Log inSign up

Privacy Policy

1. Introduction

Welcome to Jots. Your privacy is important to us. This policy explains what data we collect, why we collect it, how we use it, and your rights under the GDPR.

2. Data We Collect

  • Account Information: Email and authentication details when you create an account (via Supabase Auth).
  • Journal Entries: Text content you write and store in the app.
  • Technical Data: Basic usage data like page visits and IP addresses, collected via Vercel for operational purposes.
  • Error and diagnostic Data: Collected via Sentry for reliability and debugging.

3. Legal Basis for Processing

  • Account and journal data: To provide the service (performance of a contract).
  • Analytics/technical data: Our legitimate interest to maintain and improve the app.
  • Email communications (if opted in): Your consent.

4. Cookies

We use essential cookies only:

  • Purpose: To keep you logged in and secure your session.
  • Type: Authentication session cookies via Supabase.
  • We collect usage and interaction data via PostHog to understand how the app is used and improve functionality. These are not used for advertising.

5. LLM Data Processing

  • We use OpenAI to generate text outputs. Before any LLM request, we redact direct personal identifiers. OpenAI processes this data solely to return model outputs; we do not allow LLM data to be used for advertising or user profiling within Jots.
  • Outputs do not produce legal or similarly significant effects and are intended solely for personal reflection and productivity support.

6. How We Use Your Data

  • Provide and sync your journal entries.
  • Secure your account and prevent misuse.
  • Improve the functionality and performance of Jots.

7. Data Sharing and Storage

  • Your data is stored securely using Supabase, a third-party EU-compliant provider.
  • Hosting and edge functions are managed by Vercel.
  • We do not sell or share your data with third parties for marketing or advertising.
  • Each subprocessor is contractually bound by data protection agreements consistent with GDPR.
  • Where personal data is processed outside the EU, we rely on appropriate safeguards provided by our subprocessors in accordance with GDPR, such as contractual data protection commitments.

8. Children’s Data

  • Jots is intended for a general audience and is not specifically designed for children.
  • We do not knowingly collect personal data from children.
  • If you believe that a child has provided us with personal data, please contact us so we can take appropriate action.

9. Data Breach Notification

  • In the event of a personal data breach, including breaches affecting our service providers, we will assess the risk and notify affected users and relevant supervisory authorities where required by law, without undue delay.

10. Data Retention

  • We retain your data while your account is active.
  • Logs related to system operation, LLM requests, and errors are minimized, secured, and retained only for short periods necessary for debugging, reliability, and security.
  • You can delete your account and associated data at any time.

11. Security Measures

  • Encryption of journal entries at rest and in transit.
  • Supabase Row-Level Security (RLS).
  • Secure secrets management.
  • Least-privilege access controls for internal systems.

12. Your Rights

  • Access your data.
  • Request correction or deletion.
  • Withdraw consent (where applicable).
  • File a complaint with your local data protection authority.
  • Export of your journal data in a readable format.

13. Contact

For any privacy-related questions, contact us.

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices.