deleted or aggregated into non-identifying statistics.

270.

Records of your privacy choices, consents, and objections, including consent to contacts matching, notifications, and any optional Processing, together with records of requests made under the GDPR or the UAE Personal Data Protection Law and our responses to them, are retained for the period necessary to demonstrate our compliance and ordinarily for [insert number, e.g. 3] years following the resolution of the relevant matter. This retention serves our accountability obligations and enables us to evidence the lawful basis on which data was Processed. Such records are retained even where the underlying account has been deleted, to the minimum extent required for that accountability purpose.

271.

Notwithstanding the retention periods stated above, we may retain personal data for a longer period where retention is necessary to comply with a legal, regulatory, tax, or accounting obligation, to give effect to a lawful order or request of a competent authority of the Emirate of Dubai or the United Arab Emirates, or to establish, exercise, or defend legal claims under the governing law of Dubai, United Arab Emirates. Where data is retained solely for such purposes, it is restricted so that it is Processed only for those purposes and is not used for the ordinary operation of the MakZens service. Once the relevant obligation or limitation period has lapsed, the data is erased or irreversibly anonymised.

272.

Where personal data is no longer required for any of the purposes set out in this policy, and no legal basis for its further retention subsists, we will erase it or render it irreversibly anonymous such that it can no longer be attributed to you. Residual copies persisting in encrypted backups are not restored to active use and are overwritten in the ordinary backup rotation cycle, which does not exceed [insert number, e.g. 90] days. You may exercise your rights of erasure and to obtain information about applicable retention periods, subject to the conditions of the GDPR and the UAE Personal Data Protection Law, by contacting us at privacy@makzens.app or JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates.

17.Information Security Measures

273.

MakZens, operated by JXMSN LLC (PO Box 393394, Dubai, United Arab Emirates), implements technical and organisational measures appropriate to the risk presented by the processing of your personal data, in accordance with Article 32 of the EU General Data Protection Regulation (GDPR) and Article 20 of UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). These measures take into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing carried out through our messaging service. Because our platform transmits message content to third-party artificial-intelligence translation providers, our security programme extends beyond our own systems to the contractual and technical safeguards imposed on those processors.

274.

All communications between your device and our servers, and between our servers and our sub-processors, are protected in transit by industry-standard Transport Layer Security (TLS 1.2 or higher). This encryption in transit applies uniformly across our distribution channels, including the Android application installed from the direct APK download on our website, the installable iPhone and iPad web application (PWA), and the browser-based web client. You should be aware that, because MakZens performs automatic real-time translation, message text is decrypted on our infrastructure so that it can be forwarded to the relevant translation processor; our service is therefore not end-to-end encrypted for translated content.

275.

We wish to be transparent about the principal data flow that shapes our security model: to deliver cross-language messaging, the original text of your messages is transmitted over encrypted channels to third-party AI and large-language-model translation providers, which return the translated text. We select translation processors that are contractually bound by written data-processing agreements requiring confidentiality, security controls, and restrictions on the retention and secondary use of message content. We instruct these processors to process message text solely for the purpose of translation and not to use it to train their models where such use can be contractually excluded, though we cannot unilaterally guarantee the internal security posture of any independent provider.

276.

Personal data at rest on our servers, including original and translated message text, account records, contact-matching data, and media files such as voice messages, photos, shared files and location data, is stored on infrastructure protected by access controls and, where appropriate, encryption at rest. Media and file attachments shared through 1:1 chats, group chats and public or private channels are stored in access-restricted object storage, and links to such content are issued in a manner intended to prevent unauthorised enumeration or access. Disappearing-message content is subject to automated deletion routines consistent with the retention parameters you or the relevant channel administrator select.

277.

Contacts matching is designed with a privacy-protective architecture: rather than storing your address book in clear form, contact identifiers such as email addresses are processed as cryptographic hashes for the purpose of discovering which of your contacts already use MakZens. This hashing measure is intended to reduce the exposure of the personal data of individuals who are not our users and to limit the usefulness of any compromised dataset. We apply access restrictions to the resulting matching data and retain it only as long as necessary to provide the contact-discovery feature.

278.

Push notifications are engineered to minimise the disclosure of message content to intermediary push-delivery networks. The push payload transmitted through platform push services carries only the sender identifier and a generic placeholder rather than the substance of your message, with the actual message text retrieved on-device over an authenticated, encrypted connection after the notification is received. This measure is intended to prevent sensitive conversation content from being exposed to third-party push infrastructure or persisting in notification logs outside our control.

279.

Payments for optional premium plans, whether one-time purchases or subscriptions, are processed by NowPayments, a third-party payment processor, and are settled in USDC stablecoin on the Solana or BSC networks. JXMSN LLC does not custody cryptocurrency, does not operate a wallet, exchange, investment or financial-advisory service, and does not store your private keys or full wallet credentials on our systems. Sensitive payment and blockchain-transaction handling occurs within NowPayments' environment under its own security controls and privacy terms, and we receive only the transaction confirmation data necessary to activate your premium entitlement.

280.

The alternative premium-unlock mechanism, based on verification of a third-party JokerX NFT, is implemented as a server-to-server check combined with a one-time confirmation code, and expressly does not require you to connect a cryptocurrency wallet within the MakZens application. This design deliberately avoids exposing wallet-connection surfaces and associated key material to our client software. Data exchanged with the JokerX system for entitlement verification is limited to what is necessary to confirm eligibility and is transmitted over authenticated, encrypted server-to-server channels.

281.

Our referral programme, under which partners share a personal link and commissions are settled by the third-party JokerX system, is supported by measures that segregate referral-tracking data from the content of your communications. Referral attribution and commission settlement data are shared with JokerX only to the extent necessary to operate the programme, under arrangements addressing confidentiality and data protection. We do not disclose message content, contact-matching data, or media to the referral or commission-settlement infrastructure.

282.

We enforce access controls on the principle of least privilege, granting personnel access to personal data only where necessary for their defined roles, such as service operation, support and security administration. Access to production systems requires individual authentication, and we maintain measures intended to support accountability and traceability of administrative actions on systems that process your data. Personnel with access to personal data are bound by confidentiality obligations that survive the termination of their engagement.

283.

Multi-device access, including web login by scanning a QR code, is protected by session-authentication measures designed to bind each device to your account and to allow linked sessions to be reviewed and revoked. We implement controls intended to detect and limit unauthorised session establishment, and we recommend that you review and remove devices you no longer use or recognise. Deep links to messages are issued in a manner designed to require an authenticated and authorised session before the underlying content is rendered.

284.

Voice and video calls and voice messages are handled with transport-layer protections appropriate to real-time and stored media, and signalling and media transport are secured against interception on the paths under our control. Where real-time media is relayed through our infrastructure, we apply the same access-restriction and confidentiality principles that govern other message content. We do not use the content of your calls or voice messages for any purpose other than delivering the requested communication service and, where applicable, features you activate.

285.

We operate measures to preserve the availability, integrity and resilience of the MakZens service, including backup procedures for account and message data and processes intended to restore access to personal data in a timely manner following a physical or technical incident. Backups are subject to the same confidentiality and access-restriction controls as our production environment. We periodically review these continuity measures to ensure they remain appropriate to the risks associated with our processing.

286.

We maintain a process for regularly testing, assessing and evaluating the effectiveness of our technical and organisational security measures, as required by Article 32(1)(d) GDPR. This includes review of the security posture and contractual commitments of our sub-processors, in particular the third-party AI translation providers, NowPayments, and the JokerX system, and reassessment when we introduce new features or data flows. We reserve the right to add, replace or reconfigure sub-processors and will update our safeguards accordingly.

287.

In the event of a personal data breach, we maintain incident-response procedures designed to enable us to identify, contain, assess and remediate the incident. Where required by applicable law, we will notify the competent supervisory authority, which may include an EU or EEA data protection authority under the GDPR and the UAE Data Office under the PDPL, and will inform affected data subjects where the breach is likely to result in a high risk to their rights and freedoms. Notifications will be made within the timeframes prescribed by the applicable legal framework.

288.

Notwithstanding the measures described above, you acknowledge that no method of electronic transmission or storage is completely secure, and that the direct-download distribution of our Android application by APK and the installation of our iPhone and iPad web application (PWA) outside the Apple App Store and Google Play mean that platform-store review and update mechanisms do not apply to those channels. We therefore recommend that you download the application only from our official website, keep your device and operating system updated, and use device-level protections such as a screen lock and up-to-date security software. Certain aspects of your security depend on factors outside our control, and we cannot guarantee absolute security.

289.

You share responsibility for the security of your account by safeguarding your authentication credentials, promptly revoking linked or lost devices, exercising caution when adding contacts, joining channels or sharing your location, and understanding that content you send is translated by third-party processors before delivery. If you have questions about these Information Security Measures, wish to report a suspected vulnerability, or wish to exercise your rights under the GDPR or the UAE PDPL, you may contact us at privacy@makzens.app or by writing to JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates. Any dispute concerning these measures is governed by the laws of Dubai, United Arab Emirates, without prejudice to any mandatory data-subject protections available to you under the GDPR or the PDPL.

18.Your Rights, Children, Automated Decisions, Changes and Contact

290.

Where you are located in the European Union or European Economic Area, you have the rights afforded by the General Data Protection Regulation (GDPR), namely the right of access to your personal data, the right to rectification of inaccurate data, the right to erasure, the right to restriction of processing, the right to data portability, and the right to object to processing carried out on the basis of our legitimate interests. Because MakZens transmits your message text to third-party AI and large-language-model translation processors to perform real-time translation, a request for erasure or restriction may require us to disable translation for your account or delete stored original and translated message content; we will explain any such practical consequence when you exercise the right. To exercise any of these rights, please contact us at privacy@makzens.app, and we will respond within the statutory period of one month, subject to any permitted extension.

291.

Where you are located in the United Arab Emirates, you have the rights granted under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), including the right to obtain information about the processing of your personal data, the right to request correction or erasure, the right to restrict or object to processing, the right to request the cessation of automated processing, and the right to data portability, in each case subject to the conditions and exemptions set out in that Law and any implementing regulations. We will honour these rights in a manner consistent with the requirements of the UAE Data Office, and where the same underlying data flow is also subject to the GDPR we will apply the standard most protective of you. Requests under the PDPL may be submitted to the same contact point identified in this section.

292.

The right of access entitles you to obtain confirmation of whether we process your personal data and, where we do, a copy of that data together with information about the purposes of processing, the categories of data concerned, the recipients (including our translation, push-notification, and payment processors), and the retention periods applied. Given the volume of data associated with 1:1 chats, group chats, channels, voice messages, and file sharing, we may ask you to specify the accounts, conversations, or date ranges relevant to your request so that we can locate the information efficiently. The first copy is provided free of charge, and we may charge a reasonable fee based on administrative costs for any further copies or for manifestly unfounded or excessive requests.

293.

Because contacts matching is performed using irreversible hashes of email addresses rather than the addresses themselves, and because certain identifiers are pseudonymised or derived, there may be data we hold that we cannot, without disproportionate effort, link back to you as an identified individual. Where we are unable to identify you from the information we hold, we may be unable to act on a rights request unless you provide additional information enabling your identification, and we are not obliged to acquire or retain extra data solely to enable such identification. We will inform you if this is the case and will give you the opportunity to supply supplementary information to support your request.

294.

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable law. Users in the EU or EEA may complain to the data protection authority of their habitual residence, place of work, or the place of the alleged infringement, and users in the United Arab Emirates may raise concerns with the UAE Data Office. We ask that you contact us first at privacy@makzens.app so that we may attempt to resolve your concern directly, although this is not a precondition to approaching a supervisory authority.

295.

Where our processing of your personal data is based on your consent, such as any consent given for optional push notifications, location sharing, or specific marketing communications, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal, and it does not affect processing that we carry out on a legal basis other than consent, such as the performance of our contract with you or our legitimate interests. You may withdraw consent through the relevant in-app settings, your device operating-system permissions, or by contacting us.

296.

You may object at any time, on grounds relating to your particular situation, to processing that we base on our legitimate interests, and where you do so we will cease that processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defence of legal claims. Where we process personal data for direct marketing purposes, you have an absolute right to object, and upon receipt of such an objection we will stop processing your data for those purposes without exception. Objections may be submitted to the contact address set out in this section.

297.

MakZens is not directed to children, and we do not knowingly permit registration or use by any person under the age of sixteen, or such higher minimum age as may be required by the law of your country of residence. If you are a parent or guardian and believe that a child has provided personal data to us or used the service, including through the Android APK download, the installable web app for iPhone and iPad, or the browser web client, please contact us at privacy@makzens.app so that we can investigate and, where appropriate, delete the relevant account and associated data. We will delete personal data that we discover has been collected from a child without the requisite consent as soon as reasonably practicable.

298.

Real-time translation of your messages by third-party AI and large-language-model providers involves automated processing of the content you send; however, this processing is a technical language-conversion function and does not produce legal effects concerning you or similarly significantly affect you, and it is not used to make automated decisions about your rights, eligibility, or standing. We do not carry out automated decision-making, including profiling, that produces legal or similarly significant effects on you within the meaning of Article 22 of the GDPR or the corresponding provisions of the UAE PDPL. Should we introduce any such automated decision-making in the future, we will inform you in advance, identify the logic involved and the significance and envisaged consequences, and provide you with the safeguards required by law, including the right to obtain human intervention and to contest the decision.

299.

Automated systems are used to fight abuse, spam, and fraud and to enforce our terms, and to check eligibility for premium unlocks, including the server-to-server verification of a third-party JokerX NFT and the validation of a one-time confirmation code. These checks are limited to determining feature access and account integrity and do not evaluate your personal characteristics in a manner producing legal or similarly significant effects, and material enforcement decisions such as account suspension are subject to human review upon your request. You may contact us to seek human review of any eligibility or enforcement outcome that you believe to be incorrect.

300.

Where you unlock premium features by payment, the payment itself is processed by NowPayments as an independent third-party payment processor, and settlement occurs in USDC stablecoin on the Solana or BSC networks. We do not custody cryptocurrency, we do not operate a wallet, exchange, investment, or financial-advisory service, and we do not control the information you provide directly to NowPayments; the processing of that data is governed by NowPayments' own privacy terms. Any rights you wish to exercise in respect of data held by NowPayments, or in respect of on-chain transaction data that is inherently public and outside our control, may need to be directed to that processor or are subject to the technical limitations of the relevant blockchain.

301.

If you participate in the referral programme, the personal data associated with your unique referral link, the attribution of referred sign-ups, and the calculation and settlement of commissions are handled in conjunction with the third-party JokerX system, which acts as an independent controller or processor in respect of the referral and commission data it maintains. Rights requests concerning referral tracking or commission records held within the JokerX system may therefore need to be addressed to that operator, and we will assist by providing you with the relevant contact route where we are able to do so. We will honour any request in respect of the referral data that we ourselves hold within MakZens.

302.

Push notifications delivered to your device carry only the identity of the sender together with a generic placeholder in place of the message content, and the actual text is retrieved and translated on your device after delivery so that message content is not exposed within the notification payload transmitted through the operating-system push infrastructure. This privacy-preserving design means that certain content is never transmitted to Apple Push Notification service or the Android push infrastructure, and consequently the exercise of rights in respect of notification content is directed to the on-device data and to our servers rather than to those third-party push transport providers. You may disable push notifications at any time through your device settings without affecting your ability to use the service.

303.

We will retain your personal data only for as long as necessary to provide the service, to comply with our legal obligations, to resolve disputes, and to enforce our agreements, after which we will delete or anonymise it in accordance with our retention practices; features such as disappearing messages cause the relevant content to be removed automatically after the interval you select. When you delete your account, we will delete or de-identify the personal data associated with it within a reasonable period, subject to residual copies that may persist temporarily in secure backups and to any data that we are required by law to retain. Data that has already been transmitted to and processed by third-party translation providers is subject to those providers' retention and deletion practices as described in the data-flows section of this Policy.

304.

We may update this Privacy Policy from time to time to reflect changes in our features, our processors, or applicable law, including changes to the AI translation providers we engage, the introduction of new communication features, or amendments required by the GDPR or the UAE PDPL. Where a change is material, we will provide advance notice through the app, by an in-app banner or message, or by other appropriate means, and where the change requires your consent under applicable law we will obtain it before the change takes effect. The date of the most recent revision will be indicated at the top of this Policy, and your continued use of MakZens after a non-consent-based change takes effect constitutes your acknowledgement of the updated Policy.

305.

This Privacy Policy and any dispute or claim arising out of or in connection with it, its subject matter, or its formation are governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates, and are subject to the exclusive jurisdiction of the competent courts of Dubai, without prejudice to any mandatory data-protection rights or remedies available to you under the law of your country of habitual residence. Nothing in this section deprives you, where you are a consumer resident in the EU or EEA, of the protection of mandatory provisions of the law of your place of residence. Where any provision of this Policy is found to be unenforceable, the remaining provisions shall continue in full force and effect.

306.

The controller responsible for the processing of your personal data described in this Policy is JXMSN LLC, PO Box 393394, Dubai, United Arab Emirates [insert commercial registration number]. For any question about this Policy, to exercise your rights under the GDPR or the UAE PDPL, or to contact our data protection point of contact, please write to us at privacy@makzens.app or by post at the address above, and where required by applicable law our EU representative may be reached at [insert EU representative contact]. We will acknowledge and respond to your request within the timeframes prescribed by the applicable law, and we may take reasonable steps to verify your identity before acting on a request in order to protect the security of your account and data.

© 2026 MakZensHome · Legal Notice · Terms