Legal
Privacy Policy
Effective July 3, 2026 · Version 2.0
1. Who we are and our role
Jaina is operated by Jaina, LLC. This policy explains what we collect, why, and the choices you have. It covers account data, the information we hold about you as our customer (your email, authentication, billing, and usage). For that data, we are the controller.
Regarding the content you create and store in the Service ("Your Content"), our Terms and Acceptable Use Policy prohibit you from storing personal data about your end users or any other third party. Because of that, Jaina is not a repository for personal data and does not act as a data processor of third-party personal data on your behalf. You may include incidental personal data about yourself and your own team (for example, author bylines you publish).
2. What we collect
- Account data: your email address and authentication details. If you sign in with Google or GitHub, we receive your basic profile and email from that provider.
- Billing data: subscription status and the customer/payment identifiers handled by Stripe. We never receive or store full card numbers.
- Your Content: the schemas, records, files, and configuration you create in the Service (which, per our Terms, must not contain third-party personal data).
- Usage data: cookieless analytics, server-side product events (for example, which onboarding steps you complete), and server logs used to operate and secure the Service.
3. How we use it and our legal bases
We use your data to provide and maintain the Service, authenticate you, process payments, communicate with you about your account, and keep the Service secure. Under the GDPR, our legal bases are:
| Purpose | Legal basis |
|---|---|
| Providing and maintaining the Service, your account, and billing | Performance of a contract |
| Securing the Service, preventing fraud and abuse, and cookieless analytics | Legitimate interests |
| Sending marketing or newsletter email | Consent (which you can withdraw at any time) |
We do not sell or share your personal information, we do not use it for cross-context behavioral advertising, and we do not use Your Content to train machine-learning models.
4. Cookies and analytics
We use only two kinds of cookies: those strictly necessary to keep you signed in, and one short-lived functional cookie (jaina_signup_plan, about 30 minutes) that remembers a plan you selected before signing up. Our analytics are cookieless and do not track you across other sites, and we use no third-party advertising or tracking cookies. Because we set no consent-requiring cookies, we do not show a cookie-consent banner; if that ever changes, we will. See our cookies & tracking page for the full list.
5. AI tools and third-party access (MCP)
Jaina can act as an authorization provider so you can connect AI assistants and other tools to your data through the Model Context Protocol (MCP). When you connect such a tool, you are shown a consent screen and grant it scoped access to your projects on your behalf. You choose whether to connect a tool, and you can review or revoke these grants at any time from your settings. We do not grant third parties access to your data except through a connection you authorize.
6. Service providers
We rely on the following service providers to operate Jaina. Each processes account data only as needed to provide their service to us:
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, and file storage | United States |
| Stripe | Payment processing and subscription billing | United States |
| Vercel | Application hosting and cookieless analytics | United States |
| Resend | Transactional and newsletter email delivery | United States |
Google and GitHub act as identity providers only when you choose to sign in with them. See our full service providers page for each provider's purpose, region, and Data Processing Addendum.
7. International data transfers
Jaina and its service providers are based in the United States, so your data is processed there. Where data is transferred from the EU/UK, our providers rely on recognized transfer mechanisms such as the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses.
8. Retention
We keep your account data for as long as your account is active. When you close your account or ask us to delete your data, we delete or anonymize it within a reasonable period, except where we must retain certain records (for example, billing and tax records) to meet legal or accounting obligations. Operational logs are kept only as long as needed to run and secure the Service.
9. Your rights and choices
You can access, export, and delete Your Content at any time using the Service's export, code generation, and CLI tools. For your personal data, depending on where you live you may have rights to access, correct, delete, or port it, or to object to or restrict certain processing. To exercise any of these rights, contact us using the details below; we respond within the timeframes the law requires (generally 30 days under the GDPR and 45 days under the CCPA). You can correct basic account information yourself in your profile settings, and you can unsubscribe from marketing email at any time using the link in those messages.
California residents: we do not sell or share your personal information, so no "Do Not Sell or Share My Personal Information" action is needed. You have the right to know, delete, and correct your personal information, and we will not discriminate against you for exercising these rights.
10. Security
We use tenant isolation, encrypted transport, and access controls to protect your data. No system is perfectly secure, but we work to follow industry-standard practices and to close gaps promptly.
11. Children
The Service is a developer tool intended for business and professional use and is not directed to children. Our Terms require account holders to be at least 16 years old. If we learn that we hold personal data from a child in violation of this policy, we will delete it.
12. Changes
We may update this policy as the Service evolves. Each version shows its version number and effective date at the top of this page. Material changes will be posted here with an updated effective date.
13. Contact
Questions or privacy requests? Reach us through our contact page or at jaina.appdev@gmail.com. See also our Terms of Service.
