Privacy Policy

Account data: email, authentication identifiers, profile settings, subscription plan, and preferences (theme, voice, notifications).

Usage data: commands, AI requests, agent runs, approval decisions, audit logs, feature usage counts against plan allowances, and technical logs (IP address, device/browser type, timestamps).

Business data you provide or sync: CRM leads and clients, inbox threads, tasks, files, knowledge documents, reports, marketplace agent configurations, and marketing or analytics inputs.

Integration data: OAuth tokens, API keys (stored encrypted or masked), webhook payloads, and metadata from connected services (e.g., calendar events, messages, social metrics, payment notifications).

Voice data: when you use voice features, audio may be processed by speech services to produce text commands; we do not use voice to identify you beyond operating the feature.

Provide, secure, and improve the Service—including AI responses, agent automations, dashboards, and integrations.

Enforce plan limits, prevent abuse, troubleshoot errors, and comply with law.

Communicate about account, billing, security, and product updates.

Generate aggregated or de-identified analytics to understand feature adoption.

Prompts, business context, and retrieved documents may be sent to AI providers (e.g., OpenAI, Anthropic) to generate outputs. Those providers process data under their terms and data processing terms where applicable.

Autonomous agents may automatically read, classify, draft, or propose actions on your data according to your settings. You can require manual approval for sensitive actions where the Service supports it.

Do not submit special-category personal data (e.g., health, biometric, children's data) unless you have a lawful basis and appropriate safeguards.

When you connect Gmail, Google Calendar, Meta, WhatsApp, Telegram, Stripe, PayPal, Wise, Slack, TikTok, YouTube, browser automation, or other integrations, we access only the data needed for the features you enable.

Connected providers may process data in their own infrastructure. Review their privacy policies. Disconnecting removes future access but may not erase copies already stored with us until you delete them or your account.

If you enable Playwright, Browserless, or Stagehand integrations, URLs and page content you direct the Service to access may be transmitted to those vendors or model providers for scraping or automation. Use only on sites you are authorized to access.

Service providers: hosting (e.g., Supabase), AI inference, email delivery, analytics, and payment processing—bound by confidentiality and data protection obligations.

Legal: when required by law, court order, or to protect rights, safety, and security.

Business transfers: in connection with merger, acquisition, or asset sale, with notice where required.

We do not sell your personal information. We do not share it for third-party advertising without your consent.

We retain information while your account is active and as needed to provide the Service, resolve disputes, enforce agreements, and meet legal obligations. You may request deletion subject to exceptions (e.g., billing records, security logs).

We use industry-standard measures including encryption in transit, access controls, row-level security in our database where configured, and masking of sensitive integration credentials in the UI. No method of transmission or storage is 100% secure.

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal information, and to withdraw consent where processing is consent-based.

You can update profile settings in the Service, disconnect integrations, and contact legal@jarvis.app for privacy requests. We will respond within timeframes required by applicable law (e.g., GDPR, UK GDPR, CCPA/CPRA where applicable).

California residents: we do not sell personal information. You may designate an authorized agent for requests as permitted by law.

We and our subprocessors may process data in the United States and other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

The Service is not directed to children under 18. We do not knowingly collect personal information from children. Contact us to request deletion if you believe we have collected such data.

We may update this Privacy Policy. The "Last updated" date will change, and material updates will be communicated through the Service or email where appropriate.

Privacy and data requests: legal@jarvis.app. Product support: support@hi-jarvis.com. Last updated: June 1, 2026.