Privacy Policy
Last updated: May 8, 2023
1 . Who are we and what this privacy policy applies to?
This Privacy Notice is provided by JOT AI Limited, a private limited liability company with registered office at 70 Sir John Rogerson's Quay, Dublin 2, Ireland, registered with the Company Registration Office under company number 739333 (‘JOT’, ‘we’, ‘our’, ‘us’).
JOT operates an online application that helps its users and permits them, through proprietary voice and speech recognition technology, to create, store, and share to-do lists and notes, with other users, via a messaging system internal to the application.
This Privacy Policy explains how we use personal data received from your use of our website (www.jot.ai) and the Jot App, which is a mobile phone application (the “App”) that you have downloaded from the Online Store onto your smartphone or handheld device.
In the context of our activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.
2. We know your privacy is important to you
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.
In this Privacy Policy we set forth how we collect your personal data, how and for what purposes we may use your personal data and to whom your personal data may be disclosed by us. Further, this Privacy Policy includes important information regarding your rights with respect to the processing of your personal data. Therefore, we encourage you to read this Privacy Policy very carefully.
From time to time, we may need to change this Privacy Policy. The most recent version of this Privacy Policy is available on www.jot.ai/privacy. We encourage you to regularly review this Privacy Policy. You may also ask us to send you a copy of the most recent version of this Privacy Policy.
By using our App and by sharing your personal data with us, you acknowledge that your personal data will be processed in the manner as described in this Privacy Policy.
3. Whose personal data do we collect?
In the context of our activities, we may collect personal data relating to the users of our App and third parties to the extent that their personal data is entered into the app by users of our App.
4. How do we collect personal data relating to you?
We may collect information about you directly from you when you use our App (i.e., creation of a user account, connection to and browsing on the App, interactions, storages, communications of all types carried out on or via the App, and certain app usage data).
We may also collect information about you from other users when they share with you content generated on the App.
5. What type of personal data do we collect?
We may collect and process the following personal data about you:
E-mail addresses collected on our website. If you would like to join the beta version of our App and test the App before its official launch, you can provide us with your e-mail address on our website in the Request Invite section.
User Profile information: username and photo. In order to use the App, you must beforehand create a user account by providing a username and profile picture of your choice. Your username does not have to be your real name: it can be your first name, nickname, alias, pseudonym, or however you wish to be identified on the App. Next to your name, you can choose to have a profile picture, which other users will see along with your name. Having a profile picture on the App is optional. You can modify your username and modify or remove your profile picture at any time in the App’s settings.
User Identification information: first name, last name, and e-mail address. When creating a user account, you may choose to use a third-party account (e.g., Google, Apple) to authenticate and we may collect the data shared by this third-party account.
Voice Recordings: the App is activated by voice commands. These will be stored alongside User Generated Content in a secure system operated by a third-party service provider in an encrypted form, once it has been processed by our internal data collection system, to secure it against unauthorized third-party access.
User Generated Content: when you use the App, you may generate content such as text notes, lists, images, chats and messages with other users and other documents which may contain personal data. Your content is stored in a secure system operated by a third-party service provider in an encrypted form, once it has been processed by our internal data collection system, to secure it against unauthorized third-party access.
Log Information: IP address, date and time of connection. When you use the App, we may collect and store information in server logs, such as internal protocol (IP) addresses and the date and time of connection, clickstream data.
User Support and Communication information: you may sometimes send us information or bug reports about the App via e-mail or telephone which may contain personal data. This information may include your e-mail address, first name, last name, phone number.
App Usage Data: we may collect data relating to your usage of our app, which may include personal data, such as the types of content you use or engage with, or the features that you use. This may include personal data disclosed through use of the app (including User Generated Content) in order for us to improve our product and our AI models.
Payment Information: if you pay us for access to the App, we will collect and process information relating to your financial details and your payment history in order to process those payments.
6. For what purposes do we use your personal data and on which legal ground(s) do we process your data?
We use your personal data for the following purposes, and we rely on the following legal grounds:
Purposes
Applicable legal grounds
Retention period
To join the App
Your e-mail address is processed to allow you to preview the App by joining the beta version of our App.
You will get invited to join the beta App by e-mail.
The processing of your e-mail address for this purpose is temporary until the release of the App.
Necessary for contract, i.e., to provide our services.
Retained for as long as you maintain a user account with us and for 6 months thereafter.
Creating a user account
Your User Profile, information, and/or User Identification information is processed to create your user account and enable you to use the App.
You may change your User Profile information (username and photo) at any time under the App’s settings.
Necessary for contract, i.e. to provide our services.
Retained for as long as you maintain a user account with us and for 6 months thereafter.
Processing your payments
Your Payment Information, as well as other information such as your User Profile and User Identification to the extent it is associated with that information.
Necessary for contract, i.e. to provide our services.
Retained for as long as you maintain a user account with us and for 6 months thereafter.
Improving the speech recognition technology
We will only collect your Voice Recordings in situations where the speech recognition technology did not perform the requested action.
Your consent.
You will be asked if you consent to your Voice Recordings being collected and stored by us in order to improve the speech recognition process.
Whenever a technical problem with voice recording is detected or reported, you will be asked whether you consent to the processing of your personal data by way of a pop-up window with a checkbox to collect your consent.
You have the right to withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal of such consent). You may do so by either removing the consent in the App’s settings or rejecting the data collection for failed voice commands.
3 Months
Enabling you to use our services
The User Generated Content in messages/chat is encrypted to enable you to use the App, e.g., to save, store, and share your text messages. The User Generated Content in cards, lists & notes are stored in our databases.
Necessary for contract, i.e., to provide our services.
Retained for as long as you maintain a user account with us. Chat history is end to end encrypted.
AI Agent
The User Generated Content, relevant to a request, in documents (e.g. lists and notes), and messages will be used to understand user request, suggest actions within the App, and generate content.
We need your consent to use the AI Agent to execute your request. The Agent will suggest actions within the app (e.g. creating or modifying Cards and Blocks, or sending messages) and generating content. Only by engaging the Agent via touch or voice UI in the App will you be able to share data with OpenAI.
Needed for understanding natural language requests and enriching user content with AI generated content.
You have the right to withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal of such consent).
Retained in accordance with the OpenAI Privacy Policy, available at https://openai.com/policies/
Providing user support
In order to process a request for support submitted by you, we may process your personal data.
Necessary for contract.
6 Months
To improve our app and AI models
Details regarding your usage of our app (including User Generated Content and Voice Recordings) will be used to improve and enhance our proprietary AI models.
We need your consent to use your usage data (which may include personal data) in this way. A button or toggle will appear on your app once allowing you to consent to us using your data in this way.
This is needed to further enrich user content with better AI suggestions in the future and to improve our app.
Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal of such consent.
6 Months
7. With whom do we share your personal data?
In the context of the purposes as listed above, we may share your personal data with third parties, such as:
Framer – e-mail addresses and only necessary cookies collected on the website for joining the beta version of the App
TestFlight – e-mail addresses collected on the website for joining the beta version of the App
Auth0 – user authentication provider
Apple, Google – third-party identity providers
Cloudflare – DNS
Linode – cloud hosting
Grafana Cloud – logs
TelemetryDesk – metrics
Personio - Applicant Tracking System as part of our careers page
OpenAI - Natural language requests and User Generated Content relevant to the request. For details visit https://openai.com/policies/terms-of-use
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal of such consent.
8. International Transfers
We may, from time to time, send personal data to recipients based in countries located outside of the European Economic Area (“EEA”). As certain countries are not within the EEA, this may mean that such countries are not deemed to provide an adequate level of protection for personal information. To ensure that personal data receives an adequate level of protection we will put in place for any international transfers appropriate measures, as provided for under data protection laws, in order to ensure that personal data is treated by those third parties in a way that is consistent with and which respects EU data protection laws.
In particular, the Company will transfer the categories of personal data outlined above to the United States based upon the standard contractual clauses published by the EU Commission on 4 June 2021 under Article 46 of the GDPR for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the GDPR) to controllers or processors established outside the EU/EEA. For a copy of this document, please contact us at the email address provided below.
9. How long do we store your data?
Your data will only be stored for as long as necessary for the purposes we process them (refer to the purposes listed above in paragraph 6). Only where we are legally obliged to, or where this is necessary for defending our interests in judicial proceedings (e.g., in case of a dispute), we will store personal data for more extended periods.
After you request to delete your user account, all your data will be deleted within one month unless it is required by law.
We will retain and securely destroy personal data in accordance with applicable laws and regulations, which are reflected in our internal record retention policy. For further information on the length of time in which we may retain personal data, please contact us using the details contained below in the ‘Contact' section below.
10. How do we protect your personal data?
We will implement the necessary administrative, technical, and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed.
More specifically, we encrypt user generated data that is shared with us, we explicitly do not store any personal information on our databases with exception of the User Profile information which is stored on our server in an encrypted form.
11. What are your rights and how you can exercise them?
You have the right to:
information about and access to your personal data;
rectify your personal data;
erasure of your personal data (‘right to be forgotten’);
restriction of processing of your personal data;
object to the processing of your personal data;
receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization (right to data portability).
Finally, you have the right to lodge a complaint with the Irish Data Protection Commission, or any other competent national data protection authority, relating to the processing of your personal data by us. The Data Protection Commission's contact details are as follows:
Telephone: 1890 252 231
Email: [email protected]
Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
12. Contact
If you have any questions, comments or complaints in relation to this Privacy Policy or the processing of your personal data by us, please feel free to contact us at: [email protected].