Effective 2026-05-09 · Jootle LLC, a Texas limited liability company. This policy describes how we handle personal information for visitors to jootle.com, customers of the Jootle platform, and end-users of customer instances.
“Jootle,” “we,” “us” = Jootle LLC, a Texas LLC headquartered in Texas, USA. For privacy questions, requests, or to exercise any right described below: privacy@jootle.com. For EU/UK customers we don’t presently maintain a designated representative under GDPR Art. 27 because we don’t target the EEA at scale; if that changes we’ll appoint one and update this page.
Jootle’s architecture matters for compliance. We act as a data controller for a narrow set of information about you, our customer: name, email, billing address, payment method (held by Stripe, not us), instance metadata, and the aggregate health pings your instance sends back. We act as a data processorfor everything inside your instance: conversations, knowledge graph, files, project data, agent prompts and outputs, third-party credentials you’ve added. That data lives only on your dedicated VPS; we have administrative access for the purpose of running the platform but we don’t ingest, copy, train on, or read it.
When you use Jootle as a business and your end-users interact with your instance, you are the controller for your end-users’ personal information; we are your processor under Art. 28 GDPR. A Data Processing Agreement is available on request.
Account & billing data (controller): name, email, billing address, country, plan tier, subscription status, instance slug, instance region. Payment-card data is collected and held by Stripe, Inc. under their PCI-DSS-compliant flow; we receive only a token, the last four digits, and the card brand.
Health telemetry (controller): your instance pings the control plane with uptime status, schema version, application version, and basic resource counters (number of projects, tasks, sites). No content of any kind is included.
Website usage (controller): standard server logs (IP, user-agent, referer, path) retained for 30 days for security/abuse purposes. We don’t use third-party analytics that profile visitors. If we add a privacy-respecting analytics provider in the future, this section will say so.
Support correspondence (controller): emails you send us, retained as long as needed to handle the request and for a reasonable period afterward.
Customer-instance data (processor): whatever you and your end-users put into your instance. We do not enumerate it because it lives on your server.
Performance of contract (Art. 6(1)(b)): account, billing, instance metadata, support. Necessary to deliver the service you bought.
Legitimate interests (Art. 6(1)(f)): health telemetry (keeping your instance up), security logs (preventing abuse). We balance these against your privacy and have determined the impact is minimal because the data is non-content and short-lived.
Legal obligation (Art. 6(1)(c)): tax records, fraud prevention, compliance with lawful requests.
Consent (Art. 6(1)(a)): for the limited cases where we ask explicitly (e.g. marketing emails, if any). Withdraw any time.
Your instance: a dedicated Linode VPS in the region you selected at signup. Backups: in the same region, on the same VPS. Control plane: Linode US (currently us-ord, Chicago). Email: a reputable transactional provider in the US. Stripe: their global infrastructure.
If you’re in the EEA, UK, or Switzerland, your account & billing data crosses to the US. We rely on the EU Standard Contractual Clauses (and the UK Addendum) with our sub-processors. You can request the SCCs and the list of sub-processors at privacy@jootle.com.
Account & billing data: for the life of your subscription plus 7 years for tax/audit purposes.
Instance data: for as long as your instance exists. Cancellation schedules deprovisioning at the end of your current billing period — your instance keeps running until then, and you can resume the cancellation any time before that date. When the period ends, the Linode VPS and its disk are destroyed. Export your data via System Settings → Backups before the period ends.
Health telemetry: 90 days, then aggregated (no per-instance attribution beyond that).
Server logs: 30 days.
Support correspondence: 3 years from last contact.
Wherever you are in the world, you can exercise these rights against the data we hold as controller:
Right of access. Get a copy of what we have on you.
Right to correct. Fix anything that’s wrong.
Right to delete. Have it removed, subject to our legal obligation to keep some records.
Right to data portability. Receive your data in a machine-readable format. For your instance data this is built into the product (System Settings → Backups produces standard PostgreSQL dumps). For your account/billing data, email us.
Right to object / restrict processing. Tell us to stop using your data for any legitimate-interest purpose. We will, unless we have an overriding legal basis.
Right to opt out of sale or sharing of personal information (CCPA/CPRA, Virginia, Colorado, Connecticut, Utah, and similar US state laws): we don’t sell or share for cross-context behavioral advertising, and we never have. There is therefore nothing to opt out of, but if that ever changes we will provide a “Do Not Sell or Share My Personal Information” link before doing so.
Right to withdraw consent. For anything we’re processing on a consent basis.
Right to lodge a complaint. With your local supervisory authority (in the EEA), the ICO (in the UK), the California Attorney General (in California), or the Texas Attorney General.
To exercise any of these rights, email privacy@jootle.com. We respond within 30 days (often faster). We may verify your identity using the email on file. There’s no fee.
We use a small number of vendors to deliver the service. Current list, by purpose:
Linode (Akamai): VPS hosting for your instance and ours.
Stripe, Inc.: payment processing.
Anthropic, OpenAI, Google, Groq, etc.: AI models, but only when your instance calls them with your credentials. We don’t intermediate.
A transactional email provider: for system emails (welcome, password reset, billing receipts).
Updated list available at privacy@jootle.com. We notify customers of new sub-processors with at least 30 days’ notice.
Jootle is not directed to children under 13 (or 16 in some EEA member states). We don’t knowingly collect their personal information. If you believe we have, contact us and we’ll delete it.
TLS for all traffic. Encrypted-at-rest disks. Secrets stored in a vault rather than environment variables. HMAC signature validation on inbound webhooks. Internal management traffic on a private VPC. We are a small team and our security posture is not perfect; if you find an issue, please email security@jootle.com and we’ll respond promptly.
If a breach affecting your personal information occurs and is likely to result in risk to you, we’ll notify you and the relevant supervisory authority within 72 hours, per GDPR Art. 33–34 and equivalent US state laws.
Material changes get at least 30 days’ notice by email and on this page. Non-material updates (typos, clarifications) take effect when posted; we’ll bump the version number and the “Effective” date at the top.
Jootle LLC, Texas, USA. Privacy questions and rights requests: privacy@jootle.com. Security reports: security@jootle.com. General: hello@jootle.com.