1. Who We Are
Goji.my is operated by Goji Solution Pvt. Ltd., a company incorporated in Kathmandu, Nepal. We run an independent AI & SaaS tools marketplace that aggregates, curates, and distributes software listings to businesses and individuals worldwide.
We are the data controller for personal data collected through Goji.my. Our contact details are at the end of this policy.
2. Data We Collect
We collect data in the following ways:
Data you provide directly:
- Account registration: name, email address, password (hashed), country, phone number, and optional profile photo
- Vendor listings: company details, tool information, billing contact
- Contact and support forms: name, email, message content, selected topic
- Newsletter sign-up: email address
- Review submission: name or username, star rating, written review, and the tool used
- Payment data: billing name and address, and a payment-method token handled by our payment processors — we do not store raw card numbers
Data collected automatically:
- Usage data: pages visited, tools viewed, search queries, and clicks on listings and affiliate links
- Device data: browser type, operating system, screen resolution, and language settings
- IP address: used for approximate (country/region-level) geolocation and security
- Cookies and similar technologies — see our Cookie Policy
- Referral data: the URL you arrived from and the link you clicked (for affiliate attribution)
Data from third parties:
- OAuth providers (e.g. Google, GitHub): if you use social login we receive your name, email, and profile picture from that provider
- Analytics providers: aggregated, anonymised behaviour data
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) | Retention |
|---|---|---|
| Provide and operate the marketplace | Contract performance | Duration of account |
| Authenticate your account and sessions | Contract performance | Duration of session / account |
| Send transactional emails (password reset, order & payout confirmations) | Contract performance | 90 days |
| Send newsletters and deal alerts (with consent) | Consent | Until you unsubscribe |
| Personalise tool recommendations | Legitimate interests | Duration of account |
| Track affiliate link clicks for commission attribution | Legitimate interests | 90 days |
| Operate the affiliate / referral program | Contract performance | Life of the program account |
| Analytics and platform improvement | Legitimate interests | 26 months (anonymised) |
| Fraud, bot, and abuse detection | Legitimate interests / legal obligation | 12 months |
| Comply with legal obligations | Legal obligation | As required by law |
| Respond to your enquiries and support tickets | Contract performance / legitimate interests | 3 years |
4. Legal Bases for Processing (GDPR)
If you are in the EEA, UK, or Switzerland, we rely on the following legal bases:
- Contract performance — to provide the services you signed up for
- Legitimate interests — to operate our business, detect fraud, and improve the platform, balanced against your rights
- Consent — for marketing and non-essential cookies; you may withdraw consent at any time
- Legal obligation — when processing is required to comply with applicable law
6. International Data Transfers
Goji Solution Pvt. Ltd. is based in Nepal. When we transfer data to providers outside Nepal (including the EEA, UK, or USA), we use appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) where applicable
- Adequacy decisions where they exist
- Equivalent contractual or technical mechanisms for processors in third countries
7. Data Retention
We keep personal data only as long as necessary for the purposes described. Key periods:
- Active account data: for the lifetime of your account
- Deleted account data: 30 days after a deletion request (unless longer retention is legally required)
- Analytics data: 26 months, then anonymised
- Financial & tax records: 7 years (legal requirement in most jurisdictions)
- Server access logs: 12 months
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Ask us to correct inaccurate or incomplete data |
| Erasure | Ask us to delete your data (“right to be forgotten”) |
| Restriction | Ask us to pause processing of your data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent for marketing or non-essential cookies at any time |
| Lodge complaint | Complain to your local data protection authority |
To exercise any right, email [email protected]. We respond within 30 days and may need to verify your identity first. You can also export your data from Account Settings.
Nepal users: you may exercise rights under the Individual Privacy Act, 2075 (2018) through the same contact address.
10. Children’s Privacy
Goji.my is not directed at children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.
11. Security
We use industry-standard technical and organisational measures to protect your data, including:
- TLS encryption for all data in transit
- Encryption of sensitive data at rest
- Bcrypt hashing for passwords (never stored in plaintext)
- Layered anti-bot protection on sign-up and sensitive forms
- Access controls limiting staff access on a need-to-know basis
- Regular security reviews and monitoring
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy here with a new “Last updated” date and, for significant changes, by emailing registered users. Continued use after the effective date constitutes acceptance.
Contact Us
For questions about this document, reach our team at:
[email protected]Goji Solution Pvt. Ltd. · Kathmandu, Nepal · Contact form