Privacy Policy

Last updated: May 7, 2026

This Privacy Policy describes how hellojade.ai ("hellojade", "we", "us", or "our") collects, uses, shares, and protects information about you when you visit our website at hellojade.ai, use our applications, or otherwise interact with us (collectively, the "Services").

By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.

1. Information we collect

1.1 Information you provide

Account & profile data: name, email address, profile photo, password (stored salted and hashed), and any optional bio you supply.
Authentication data: when you sign in with a third-party identity provider (e.g., Meta/Facebook Login, Google, Apple), we receive a unique identifier and the basic profile fields you authorize that provider to share.
Communications: messages you send to us through support channels, surveys, or feedback forms.
Payment information (where applicable): billing name, address, and partial card details. Full card numbers are processed by our payment processor and never stored on our servers.

1.2 Information collected automatically

Device & technical data: IP address, browser type and version, operating system, device identifiers, screen size, timezone, language preference.
Usage data: pages viewed, links clicked, referring URLs, timestamps, and similar interaction data.
Cookies and similar technologies: see Section 6.

1.3 Information from third parties

Identity providers (Meta/Facebook, Google, Apple, etc.): when you link a third-party account we receive the identifiers and profile fields permitted by the provider and authorized by you.
Analytics & advertising partners: aggregated metrics about how users interact with our marketing.

2. How we use information

Provide, maintain, secure, and improve the Services.
Authenticate users and prevent fraud, abuse, and unauthorized access.
Personalize content and remember your preferences.
Communicate with you about the Services, security alerts, and changes to terms or policies.
Send marketing or promotional messages where permitted by law (see Section 3).
Comply with legal obligations and enforce our terms.

3. Marketing communications

We may send marketing emails, push notifications, or in-product messages about new features, content, or offers. Where required by law (e.g., the EU/UK), we send marketing only with your prior opt-in consent. You can opt out at any time by:

Clicking the "Unsubscribe" link at the bottom of any marketing email.
Adjusting notification preferences in your account settings.
Emailing us at the address in Section 12.

Opting out of marketing does not affect transactional or service messages necessary to operate your account (e.g., security alerts, password resets, billing notices).

4. Meta / Facebook Platform terms

If you sign in with Meta/Facebook or otherwise connect a Meta product to hellojade, the following additional terms apply.

We request only the permissions strictly necessary for the feature you are using and follow Meta's Platform Terms and Developer Policies.
We do not sell or license data obtained from Meta to data brokers, ad networks, or any third party.
We do not use Meta data for purposes outside the experience you signed up for, including building user profiles for advertising not related to our Services.
You can revoke our access at any time in your Meta account under Settings & Privacy → Settings → Apps and Websites.
When you revoke access or request deletion, we delete the Meta-sourced data associated with your account within thirty (30) days, except where retention is required by law.
Data deletion requests can be sent to privacy@hellojade.ai; we will reply with a confirmation code and a status link, as required by Meta's Data Deletion Callback specification.

5. How we share information

We share information only as described below; we do not sell personal information.

Service providers: hosting, database, monitoring, analytics, email delivery, customer support, and payment processing vendors who act on our instructions under written contracts that restrict their use of the data.
Identity providers: limited identifiers exchanged with Meta/Facebook, Google, and similar providers solely to authenticate you.
Aggregated or de-identified data: information that no longer identifies you, shared for analytics, research, or product improvement.
Legal & safety: when we have a good-faith belief that disclosure is required to comply with law, valid legal process, or to protect rights, property, or safety.
Corporate transactions: in connection with a merger, acquisition, financing, or sale of assets, with notice to affected users.

6. Cookies, analytics, and tracking

We and our service providers use cookies, local storage, pixels, and similar technologies. Categories include:

Strictly necessary: session, authentication, security, fraud prevention. Cannot be disabled.
Functional: remembers preferences (language, theme, recent items).
Analytics: aggregate usage measurement (e.g., page views, error rates).
Marketing: measurement of advertising performance, including the Meta Pixel where enabled. We honor your "Do Not Track" or Global Privacy Control signal where legally required.

You can manage cookies in your browser settings. Disabling some cookies may impair Service functionality.

7. Data retention

Account data: until account deletion, plus up to 30 days for backup expiration.
Server logs: up to 90 days.
Billing records: as long as required by tax and accounting law (typically 7 years).

8. Your rights and choices

Access, correct, or update the personal information we hold about you.
Delete your account and associated personal data.
Object to or restrict certain processing.
Receive a portable copy of data you provided to us.
Withdraw consent where processing is based on consent.
Opt out of the "sale" or "sharing" of personal information (CCPA/CPRA). We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.
Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@hellojade.ai.

9. Security

We use industry-standard technical and organizational safeguards — including encryption in transit (TLS), encryption at rest, role-based access control, audit logging, and regular security review — to protect your information. No system is 100% secure; if you believe your account has been compromised, contact us immediately.

10. International transfers

We operate primarily on Google Cloud infrastructure and may transfer or process information in countries other than your own. Where required, we rely on legally recognized transfer mechanisms (e.g., Standard Contractual Clauses, the EU-US Data Privacy Framework) to protect your information.

11. Children

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction) and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Contact us

hellojade.ai
Email: privacy@hellojade.ai
Data deletion: privacy@hellojade.ai

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated through the Services or by email. The "Last updated" date at the top reflects the most recent revision. Continued use of the Services after a revised Policy takes effect constitutes acceptance of the updated terms.