Data, privacy, and exports
Three questions about your data, answered up front:
- Where does it live? On a server only you have administrative access to.
- What can you do with it? Anything. Export, edit, delete, copy. It’s yours.
- What do we (Jootle) do with it? Nothing without your permission. We support and update the platform; we don’t read your data.
This chapter is the long version.
Where your data lives
Section titled “Where your data lives”A Jootle instance is a dedicated virtual server in our cloud provider. Your data lives in that server’s PostgreSQL database and on its filesystem.
- The database has your conversations, projects, lists, artifacts, contacts, knowledge graph, and operational metadata.
- The filesystem has uploaded files, generated artifacts, and any cached intermediate data.
That server is provisioned for you alone. It is not shared with other Jootle customers. If you have a Business or Enterprise plan, the server can also be placed in a specific geographic region for compliance reasons.
Who has access
Section titled “Who has access”In normal operation: only you (and any users you’ve added).
Jootle’s operational team has SSH access to your server for support and updates. We do not log in to read your data; we log in to maintain the server. The SSH access is logged and auditable.
If you do not want operational SSH access at all (some enterprise customers don’t), we can configure your instance to require explicit consent before any operational session, on a per-incident basis. This is a Business / Enterprise feature.
Exporting your data
Section titled “Exporting your data”From Settings → Data → Export, you can request a full export.
The export includes:
- All your conversations (in structured JSON).
- All your projects, programs, tasks, lists, artifacts, contacts (in JSON, plus any uploaded files).
- Your knowledge graph (as a JSON graph, with all entities and relationships).
- Configuration: settings, channels (without secrets), connected integrations (without secrets), playbooks, goals.
The export does NOT include:
- API keys or credentials. Those are excluded for safety; you’d re-paste them if you imported into another system.
- Conversation embeddings (they’re regenerable from the conversations).
- Internal operational metadata (logs, indices) that wouldn’t make sense outside the original instance.
An export takes a few minutes to generate for a typical instance. You get a download link that’s valid for 7 days. The file is a .zip containing JSON files plus an attachments/ directory for uploaded files.
Deleting specific data
Section titled “Deleting specific data”From conversation, you can delete:
- A specific memory. “Forget that I said X.” Removes from the knowledge graph.
- A specific artifact. “Delete that draft.” Removes the artifact (and its version history).
- A specific message. “Delete this conversation thread.” Removes the conversations and their indexing.
These are scoped, irreversible operations.
Deleting everything
Section titled “Deleting everything”From Settings → Data → Delete instance data, you can wipe your instance’s data while keeping the instance running. This:
- Deletes all conversations, projects, lists, artifacts, contacts, knowledge graph entries.
- Resets the instance to “just provisioned” state.
- Keeps your settings, connected integrations (without credentials), and toolkits installed.
This is for “I want to start fresh” rather than “I want to leave Jootle”. If you want both, also delete the instance (Billing and plans).
Wipes are irreversible. We do a 7-day soft-delete (the data is recoverable from backup within that window if you change your mind), but after 7 days it’s gone.
What Jootle (the company) does not do
Section titled “What Jootle (the company) does not do”To be explicit:
- We do not train AI models on your data.
- We do not sell, share, or sublicense your data to anyone.
- We do not read your conversations, knowledge graph, or files except as needed to investigate a specific support issue you’ve reported.
- We do not aggregate your data with other customers’ data for any reason.
This is in our terms of service in legalese. The plain version is the bullet list above.
What AI providers do with your data
Section titled “What AI providers do with your data”When your assistant runs a query, the prompt goes to whichever AI provider is handling that query (Anthropic, OpenAI, Google, DeepSeek, etc., per your routing).
Each provider has their own data policy. The shape that matters for you:
- Anthropic (Claude): Does not train on customer data via the API. Standard.
- OpenAI: Does not train on API requests by default. (Does train on consumer chat product data, which isn’t relevant for Jootle’s API access.)
- Google (Gemini): Does not train on API data by default.
- DeepSeek: Check their terms; policies vary by region.
If a specific provider’s policy is a concern, you can route around it (see AI providers and routing).
Logs and observability
Section titled “Logs and observability”For operational support, we collect:
- Aggregate platform health (CPU, memory, disk usage on your server).
- Error logs (anonymized stack traces, not request content).
- Service uptime and availability data.
We do not log:
- The content of your conversations or prompts.
- The content of your artifacts, lists, projects, etc.
- The content of attachments or integrations.
If a specific support issue requires accessing logs that include content, we’d ask you first.
Compliance posture
Section titled “Compliance posture”Default Jootle is appropriate for personal and small-business use without specific compliance regulations.
For regulated industries:
- HIPAA. Available on the Business plan as an add-on. Requires a Business Associate Agreement (BAA) and configuration of your instance to the compliant posture. Talk to us.
- SOC 2. We have a SOC 2 Type 2 attestation. Audit report available for customers under NDA.
- GDPR. EU-based customers can have their instance hosted in an EU region. We honor data subject rights (access, deletion, portability) as outlined in the GDPR.
- CCPA. California-resident customers’ rights apply. The flows in this chapter (export, deletion) are the primary mechanisms.
Specific compliance certifications and attestations are listed at jootle.com/security (or coming there soon if not yet listed).
Data residency
Section titled “Data residency”Your instance lives in a specific geographic region of our cloud provider. By default, this is chosen for proximity to most of our customers (US-central at the time of writing).
For data residency requirements (EU, UK, specific compliance regimes), we can place your instance in a region of your choice. This is a Business/Enterprise feature.
Switching regions after the fact is possible but involves provisioning a new instance and migrating data. Plan accordingly.
Where to learn more
Section titled “Where to learn more”- The full Privacy Policy is the legal version of what’s in this chapter.
- The Terms of Service covers the broader contract.
- Security details are at jootle.com/security.
If you have a specific question this chapter doesn’t answer, support@jootle.com is the place. We answer privacy questions seriously and quickly.