jotium logo
Jotium Agent
Login

Privacy Policy

Introduction

Welcome to Jotium. We design our product with privacy and clarity in mind. This policy explains what we collect, why we collect it, how we protect it, and what choices you have. By using Jotium, you agree to the practices described here.

Summary at a Glance

  • Your data belongs to you. We do not sell your personal data.
  • You control connected integrations and can revoke access at any time.
  • Custom Instructions are stored to personalize your experience and can be edited or cleared.
  • API keys and OAuth tokens are stored encrypted at rest and used only on your behalf.
  • You can export chats and delete them at any time.

Information We Collect

  • Personal Information: Includes your name, email address, account credentials, profile photo, and any other identifiers you provide during registration or use of our services.
  • Usage Data: Information about how you interact with Jotium, such as device and browser type, IP address, access times, pages viewed, referring URLs, and diagnostic logs. We may use cookies and similar technologies to collect this data.
  • Content Data: Any content you submit, upload, or generate on Jotium, including chat history, files, documents, images, and tool usage data.
  • Third-Party Data: Information obtained from integrations you authorize, including profile data, messages, files, and activity logs, as permitted by your settings with those services.
  • Payment Information: If you make purchases, we may collect payment details via our payment processors. We do not store full credit card numbers on our servers.

What We Do Not Collect

  • We do not use your private data to train public models.
  • We do not sell, rent, or trade your personal data.
  • We do not access third party accounts unless you explicitly connect them.

How We Use Your Information

  • To provide, operate, and maintain Jotium and its features.
  • To authenticate users and manage accounts securely.
  • To personalize your experience and deliver relevant content and features.
  • To analyze usage trends, monitor performance, and improve our platform.
  • To communicate with you regarding support, updates, security alerts, and marketing (with your consent).
  • To process transactions and manage billing.
  • To enforce our Terms of Service and protect the rights, property, or safety of Jotium, our users, or others.
  • To comply with legal obligations and respond to lawful requests from authorities.

AI and Tool Usage

When you ask Jotium to perform a task that requires an external service, the system calls the relevant integration with the minimum data required to complete the task. Requests and responses for these actions may be logged for troubleshooting and product quality. You can revoke any integration at any time in Settings.

OAuth Tokens and Connected Integrations

When you connect third-party accounts (for example: Google, GitHub, Slack, X, Zoom, Airtable, ClickUp, Asana, HubSpot, LinkedIn, Supabase, etc.), we obtain OAuth tokens from those providers to act on your behalf only for the features you use. We request the minimum scopes needed and disclose scopes during the connection flow.

  • What we receive: Access tokens and, where applicable, refresh tokens. We may also receive limited profile identifiers (e.g., an ID, username, or email) to associate a connection with your account.
  • How we store tokens: Tokens are encrypted at rest in our database. Sensitive values are decrypted only within privileged backend services to fulfill actions you initiate.
  • How tokens are used: Tokens are used solely to perform tasks you request (e.g., send email, read calendars, post updates, manage files) and to maintain the connection (e.g., refreshing tokens when required by the provider). We do not use tokens for unrelated purposes.
  • Token refresh behavior: For providers that issue refresh tokens, our backend securely exchanges refresh tokens for new access tokens when needed. Some providers issue non-expiring tokens, which we reuse until you revoke access.
  • OAuth state protection: During connection, we set a short-lived, httpOnly state cookie scoped to the callback path to prevent CSRF and ensure the redirect matches your session.
  • Revocation and deletion: You can disconnect an integration anytime from your account settings. Disconnecting removes stored tokens and disables future access. You may also revoke access at the provider. Account deletion removes stored tokens subject to legal requirements.
  • Provider terms apply: Your use of a provider is subject to its own terms and privacy policy. Review scopes and permissions when authorizing access.

Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases: your consent, performance of a contract, compliance with legal obligations, and our legitimate interests (such as improving our services and ensuring security).

Security Measures for Integrations

  • Encryption in transit (TLS) and at rest for sensitive data including OAuth tokens.
  • httpOnly, same-site cookies for OAuth state and a minimal callback attack surface.
  • Strict redirect URI validation and scope minimization for least-privilege access.
  • Input validation, outbound request scoping, and monitoring for abuse.
  • Audit logging of connection events and token lifecycle operations where appropriate.

Data Sharing and Disclosure

  • Service Providers: We may share your data with trusted vendors who assist us in operating Jotium, such as cloud hosting, analytics, customer support, and payment processing. These providers are contractually obligated to protect your data and use it only for specified purposes.
  • Third-Party Integrations: Data is shared with third party services only when you explicitly authorize such integrations. You control what is shared and can revoke access at any time.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Jotium, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your data, subject to certain exceptions such as legal requirements.

Your Rights and Choices

  • Request access to, correction of, or deletion of your personal data.
  • Request data portability in a structured, machine-readable format.
  • Object to or restrict certain processing of your data.
  • Opt out of marketing communications at any time.
  • Withdraw consent for integrations or specific data uses.
  • Lodge a complaint with a data protection authority if you believe your rights have been violated.

To exercise your rights, please contact us using the information below. We may need to verify your identity before fulfilling your request.

Security

We implement strong security controls including encryption in transit and at rest, key management for API secrets, access controls, monitoring, and audits. No method of transmission or storage is perfectly secure. We work continuously to protect your data.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place such as Standard Contractual Clauses or other lawful mechanisms to protect your data when transferred internationally.

Children’s Privacy

Jotium is not intended for children under 13 or 16 where applicable. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email, in app notice, or other appropriate means. Please review this policy periodically for updates.

Contact Us

If you have questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us at support@jotium.com.