Privacy Policy

1. About this policy

This policy explains what personal information Jalees ("we", "us") collects when you use the Jalees website and application (the "Service"), how we use that information, who we share it with, and the choices and rights you have.

Jalees is the controller of personal information processed through the Service. Where we use third-party providers to process information on our behalf, they act as processors and are listed in section 5.

2. Information we collect

We collect the following categories of information:

2.1 Account information

• Your email address.
• If you sign up with a password: a salted Argon2id hash of your password. We never store your password in clear text and cannot recover it for you.
• If you sign in with Google: your Google account identifier (the OAuth "sub" claim), your email address as reported by Google, and your display name and avatar URL if you provide them.
• An optional display name.

2.2 Content you upload and create

• Files you upload (typically PDFs of books or other study materials), their original filenames, MIME types, and sizes.
• The Markdown text that our optical-character-recognition ("OCR") worker extracts from each upload, used to ground chat responses in the page you are reading.
• Your chat conversations with the assistant: the prompts you send, the streamed responses you receive, any image attachments captured from your current reader viewport, and the titles you assign to chats.

2.3 Billing information

• Your Stripe customer identifier, subscription identifier, plan, status, current period end, cancellation flag, and trial-used flag.
• A token-usage ledger recording, for each chat exchange, the number of input and output tokens, the underlying model used, and a pointer back to the chat message that consumed them. We use this ledger to enforce per-plan rate and volume quotas and to support billing analytics.
• We do not store your card number, CVV, or any other payment-card data. Payment data is collected directly by Stripe under their privacy policy. We only ever see your Stripe customer identifier.

2.4 Technical information

• The IP address, user-agent string, and timestamps of your requests, used for abuse prevention, rate limiting, and security investigations. These appear in server logs.
• Authenticated session cookies (see our Cookie Policy for the complete list).
• If you accept analytics cookies, a randomly-generated PostHog "distinct id" and session identifier; PostHog also records its standard properties (page URL, referrer, viewport, device class, web vitals) and, where session replay is enabled, a masked screen recording of your interactions. Sensitive inputs (passwords, email fields, anything inside our [data-ph-mask] attribute) are masked at the source before upload.
• If something goes wrong on our backend or in your browser, our error-monitoring provider captures the exception, a stack trace, the URL, your IP, and limited request metadata. We strip request and response bodies before upload to avoid leaking your content.

3. How we use your information

We use your information for the purposes below. Under the EU GDPR and the UK GDPR, each purpose has a corresponding lawful basis (Article 6).

• To provide the Service — create your account, store and OCR your uploads, run your chats, persist conversation history. Lawful basis: performance of a contract with you (Art. 6(1)(b)).
• To bill you and manage your subscription — create a Stripe customer, record your plan and status, enforce quotas, issue invoices. Lawful basis: contract (Art. 6(1)(b)); compliance with tax and accounting obligations (Art. 6(1)(c)).
• To keep the Service secure — rate-limit abusive traffic, block bots, detect credential stuffing, investigate incidents. Lawful basis: our legitimate interest in operating a secure service (Art. 6(1)(f)).
• To send service emails (when enabled). As email-driven features such as account verification, password reset, and billing receipts roll out, we will use them to send the related transactional messages and important security notices. Lawful basis: contract (Art. 6(1)(b)). These emails are not marketing and you cannot unsubscribe from them while your account is active.
• To measure how the Service is used — aggregate analytics on signup conversion, feature adoption, and performance. Lawful basis: your consent (Art. 6(1)(a)), which you can withdraw at any time via the cookie settings link in our footer.
• To improve the Service — debug errors using captured stack traces, review aggregated usage. Lawful basis: legitimate interests (Art. 6(1)(f)).

We do not use your uploads or chat content to train any machine-learning model, ours or anyone else's.

4. AI processing

When you send a chat message, we forward the message, the relevant excerpt of your book's OCR'd text, and any attached image to Google's Gemini API to generate a response. Google processes this content under its own terms and privacy policy as our processor; per its current Gemini API additional terms, paid-tier content is not used to train Google's models. The streamed response is sent back to your browser and persisted with your chat history.

5. Who we share information with

We share your information only with the processors below, and only to the extent each needs to perform the function listed.

Google (Gemini API)

Generating chat responses from your prompt, book excerpt, and viewport image.

Google (OAuth)

"Sign in with Google" authentication, when you choose it.

Stripe

Subscription billing, checkout, customer portal, webhook delivery.

Object storage provider (S3-compatible)

Storing the files you upload.

Cloudflare

Turnstile bot-mitigation challenge on signup, login, and other write endpoints.

PostHog (PostHog Inc., EU region)

Product analytics and session replay — only after you accept analytics cookies.

Processors we may use as features roll out

The processors below are not yet integrated. We expect to engage them as the related features ship; we will update this policy and the effective date above before any user data flows to them.

Sentry

When enabled, error monitoring for backend, frontend, and worker exceptions.

Resend

When enabled, sending transactional email (such as verification, password reset, and billing receipts) as those features go live.

We may also disclose information when required by law, to enforce our Terms of Service, or in connection with a merger or asset sale. We will tell you about a material change in control before your data is transferred.

6. International transfers

Some of our processors are based in the United States or operate globally. Where we transfer personal data of users in the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (and, where applicable, the UK International Data Transfer Addendum) plus supplementary measures appropriate to the transfer. You can request the relevant clauses from us using the contact below.

7. How long we keep information

• Account, books, chats: for as long as your account is active.
• Server logs: 30 days, then deleted.
• Billing records: at least the period required by applicable tax and accounting law (typically 7 years), even after you close your account.
• Backups: rolling encrypted backups are retained for up to 35 days after the originating record was deleted.
• After you delete your account: we delete or anonymise your account, books, OCR text, chat history, and stored files within 30 days, except where we are required to retain billing records (see above) or limited information for security and abuse-prevention purposes.

8. Your rights

If you are in the EEA, the UK, or Switzerland, you have the right under the GDPR / UK GDPR to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete your data ("right to erasure");
• restrict or object to certain processing;
• port your data to another service in a structured, machine-readable format;
• withdraw consent at any time where processing is based on consent;
• lodge a complaint with your supervisory authority.

If you are a California resident, you have rights under the CCPA / CPRA to know, delete, correct, and (where applicable) opt out of "sale" or "sharing" of your personal information. We do not sell personal information and do not "share" it for cross-context behavioural advertising as those terms are defined under California law.

You can exercise most rights directly from your account settings: download your data, update your profile, and delete your account. For other requests, write to us using the address in section 12. We will respond within the time required by applicable law (one month for GDPR requests, 45 days for CCPA requests, extendable where permitted).

9. Children

Jalees is not directed to children. We do not knowingly collect personal information from anyone under 16 (or under 13, where that lower threshold applies). If you believe a child has provided us with personal information, contact us and we will delete it.

10. Security

We protect your account with industry-standard measures: TLS in transit, encrypted storage at rest, Argon2id password hashing, short-lived access tokens, rotation of long-lived refresh tokens, and audit logging of authentication events. No system is perfectly secure, and we cannot guarantee absolute security — if you believe your account has been compromised, change your password and contact us immediately.

11. Changes to this policy

We will update this policy from time to time. When we make a material change, we will update the effective date above and, where the change is significant, notify you by email or via an in-app banner. Continued use of the Service after a change takes effect means you accept the updated policy.

12. Contact

For privacy questions, requests, or complaints, write to privacy@jalees.io.