Privacy Policy

Last Updated: January 2025

Jam AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, web application, and services (collectively, the "Service").

Important note: Depending on how you use the Service, we may act as a data controller (e.g., for account, billing, and website analytics) and/or as a data processor (e.g., when we host and process content you upload or create in projects).

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your email address, display name, and profile photo (if provided).
• Authentication Data: We use Firebase Authentication, which may collect authentication credentials and tokens.
• Content: We store the content you create in the Service, including project metadata, nodes, and messages you enter into chat features. We also store files you upload (such as PDFs and images) and related metadata (such as filenames and storage paths).
• Payment Information: When you subscribe to a paid plan, payment information is processed by Stripe. We do not store your full payment card details on our servers.
• Communication: If you contact us for support, we collect your contact information and the content of your communications.

1.2 Automatically Collected Information

• Usage Data: We collect information about how you use the Service, including the number of nodes created, AI messages sent, credits used, and other usage statistics.
• Device Information: We may collect information about your device, browser type, operating system, and IP address.
• Log Data: Our servers automatically record information when you access the Service, including timestamps, access times, and error logs.
• Analytics: If enabled, we use Google Analytics (GA4) to collect information about your use of the Service, such as page views and interactions. In the EU/UK, we intend to request consent before setting non-essential analytics cookies.

1.3 AI-Generated Content

• When you interact with AI features, we store your prompts/queries and AI responses as part of your project and message history.
• When you upload PDFs for AI features, we store the PDF in Firebase Storage and may send the PDF (or a reference to it) to Google Gemini for processing (for example, indexing and searching within your documents).
• We do not sell your content. We do not use your private project content to train our own models. Third-party AI providers may process your inputs to provide the Service and may use them as described in their policies and contractual terms.

2. Legal Bases for Processing (EEA/UK)

Where GDPR/UK GDPR applies, we rely on the following legal bases, depending on context:

• Contract: To provide the Service you request (e.g., account access, project storage, AI features).
• Legitimate Interests: To secure, maintain, and improve the Service (e.g., preventing abuse, debugging, measuring performance). We balance these interests against your rights.
• Consent: Where required for non-essential cookies/analytics in the EU/UK (and any other cases where consent is required by law).
• Legal Obligation: To comply with applicable laws (e.g., tax/accounting obligations for billing records, responding to lawful requests).

3. How We Use Your Information

• To provide, maintain, and improve the Service
• To process your subscriptions and manage your account
• To communicate with you about your account, updates, and support requests
• To personalize your experience and provide AI-powered features
• To monitor and analyze usage patterns and trends
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our terms

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

• Firebase (Google): We use Firebase for authentication, data storage, and hosting. Your data is stored in Firebase according to Google's privacy practices.
• Stripe: We use Stripe to process payments. Payment information is handled by Stripe according to their privacy policy.
• Google Gemini: We use Google's Gemini services to provide AI features, including processing prompts and (when you choose to use these features) processing files such as PDFs for tasks like indexing and search.
• Google Analytics: If enabled, we use Google Analytics to understand how users interact with our Service.
• Resend: We may use Resend for transactional email delivery (for example, account-related messages).

4.2 Legal Requirements

• We may disclose your information if required by law, court order, or government regulation
• We may share information to protect our rights, property, or safety, or that of our users
• We may disclose information in connection with a business transfer, merger, or acquisition

4.3 With Your Consent

We may share your information with your explicit consent or at your direction.

5. Data Storage and Security

• Your data is stored securely using Firebase, which employs industry-standard security measures
• We use encryption in transit (HTTPS) and at rest for sensitive data
• Access to your data is restricted to authorized personnel and systems
• While we implement reasonable security measures, no method of transmission over the internet is 100% secure
• You are responsible for maintaining the confidentiality of your account credentials

6. Your Rights and Choices

• Access: You may request access to the personal data we hold about you.
• Correction: You can update certain account information through your settings, and you may request corrections for other data.
• Deletion: You can request deletion of your account and associated data via the Service (where available) or by contacting us.
• Objection/Restriction: Where applicable, you may object to or request restriction of certain processing.
• Withdrawal of consent: Where we rely on consent (e.g., analytics cookies in the EU/UK), you can withdraw consent at any time by changing your preferences.

7. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

8. International Data Transfers

Your information may be processed in countries other than your country of residence (for example, where our service providers operate). Where required, we rely on appropriate safeguards for international transfers (such as standard contractual clauses and other lawful transfer mechanisms).

9. Data Retention

• We retain your account information and content for as long as your account is active
• If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes
• Some information may remain in backup systems for a limited period after deletion

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

11. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to delete your personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

• The right to access your personal data
• The right to rectify inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• The right to withdraw consent at any time

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@usejamai.com
Website: www.usejamai.com