Privacy Policy

Introduction

At Jadebook, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy outlines how we collect, use, store, and protect your information when you use our services. By using Jade, you agree to the terms outlined in this Privacy Policy.

1. Information We Collect

1.1 Account Information

Email and Password: Collected during account registration via Supabase authentication.

Google Account Data: If signing in with Google, we collect read-only access to your Google profile (e.g., name and email).

1.2 Usage Analytics

We use Posthog (GDPR-compliant) to collect anonymous data such as: device information, operating system, approximate location, page views, button clicks and other interaction metrics

A cookie banner is displayed to allow users to accept or decline analytics cookies on our website.

1.3 User Content

Files: Collected when you upload files to your journal entries. Public files such as Avatars are stored publicly while files uploaded within journal entries, or goals are stored privately.

Content: Content is encrypted at rest by default unless the user opts out of encryption. If encryption is disabled, the user acknowledges that their content may be partially unencrypted.

1.4 Payment Information

Payment data and processing is handled by Stripe. We may access your email address for the purposes of processing payments and store your unique customer id for the purposes of tracking your payments.

Access Stripe's privacy policy for more details: Stripe Privacy Policy

1.5 System Logs

We collect diagnostic and performance-related data such as: IP address (used for rate-limiting during authentication), Device information, Timestamps of interactions and browser information (for client-side errors).

1.6 Cookies

Cookies for the frontend site are optional and up to the user. The cookies are only used for analytics purposes.

Within the Jadebook app, cookies are essential for: Authentication, preferences, and core service functionality. The app will not work without the use of cookies.

1.7 Emails

We use Resend to send transactional emails (e.g., magic links for account access). These emails may contain account-related information.

2. How We Use Your Information

• To provide and maintain our services
• To authenticate users securely
• To process payments for subscriptions
• To improve user experience through anonymous analytics
• To diagnose technical issues and prevent abuse
• To communicate with you about updates, security alerts, or support inquiries
• To comply with legal obligations

3. Data Storage and Security

3.1 Encryption

Key user content is encrypted at rest by default. This includes things like document content, excerpt, notes, goal logs and the AI-generated Memory feature.

Things that are not sensitive such as the document icon, cover, tags etc. are not encrypted. A user may also opt out of encryption. This only applies to the document content as it allows for better search capabilities.

We use server-side AES-256-bit encryption for everything. This means the the content is not encrypted during transit from client to server. However, the data is encrypted during transit from server to database.

3.2 Hosting

We use Vercel for hosting everything, this includes APIs and the server. Vercel also adds a firewall to protect against malicious attacks.

3.3 Authentication Security

We use Supabase for authentication, which is a secure and reliable authentication service.

3.4 Data Locations

Primary storage locations are in the EU and Singapore. Data stored in the EU will remain within the EU unless absolutely necessary; users will be notified in such rare cases.

3.5 Security Breach

Despite our best efforts to secure your data, no system is completely immune to breaches. In the event of a breach:

• All user content remains encrypted (or partially encrypted if opt-out is enabled)
• Emails, names, and authentication information are stored separately
• We will notify affected users promptly

4. Sharing Your Information

We do not share your personal information with third parties except in the following circumstances:

4.1 AI Services

We currently use the following AI providers: GROQ, OpenAI and Google.

Data shared with these platforms is governed by their respective privacy policies. Prompts sent to AI services and responses received are currently not stored by us. The exception is the storing the Memory generated by the AI.

Visit the privacy policies of our AI providers: Groq Privacy Policy, OpenAI Privacy Policy and Google Privacy Policy.

4.2 Law Enforcement Requests

If required by law enforcement:

• We may be obligated to provide requested information.
• If legally permissible, we will notify you about the request.
• We will only provide the minimum amount of information necessary.

5. User Rights

5.1 Access and Portability

You can export individual journal entries from your account but not all data we hold about you.

You may contact us to give you all the data linked to your account.

5.2 Data Deletion

Deletion begins as a "soft delete," allowing recovery for roughly 7 days.

After 7 days, we will wipe everything, including auth details, any assets or resources you've uploaded and any content you've store on our servers.

We do not however, remove the stripe information since the billing data may be required for tax or financial reasons. If you have a subscription, that will be automatically cancelled as well. You may be charged for current billing period.

Backups may persist for up to 90 days post-deletion but are inaccessible for regular use.

6. Public Content

We are not responsible for the content you choose to publicly make available. Note that doing so in inherently compromising the security of what you chose to share.

7. Minors' Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors or market our services to them.

8. Changes to This Privacy Policy

Contact Us

For questions or concerns regarding this Privacy Policy or your data rights: email jadebook.journal@gmail.com or contact us using our contact form.