Privacy Policy

What we collect

• Phone number: we need this to receive your texts and verify it's you
• Text messages: the content you text us becomes your blog posts
• Media files: photos/videos you send via mms
• Basic account info: your blog slug (jot.blog/yourname), email if you provide one
• Usage data: when you post, edit, or delete stuff (so we can show you a timeline)
• Payment info: handled by stripe. we don't see your credit card number

What we don't collect

• We don't track you across other websites
• We don't read your texts except to publish them to your blog
• We don't use cookies for advertising (only for keeping you logged in)
• We don't require personal info beyond what's necessary

How we use your data

• To run your blog: obviously. your texts become posts.
• To improve the service: aggregate analytics (like "how many posts per day on average") but never individual tracking
• To communicate with you: service updates, billing stuff, replies if you text us questions
• Legal requirements: if we're legally required to hand over data (hasn't happened yet, hope it never does)

Who sees your data

Your published posts: anyone with the link to your blog can read them (unless you make it private). that's the point of a blog.

Your phone number & private info: only us. we never share, sell, or rent it. ever.

Third parties we use:

• Telnyx: receives your text messages and passes them to us
• Stripe: processes payments
• AWS: hosts your blog and stores your data
• Cloudflare: CDN for fast loading

These services have their own privacy policies. We picked them because they're reputable and don't do shady stuff.

AI & Training Data

We do NOT use your content to train ai models. We're not OpenAI. We're not building "the next big llm." Your writing is yours. Period.

Data Retention

• Active accounts: we keep your data as long as your account is active
• Deleted posts: gone immediately (no "recycle bin" for 30 days nonsense)
• Cancelled accounts: we keep your blog live for 30 days in case you change your mind, then delete everything
• Backups: we keep encrypted backups for 90 days in case of catastrophic failure, then they're purged

Your Rights

• Access: log in to see all your data. it's right there.
• Export: download everything as json or markdown anytime
• Delete: nuke your account and we'll delete everything within 30 days
• Correct: edit any post or account info yourself
• Port: take your data anywhere (we don't lock you in)

Cecurity

We encrypt your data in transit (tls) and at rest (aes-256). Your phone number is hashed. Passwords (if you set one for your dashboard) are hashed with high cost factor.

But let's be real: no system is 100% secure. If there's a breach, we'll tell you immediately. No "we'll investigate for 6 months" corporate bullshit.

International users

Our servers are in the US. If you're in the EU, your data is still processed here bc that's where twilio's sms infrastructure is. we're gdpr-compliant where applicable. if you have concerns, email us.

Children

You need to be 13+ to use jot (coppa compliance). We don't knowingly collect data from kids. If you're a parent and think your kid signed up, email us and we'll delete it immediately.

Changes to this policy

If we change this policy, we'll update the date at the top and text you (or email you if you provided one). No sneaky "we updated our terms, good luck finding what changed" nonsense.