Privacy Policy
This Privacy Policy explains what data Jandex (the "Service") collects, how it is used, and the rights you have over it. By using the Service, you agree to the collection and use of information in accordance with this policy.
We collect the data you give us (account info), the data your ESP (such as Klaviyo or Omnisend) returns to us when you connect it (campaign and flow metrics, the content of your campaigns and flows, audience data, revenue data), and standard technical data (logs, IP, browser). We use that data only to operate the Service. We do not sell it. We share it only with the limited service providers required to run Jandex.
01 Who we are
Jandex is operated as a sole proprietorship by an individual based in Mexico, Pampanga, Philippines. References to "Jandex," "we," "us," and "our" refer to this operator. For privacy questions, contact hello@jandex.io.
02 What we collect
| Category | What it includes |
|---|---|
| Account data | Name, email address, agency or company name, password (hashed), and authentication tokens. |
| ESP data | Access tokens to the email service provider you connect (e.g., Klaviyo or Omnisend). Most of Jandex is read-only, but some tools you explicitly enable — such as list cleaning — can take actions in your ESP on your behalf (for example, suppressing unengaged profiles). Through this connection we retrieve campaign and flow performance; the content of your own campaigns and flows, including subject lines and email and SMS message bodies; segment and audience metrics; revenue figures; and subscriber-level engagement and order events that we use to compute analytics such as lifetime value, email frequency, and time-to-first-purchase. To power AI features that analyze creative, we may also generate and store screenshots of your campaign and flow emails. We do not access your subscribers' personal email accounts or inboxes, we do not use your subscribers' data to contact them, and we keep the personal identifiers we store to what is needed to compute these metrics. |
| Usage data | How you interact with the Service: pages visited, features used, queries asked of the AI assistants, and timestamps. Used to improve product quality. |
| Technical data | IP address, browser type, device type, operating system, referrer URL, and standard server logs. |
| Billing data | If and when you become a paying customer, billing is handled by Lemon Squeezy (lemonsqueezy.com), which acts as our Merchant of Record. We receive only the limited information Lemon Squeezy returns to us (subscription status, plan, transaction IDs). Payment-card details are never seen or stored by Jandex. |
| Communications | Any emails or messages you send us, including support requests and feedback. |
03 How we use it
We use the data we collect for the following purposes:
- To provide, operate, and maintain the Service.
- To process the data your ESP returns and present analytics and AI-generated insights based on it.
- To pass relevant subsets of your data to AI model providers in order to generate insights, summaries, and recommendations within the Service.
- To communicate with you about your account, support requests, security notices, and material updates to the Service.
- To diagnose technical issues, prevent fraud, and ensure security.
- To improve the Service through aggregated and anonymized analysis of usage patterns.
04 AI processing
The Service uses third-party AI models (including models provided by Anthropic and other providers) to power its AI assistants and to generate analyses, summaries, and recommendations. When you interact with the AI assistants or run an AI-powered feature, relevant subsets of your account data — and, where you use features that analyze creative, screenshots of your campaign or flow emails — are transmitted to these providers together with your query in order to generate a response. We use AI providers that offer business-grade APIs with no-training-on-customer-data commitments wherever possible. We do not transmit your raw subscriber lists or your subscribers' email addresses to AI providers.
05 Who we share with
We do not sell your data. We do not rent or trade your data. We share data only with the following limited categories of service providers, and only to the extent necessary to operate the Service:
- Hosting & infrastructure (Supabase) — to host the application, database, and authentication, and to store your data securely.
- AI model providers (including Anthropic) — to process queries and generate insights, as described in Section 04.
- Payment processor (Lemon Squeezy) — our Merchant of Record, to handle billing if and when you become a paying customer.
- Analytics & error monitoring — to diagnose performance issues and bugs.
- Email service — to send transactional emails (account confirmations, password resets, billing notices).
- Legal & regulatory authorities — when required by law, court order, or to protect our rights or the safety of others.
06 Data retention
We retain your data for as long as your account is active. If you delete your account, we delete your account data and disconnect your ESP integration within 30 days, except where retention is required for legal, accounting, or fraud-prevention purposes. Aggregated and anonymized data may be retained indefinitely.
07 Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten").
- Export your data in a portable format.
- Object to or restrict certain types of processing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, email hello@jandex.io. We will respond within 30 days.
08 Security
Keeping your data safe is a priority. We follow industry-standard security practices, including encryption in transit (HTTPS) and at rest, strict access controls, hardened infrastructure from our hosting provider, and regular security review. Your ESP connection uses an access token you can revoke at any time, and your payment-card details are handled entirely by our payment provider — Jandex never sees or stores them.
No online service can promise perfect security, but we treat your data with care and work continually to protect it. In the unlikely event of a security incident affecting your information, we will notify you promptly and take the steps required by law.
09 International data transfers
Jandex is operated from the Philippines, but our service providers (hosting, AI, email, etc.) may be located in the United States, the European Union, or other jurisdictions. By using the Service, you consent to your data being transferred to and processed in countries other than your own. Where required, we use standard contractual clauses or equivalent safeguards.
10 Children
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided personal data to us, please contact us and we will take steps to delete it.
11 Cookies and tracking
The Service uses essential cookies and similar browser local storage to keep you logged in and to remember your preferences. We may also use limited analytics to understand usage patterns. We do not use third-party advertising cookies. You can control cookies through your browser settings.
12 Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will post the updated policy at this URL and update the "Last updated" date at the top. Material changes will be communicated by email to active users.
13 Contact
Privacy questions? Email hello@jandex.io.