Jarvis Icon

Jarvis AI — Privacy Policy

Effective Date: September 25, 2025

An image representing data privacy and security.

Jarvis AI (the “Service”) is provided by 1001245164 Ontario Inc. (“Company,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use Jarvis AI, including features for task management, reminders, optional email access, and meeting recording/summarization.

If you do not agree with this Policy, please do not use the Service. By using the Service, you acknowledge you have read and understood this Policy.

1. Scope

This Policy applies to personal information we process about:

  • Individuals who use the Service (account holders and end users);
  • Individuals whose information may appear in user content (e.g., emails, meeting transcripts, tasks, contacts);
  • Website visitors and beta testers.

This Policy does not apply to processing we carry out on behalf of enterprise customers as a processor under a separate agreement (see Section 15 and the DPA).

2. Summary (Quick Read)

  • We collect information you provide (account details, tasks, reminders, emails you connect, meeting recordings) and information created or inferred by the Service (summaries, action items, insights).
  • Email and meeting features are opt-in and scoped; you can disconnect at any time.
  • We use trusted service providers (e.g., cloud hosting, AI model providers) under contract. We don’t sell personal information.
  • You have choices: access/correction, deletion, export, and opt-outs. Regional rights (GDPR/UK GDPR, CPRA, PIPEDA, etc.) also apply.
  • Security, minimization, and retention controls are in place. See Sections 10–12.

3. Information We Collect

We may collect the following types of information:

  • Account & Profile: name, email, phone (optional), photo (optional), role, organization, password or SSO identifiers.
  • Tasks & Reminders: task titles/descriptions, due dates, assignees, labels, notification preferences.
  • Content You Upload or Connect: documents, files, contacts, calendars; third-party integrations you authorize (e.g., Google, Microsoft).
  • Support & Feedback: messages, survey responses, bug reports.
  • Optional Email Access (If Enabled): headers, bodies (sender/recipient, subject, timestamp, body, attachments) for summarization, categorization, drafting, search; derived data (summaries, classifications, action items, sentiment, entities).
  • Optional Meeting Recording & Summarization (If Enabled): audio/video recordings, real-time or post-meeting transcripts, participants (names, emails, calendar metadata, invitations/RSVPs), derived data (summaries, highlights, tasks, minutes).
  • Automatically Collected: usage logs, app interactions, crash diagnostics, device type, OS, app version, cookies/similar tech (web).
  • From Third Parties: integrations you authorize (calendars, contacts, email, cloud drives); enterprise admins (user provisioning, role/permissions, audit data).

4. How We Use Information

We use personal information to:

  • Provide, maintain, and improve the Service (core app functions; reminders; task execution; search; summarization).
  • Operate optional features you enable (email parsing/drafting; meeting recording/transcription; integrations).
  • Personalize the experience (preferences, suggestions, ranking, and intelligent features).
  • Communicate with you (service updates, security notices, support).
  • Ensure security, prevent abuse/fraud, debug, and comply with legal obligations.
  • Research and develop new features and models.
  • Support business operations (billing, accounting, audits).

Automated Decision-Making: Jarvis AI may generate suggested actions or prioritization. These do not produce legal or similarly significant effects without human review.

No Sale: We do not sell personal information. We also do not use personal information for cross-context behavioral advertising.

5. Legal Bases (EEA/UK/CH)

Where GDPR/UK GDPR applies, our processing bases include:

  • Contract: to deliver the Service you requested.
  • Consent: for optional email access, meeting recording, certain analytics/marketing cookies.
  • Legitimate Interests: to secure and improve the Service, prevent abuse, and support internal operations (balanced against your rights).
  • Legal Obligation: to meet compliance and record-keeping duties.

6. Sharing & Disclosure

We share personal information only as described:

  • Service Providers / Sub-processors: cloud hosting, storage, AI model providers, analytics, communications, and customer support. Providers act under contracts requiring confidentiality, security, and limited use.
  • Enterprise Customers (Admin Access): if your account is managed by your organization, administrators may access/monitor data per their policies.
  • Integration Partners: when you connect third-party services, data flows per your configuration and the partner’s terms.
  • Legal/Compliance: to comply with law, valid legal process, or to protect rights, safety, or the integrity of the Service.
  • Business Transfers: as part of a merger, acquisition, or asset sale, subject to this Policy and applicable law.

We do not share personal information with advertisers for cross-context behavioral ads.

7. International Transfers

We may transfer, store, and process information outside your country (e.g., Canada, U.S., EEA, UK). We implement appropriate safeguards (e.g., SCCs, UK Addendum/IDTA, adequacy decisions) and technical measures (encryption, access controls). Details available on request.

8. Your Choices & Controls

  • Permissions: You can enable/disable email access, meeting recording, calendar/contacts, and file integrations at any time.
  • Gmail/Google Workspace Revocation: visit Google Account → Security → Third-party access to remove Jarvis AI’s access.
  • Microsoft 365 Revocation: visit Microsoft Entra (Azure AD) → App permissions.
  • Recording Notices: obtain participant consent where required; many platforms allow announcing recordings automatically.
  • Notifications & Marketing Emails: opt out via in-app settings or unsubscribe links.
  • Data Access, Portability, Correction, Deletion: request via Section 16.
  • Model Training Controls: where applicable, opt out of allowing your content to be used for model training/improvement (we default to opt-out for enterprise unless the customer opts in).

9. Cookies & Analytics (Web)

We use necessary cookies for core functionality and, with consent where required, analytics cookies to understand usage. You can control cookies via your browser settings. Blocking some cookies may impact the Service.

10. Security

We employ administrative, technical, and physical safeguards, including encryption in transit and at rest, least-privilege access, logging, and vulnerability management. No system is 100% secure; report incidents to security@jarvisai.one.

11. Data Retention

We retain personal information only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You can delete content or your account, after which we will delete or de-identify data within a reasonable period, except where retention is legally required or permitted.

12. Children’s Privacy

The Service is not intended for children under 13 (or the age required by your region). We do not knowingly collect personal information from children. If you believe a child has provided information, contact us to delete it.

13. Third-Party Services

Your use of third-party services (email, calendar, storage, conferencing) is governed by their terms and privacy policies. We are not responsible for their practices. Review and manage permissions in each service.

14. Meeting Recording & Transcription

You are responsible for ensuring lawful recording and participant notices/consents. Where required (e.g., all-party consent jurisdictions), obtain explicit consent before recording. Jarvis AI can display a recording indicator and insert a consent notice in calendar invites where supported.

15. Enterprise & Controller/Processor Roles

For individual users, we act as an independent controller of your data. For enterprise customers, we act as a processor/service provider with respect to Customer Data, processing under the Data Processing Addendum (DPA) and the customer’s instructions. Admins may control retention, access, and integrations.

16. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access/know what personal information we process;
  • Correct inaccurate information;
  • Delete information;
  • Receive a portable copy of certain information;
  • Object to or restrict certain processing;
  • Withdraw consent at any time (without affecting prior processing);
  • Appeal certain decisions (US state laws);
  • Lodge a complaint with a supervisory authority.

How to Exercise: Email privacy@jarvisai.one or use in-app controls. We may verify your identity and respond within required timelines. Authorized agent requests are honored as required by law.

California (CPRA): We do not sell or share personal information for cross-context behavioral advertising. We may disclose limited identifiers to service providers for business purposes.

Canada (PIPEDA): You may request access and correction; we process data in/outside Canada using contractual and technical safeguards.

17. Model Providers & AI Processing

To deliver AI features, we may use third-party model providers and our own models. Providers act under confidentiality and security obligations. We apply minimization (only the data needed for the feature), encryption, and access controls. Unless you (or your enterprise) opt in, user content is not used to train foundation models.

18. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via the Service or email. Continued use after the effective date means you accept the updated Policy.

19. Contact Us

If you have questions about this Privacy Policy, please contact:

Appendix A – Sub-processors (Overview)

  • Cloud infrastructure & storage
  • AI model providers
  • Email/calendar integration providers
  • Analytics & crash reporting
  • Customer support and ticketing

(Full, current list available at: [URL to sub-processor list].)

Appendix B – Data Retention by Feature (Examples)

  • Tasks/reminders: active + 24 months (or admin-configured)
  • Email summaries/drafts: 30–90 days (configurable), or on deletion of source email
  • Meeting recordings/transcripts: default 90 days (configurable); summaries persist until deleted
  • Logs/diagnostics: 30–180 days

Appendix C – Region-Specific Notices

  • EEA/UK/CH: Controller = [Company Legal Name], Legal bases in Section 5; transfers under SCCs/UK Addendum.
  • California: No sale/sharing; rights under CPRA; categories and purposes align with Sections 3–4 & 6.
  • Canada: Contact our Privacy Officer at privacy@jarvisai.one for access/correction inquiries.

Tip for Users

You can disconnect integrations anytime: Settings → Integrations.