Privacy Policy

1. Who this applies to

This policy applies to anyone who visits our marketing site, signs up for an account on the JustInternetAI Platform, or uses a vertical SaaS application operated by JustInternetAI under a platform-managed brand. Each vertical may publish its own additional notices for data unique to that vertical's workflow; those notices supplement, but do not replace, this policy.

2. Information we collect

We collect the following categories of information:

• Account data. When you sign up, we collect your name, email address, and (for business accounts) your organization name. Authentication is handled by WorkOS; we receive a verified user identifier and your basic profile.
• OAuth tokens for third-party integrations. When you connect a Google or Microsoft account to enable features like calendar, file, or email integrations, we store refresh tokens in an encrypted Token Vault. We use these tokens exclusively to perform the actions you authorized; we do not share them with third parties or your vertical's application code (the platform vends short-lived access tokens on demand).
• Subscription & billing data. Payment card information is collected and tokenized directly by Stripe; we receive only a customer reference and subscription state. We never store full card numbers.
• Usage & analytics data. We collect product usage events (page views, feature interactions, feature flag exposure) via PostHog to understand how the service is used and to improve it.
• Error & performance data. When errors occur, we automatically capture diagnostic information (including request paths, browser metadata, and stack traces) via Sentry. Structured application logs are sent to Axiom. Uptime and incident state are tracked by Better Stack.
• Content you create. Information you enter into a vertical application (records, files, configuration) is stored in our database and, where applicable, in encrypted object storage. The exact data depends on the vertical you use; each vertical's documentation describes its specific data model.
• Communications. If you contact us, we keep a record of that communication for support purposes. Transactional emails (verification, password reset, billing notifications) are delivered via Resend.

3. How we use information

• To provide, operate, and secure the service.
• To authenticate and authorize you, including enforcing tenant and role-based access boundaries.
• To process subscription payments, send invoices, and notify you about billing-relevant events.
• To send transactional communications (verification, password reset, account changes, scheduled summaries you've opted into).
• To detect, investigate, and respond to abuse, security incidents, and outages.
• To improve the service through aggregate usage analysis.
• To comply with legal obligations.

When you use AI-powered features, your prompts and the data required to fulfill them are sent to our AI provider (currently Anthropic) under terms that prohibit training on your inputs. We do not use your data to train AI models.

4. Sub-processors we share information with

We use the following third-party services to operate the platform. Each acts as a data sub-processor under our control:

• WorkOS — identity, authentication, directory sync
• Vercel — application hosting and edge delivery
• Neon — managed PostgreSQL database
• Upstash — cache and rate-limit storage
• Cloudflare R2 — encrypted object storage
• Cloudflare — DNS and edge protection
• Inngest — background job and event processing
• Stripe — subscription billing and payments
• Resend — transactional email delivery
• PostHog — product analytics and feature flags
• Sentry — error monitoring
• Axiom — application log aggregation
• Better Stack — uptime monitoring and status page
• Anthropic — AI / large language model processing
• Google & Microsoft — only for users who connect those accounts to enable integrations; access scoped to what you authorize at consent

We do not sell your personal information. We do not share your personal information with advertisers or marketing data brokers.

5. Where information is stored

Data is stored in US-based cloud regions operated by the sub-processors listed above. Data is encrypted in transit (TLS) and at rest. Backups are encrypted and retained on a 30-day rolling window.

6. Retention

• Active accounts. Data is retained while your account is active and as needed to provide the service.
• Account closure. When you delete your account or cancel your subscription, we soft-delete your data for 30 days, then purge it. During the 30-day window, you may restore or export your data.
• Audit logs. Security-relevant events (logins, permission changes, admin actions) are retained for one year.
• Backups. Encrypted database backups are retained on a 30-day rolling window.
• Vertical-specific retention. Individual verticals may declare longer retention windows when required for compliance (e.g., regulated industries). Each vertical discloses its retention policy where relevant.

7. Your rights

You can, at any time:

• Access & export your data through your account settings.
• Correct account information directly in your profile.
• Delete your account from account settings; this initiates the 30-day soft-delete window.
• Disconnect integrations at any time from your account's integrations page; we revoke the corresponding OAuth tokens.
• Opt out of non-essential analytics where the law requires (e.g., GDPR jurisdictions). Contact us to exercise this right.
• Contact us with questions or complaints at justin@justinternetai.com.

8. Cookies and similar technologies

We use cookies and similar technologies for two purposes:

• Authentication. Session cookies keep you signed in. These are essential to the service.
• Analytics. PostHog uses cookies and local storage to identify return visits and aggregate usage. Where required by law, we will surface a consent banner.

9. Children's privacy

The JustInternetAI Platform is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will delete it.

10. International users

JustInternetAI is operated from the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction.

11. Security

We use industry-standard practices to protect your data, including encryption in transit and at rest, encrypted secret storage, audit logging of administrative actions, role-based access controls, and tenant isolation enforced at the database level. No system is perfectly secure; if you discover a vulnerability, please report it to justin@justinternetai.com.

12. Changes to this policy

We may update this policy from time to time. For material changes, we will notify you in the application or by email before the changes take effect. The “Effective” date at the top of this page reflects the most recent revision.

13. Contact us

JustInternetAI
9237 NE 25th St
Bellevue, WA 98004
United States
justin@justinternetai.com