Jarvis SDK is operated by AffixedAI LLC. This policy describes how we collect, use, and protect your data.
1. Information We Collect
We collect information you provide directly: account registration data (email, name), API keys, module configurations, and payment information processed through Stripe.
We automatically collect: API request logs (endpoint, timestamp, response code, latency), execution telemetry (module name, action, duration — not input/output data), and standard web analytics (IP address, browser type, referrer).
2. How We Use Your Data
We use your data to: operate and improve the Jarvis SDK platform, process billing and payments, provide customer support, generate anonymized aggregate analytics for the Intelligence API, enforce rate limits and prevent abuse, and send service-related communications.
We do NOT: sell your personal data, read or store your module execution input/output payloads (these are processed in-memory and discarded), or share identifiable data with third parties for advertising.
3. Intelligence API & Telemetry
The Intelligence API aggregates anonymized telemetry across all tenants. This includes: module usage counts, failure rates, average latency, and configuration patterns. All data is aggregated — no individual tenant's data is identifiable in Intelligence API responses.
Business and Enterprise plans can opt out of telemetry contribution while still accessing aggregate insights.
4. Data Storage & Security
Data is stored in Supabase (PostgreSQL) with row-level security policies. All API communication uses TLS 1.3. API keys are hashed before storage. Stripe handles all payment card data — we never see or store card numbers.
We implement industry-standard security measures including rate limiting, SSRF protection, input validation, and audit logging.
5. Third-Party Services
We use: Stripe (payments), Supabase (database), Vercel (hosting), and OpenAI (for AI-powered modules, only when you explicitly execute an AI module). Each service has its own privacy policy.
Connected accounts (GitHub, Slack, etc.) are authorized via OAuth2. We store only the access token and basic profile info. You can revoke access at any time from the Connections dashboard.
6. Data Retention
Account data is retained while your account is active. Execution logs are retained for 90 days. Billing records are retained for 7 years per legal requirements. You can request account deletion by contacting support@jarvissdk.com.
7. Your Rights
You have the right to: access your personal data, correct inaccurate data, delete your account and associated data, export your data, and opt out of non-essential telemetry.
To exercise these rights, email privacy@jarvissdk.com or use the Settings page in the dashboard.
8. Contact
For privacy questions or concerns: privacy@jarvissdk.com
AffixedAI LLC, United States.