Skip to main content

Privacy Policy

Version 1.0
Effective 21 March 2026 ยท Updated 21 March 2026
External legal review pending. This policy has been prepared for operational publication. Attorney-grade review is a separate pending milestone. Do not treat this as final legal authority until that review is complete.

1. Who we are

JARO ("JARO", "we", "our") is an AI-powered planning and scheduling assistant operated as an independent software product. Contact: [email protected].

2. What data we collect

We collect the following data when you use JARO:

  • Conversation content: the messages you send to JARO and the responses generated
  • Account identifiers: Telegram user ID or web session token used to associate your conversations
  • Usage data: session counts, feature usage, and error logs for service operation and improvement
  • Technical data: IP address, user agent, and request metadata for security and abuse prevention

We do not collect payment card details directly. Billing, when activated, will be handled by a certified payment processor (Stripe).

3. How we use your data

  • To provide the JARO planning assistant service, including context memory across sessions
  • To improve response quality through evaluation pipelines (automated, not human review of individual conversations by default)
  • To detect and prevent abuse, fraud, and security threats
  • To communicate with you about service updates and your account

Your conversation content is processed by third-party LLM providers (Google Gemini, OpenAI) solely to generate responses. These providers are bound by their own data processing agreements.

4. Sharing and third parties

We share your data only as necessary to operate the service:

  • Google (Gemini API): conversation content sent for LLM inference
  • OpenAI (GPT API): conversation content sent for LLM inference
  • Google Cloud Platform: infrastructure, databases, and compute

We do not sell your personal data. We do not share your data with advertisers.

5. Data retention

Conversation data is retained for as long as your account is active and for a period necessary to provide context continuity. You may request deletion at any time.

Log data and usage metrics are retained for up to 90 days for operational purposes.

6. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability

To exercise your rights, contact [email protected]. We will respond within 30 days.

7. Security

We use industry-standard security measures including encryption in transit (TLS), encrypted storage, and role-based access controls. We will notify you of any data breach affecting your personal data as required by applicable law.

8. Contact us

For privacy questions or to exercise your rights: [email protected].