Last updated: July 6, 2023
This Privacy Notice is provided by JOT AI Limited, a private limited liability company with registered office at 70 Sir John Rogerson's Quay, Dublin 2, Ireland, registered with the Company Registration Office under company number 739333 (‘JOT’, ‘we’, ‘our’, ‘us’).
JOT operates an online application that helps its users and permits them, through proprietary voice and speech recognition technology, to create, store, and share to-do lists and notes, with other users, via a messaging system internal to the application.
In the context of our activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.
2. We know your privacy is important to you
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.
3. Whose personal data do we collect?
In the context of our activities, we may collect personal data relating to the users of our App and third parties to the extent that their personal data is entered into the app by users of our App.
4. How do we collect personal data relating to you?
We may collect information about you directly from you when you use our App (i.e., creation of a user account, connection to and browsing on the App, interactions, storages, communications of all types carried out on or via the App).
We may also collect information about you from other users when they share with you content generated on the App.
5. What type of personal data do we collect?
We may collect and process the following personal data about you:
E-mail addresses collected on our website. If you would like to join the beta version of our App and test the App before its official launch, you can provide us with your e-mail address on our website in the Request Invite section.
User Profile information: username and photo. In order to use the App, you must beforehand create a user account by providing a username and profile picture of your choice. Your username does not have to be your real name: it can be your first name, nickname, alias, pseudonym, or however you wish to be identified on the App. Next to your name, you can choose to have a profile picture, which other users will see along with your name. Having a profile picture on the App is optional. You can modify your username and modify or remove your profile picture at any time in the App’s settings.
User Identification information: first name, last name, and e-mail address. When creating a user account, you may choose to use a third-party account (e.g., Google, Apple) to authenticate and we may collect the data shared by this third-party account.
Voice Recordings: the App is activated by voice commands. We do not collect or store your voice messages recorded via the App unless you confirm that the voice recording technology did not perform the action requested.
User Generated Content: when you use the App, you may generate content such as text notes, lists, images, and other documents which may contain personal data. Your content is stored in a secure database operated by a third-party service provider, in an encrypted form to prevent us and third parties from reading them. Your content travels straight from your device to the database.
Log Information: IP address, date and time of connection. When you use the App, we may collect and store information in server logs, such as internal protocol (IP) addresses and the date and time of connection, clickstream data.
User Support and Communication information: you may sometimes send us information or bug reports about the App via e-mail or telephone which may contain personal data. This information may include your e-mail address, first name, last name, phone number.
6. For what purposes do we use your personal data and on which legal ground(s) do we process your data?
We use your personal data for the following purposes, and we rely on the following legal grounds:
Applicable legal grounds
To join the beta version of our App
Your e-mail address is processed to allow you to preview the App by joining the beta version of our App.
You will get invited to join the beta App by e-mail.
The processing of your e-mail address for this purpose is temporary until the release of the App.
Necessary for contract, i.e., to provide our services.
Until beta finishes
Creating a user account
Your User Profile, information, and/or User Identification information is processed to create your user account and enable you to use the App.
You may change your User Profile information (username and photo) at any time under the App’s settings.
Necessary for contract, i.e to provide our services
Retained for as long as you maintain a user account with us and for 6 months thereafter.
Providing voice-based correction services, improving the speech recognition process and the understanding of the natural language
We will only collect your Voice Recordings in situations where the voice recording technology did not perform the requested action.
If the voice recording technology does not perform the action requested, you will be asked if you consent to your Voice Recordings being collected and stored by us in order to provide voice-based correction services.
Whenever a technical problem with voice recording is detected or reported, you will be asked whether you consent to the processing of your personal data by way of a pop-up window with a checkbox to collect your consent.
You have the right to withdraw your consent at any time. You may do so by either removing the consent in the App’s settings or rejecting the data collection for failed voice commands.
Enabling you to use our services
The User Generated Content in messages/chat is encrypted to enable you to use the App, e.g., to save, store, and share your text messages. The User Generated Content in cards, lists & notes are stored in our databases.
Necessary for contract, i.e., to provide our services.
Retained for as long as you maintain a user account with us . Chat history is end to end encrypted.
The user context (text-based) in lists, messages, and notes will be used to enhance the user-generated content with Open AI Suggestions. The AI-generated text will be stored only when the user taps or requests suggestions.
We need your consent to get new AI text suggestions. Only by tapping the "suggest" icon will you be able to share data with open AI. We also leverage similar capability for card creation and block creation.
Needed for enriching user content with AI suggestions.
Providing user support
In order to process a request for support submitted by you, we may process your personal data.
Necessary for contract.
7. With whom do we share your personal data?
In the context of the purposes as listed above, we may share your personal data with third parties, such as:
Framer – e-mail addresses and only necessary cookies collected on the website for joining the beta version of the App
TestFlight – e-mail addresses collected on the website for joining the beta version of the App
Auth0 – user authentication provider
Apple, Google – third-party identity providers
Cloudflare – DNS
Linode – cloud hosting
Grafana Cloud – logs
TelemetryDesk – metrics
Personio - Applicant Tracking System as part of our careers page
OpenAI - AI suggestions in notes, lists & messages. For details visit https://openai.com/policies/terms-of-use
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal of such consent.
8. International Transfers
We will, from time to time, send personal data to recipients based in countries located outside of the European Economic Area (“EEA”). As certain countries are not within the EEA, this may mean that such countries are not deemed to provide an adequate level of protection for personal information. To ensure that personal data receives an adequate level of protection we will put in place for any international transfers appropriate measures, as provided for under data protection laws, in order to ensure that personal data is treated by those third parties in a way that is consistent with and which respects EU data protection laws.
In particular, the Company will transfer the categories of personal data outlined above to the United States based upon the standard contractual clauses published by the EU Commission on 4 June 2021 under Article 46 of the GDPR for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the GDPR) to controllers or processors established outside the EU/EEA. For a copy of this document, please contact us at the email address provided below.
9. How long do we store your data?
Your data will only be stored for as long as necessary for the purposes we process them (refer to the purposes listed above in paragraph 6). Only where we are legally obliged to, or where this is necessary for defending our interests in judicial proceedings (e.g., in case of a dispute), we will store personal data for more extended periods.
After you request to delete your user account, all your data will be deleted within one month unless it is required by law.
We will retain and securely destroy personal data in accordance with applicable laws and regulations, which are reflected in our internal record retention policy. For further information on the length of time in which we may retain personal data, please contact us using the details contained below in the ‘Contact' section below.
10. How do we protect your personal data?
We will implement the necessary administrative, technical, and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed.
More specifically, we encrypt user generated data that is shared with us, we explicitly do not store any personal information on our databases with exception of the User Profile information which is stored on our server in an encrypted form.
11. What are your rights and how you can exercise them?
You have the right to:
information about and access to your personal data;
rectify your personal data;
erasure of your personal data (‘right to be forgotten’);
restriction of processing of your personal data;
object to the processing of your personal data;
receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization (right to data portability).
Finally, you have the right to lodge a complaint with the Irish Data Protection Commission, or any other competent national data protection authority, relating to the processing of your personal data by us. The Data Protection Commission's contact details are as follows:
Telephone: 1890 252 231
Email: [email protected]
Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.