Privacy Policy

Privacy Policy

Last updated: November 21, 2025

1. Introduction

At J2TEAM Security, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Premium Dashboard and browser extension.

We are a privacy-first service. We believe in minimal data collection and maximum user control. This policy outlines our practices in detail.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (from Google authentication)
  • Name (if provided by Google)
  • Google provider user ID

2.2 Subscription Information

For Premium subscriptions, we store:

  • Subscription status and billing period
  • Payment provider customer ID (processed securely by Polar)
  • Subscription metadata (no payment card details are stored)

2.3 Usage Statistics

We collect minimal anonymous usage statistics to improve our service:

  • Which features are used (anonymized)
  • General usage patterns (no personal data)

We do NOT collect: Your Facebook content, passwords, personal messages, friend lists, or any sensitive personal information.

2.4 Browser Extension Data

The browser extension operates locally in your browser. Data processed by the extension (such as friend lists, groups, pages) remains on your device and is not transmitted to our servers unless you explicitly use Premium Dashboard features that require synchronization.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service
  • Process your Premium subscription
  • Send you important updates about the Service
  • Respond to your support requests
  • Improve and optimize the Service based on anonymous usage patterns
  • Ensure security and prevent fraud

4. AI Features and API Keys (BYOK)

When you use AI Post Evaluation with Bring Your Own Key (BYOK):

  • Your OpenAI API key is stored locally in your browser only
  • API keys are never transmitted to our servers
  • AI evaluation requests are sent directly from your browser to OpenAI
  • We do not have access to your API key or the content of your AI requests

You are responsible for managing your API key security and any costs incurred through OpenAI usage.

5. Data Storage and Security

5.1 Data Storage

Your account data is stored securely using Supabase, a trusted cloud database provider. We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS)
  • Row-level security policies
  • Secure authentication via Google OAuth
  • Regular security audits

5.2 Payment Information

Payment processing is handled entirely by Polar, a PCI-compliant payment processor. We never store your payment card details on our servers. Polar securely processes all payment transactions.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our Service (e.g., Supabase for database, Polar for payments)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)

7. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your account information
  • Deletion: Request deletion of your account and data
  • Export: Export your data in a machine-readable format
  • Opt-out: Disable certain data collection features where available

To exercise these rights, please contact us through your account settings or support channels.

8. Cookies and Tracking

We use minimal first-party cookies for essential functionality:

  • Session cookies for authentication
  • Preference cookies for user settings

We do not use third-party tracking cookies or advertising trackers. We do not participate in data broker networks.

9. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. Data Retention

We retain your account information for as long as your account is active. If you cancel your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Historical subscription data is retained for 90 days after cancellation for support purposes, after which only anonymized records may be kept.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through the support channels available in your account settings.

14. Compliance

We are committed to complying with applicable data protection laws, including GDPR, CCPA, and other regional privacy regulations. If you are located in the European Economic Area (EEA) or California, you have additional rights under GDPR and CCPA respectively.